Life of an Attack: From Open Source Package to SOC Alert

In this session, we walk through the life of a modern software supply chain attack, using real-world npm incidents as our guide. Starting with how malicious packages enter repositories, we’ll trace what happens as compromised dependencies move through CI/CD pipelines, land on developer machines, and ultimately trigger a SOC investigation. 

Host Kadi McKean was joined by ReversingLabs’ Erik Thoen, VP of Product Management, and Igor Lasic, VP of Engineering, to discuss how developers, AppSec, and SOC teams encountered the same attack at different stages and why shared visibility was critical to closing the gaps between them.

We explore: 

• How npm attacks unfold in the wild
• Where traditional tools help - and where they fall short
• How build systems, artifact repositories, and security teams intersect during an incident
• What open source maintainers and developers can realistically do to reduce the blast radius

Whether you build software, secure pipelines, or investigate alerts, this webinar will give you a clearer picture of how supply chain threats move - and how to stop them earlier.

Watch now!