GitGuardian invites you to their event
About this event
In April, three major supply chain campaigns hit npm, PyPI, and Docker Hub in just 48 hours, and while the ecosystems were different, the objective was the same: steal credentials from developer environments and CI/CD pipelines. The malware targeted API keys, cloud credentials, SSH keys, GitHub tokens, npm tokens, environment variables, and more, turning developer machines and build systems into high-value credential vaults for attackers.
Join Guillaume Valadon from GitGuardian and Jenn Gile, co-founder of OpenSourceMalware, for a timely conversation on how modern software supply chain attacks are evolving, why developer environments are now prime targets, and what security teams can do to reduce exposure before the next malicious package, compromised CLI, or poisoned dependency update lands in their pipeline.
We’ll unpack recent incidents including the Checkmarx KICS compromise, the CanisterSprawl npm worm, the xinference PyPI attack, and the @bitwarden/cli compromise, where attackers used techniques like install-time credential theft, GitHub as command-and-control, Cloudflare exfiltration domains, and automated dependency update paths to reach sensitive environments.
What you’ll learn
Why attend
These attacks are not isolated events. They show a clear shift: attackers know that the fastest path into your organization is often through the credentials sitting in developer environments, CI/CD pipelines, and automation workflows.
On May 7, we’ll bring together GitGuardian’s secrets security perspective and Jenn Gile’s open-source malware expertise to explain what happened, what it signals, and how teams can prepare for what comes next.
GitGuardian leads the way in Non-Human Identity security, offering end-to-end solutions from secrets detection in code, productivity tools and environments to strong remediation, observability and proactive prevention of leaks.
