Software packages are a popular way to distribute open source and third-party software. Unfortunately, they are also a popular target for bad actors to infiltrate the software supply chain and perform harmful actions. And unlike code weaknesses and vulnerabilities, a malicious package is almost always a direct and immediate threat.
This eBook focuses on the npm package manager for JavaScript, but the strategies and tactics described will help protect against malicious packages in other open source ecosystems as well, such as Java, Python, and .NET.
It also details several measures that development teams can take to secure their software supply chains from malicious packages, including
Download the eBook now to learn about these and other measures to protect your software development life cycle from being impacted by malicious packages, plus discover how malicious packages work and why they’re so dangerous.
Learn how organizations are approaching AI-generated code, open source risks, and more.
Download the reportProtect your software supply chain with Gartner's three-pillar approach.
Download the Gartner reportGet key considerations for success
Download the guide