Most enterprises have dozens of software development teams Best practice is to build policy checks directly into artifact management, so every package that enters your pipeline is secure, compliant, and production-ready by default. See how it works: cloudsmith.com/blog/streamlin…

Aiming to achieve SLSA Level 2? A cloud-native artifact management platform lets you enforce immutability, track artifact provenance, and control who can publish what. Read more: cloudsmith.com/blog/slsa-a-ro… #SLSA #SoftwareSupplyChain #DevSecOps

Attackers are increasingly targeting containers, artifact registries, and CI/CD pipelines, burdening DevOps orgs with more responsibility to secure build processes. In our 30-minute live webinar - State of the Union: Modern Security Approaches for the Software Supply Chain -

Scrambling to pull together chain of custody for security audits? See how Diligent transformed its secure software delivery with Cloudsmith: cloudsmith.com/customers/clou… #SoftwareSupplyChain #DevSecOps #ArtifactManagement #SBOM

Use CodeQL to detect vulnerabilities? Until recently, there was a big one hiding in plain sight. Researcher John Stawinski discovered a vulnerability (now patched) in the GitHub Action used by CodeQL. Check out the full article from DevClass here: devclass.com/2025/04/02/the…

As software supply chain threats grow, securing your CI/CD pipeline is critical. Join Esteban Garcia (Principal Engineer, Cloudsmith), Liana Ertz (Product Manager, Cloudsmith), and Jason van Zyl (Senior Engineering Manager, Chainguard) for a 30-minute session covering: ➡️

If you’re looking to reduce exposure from over-permissive roles, stale access, or shared credentials, reviewing identity and access management best practice could make all the difference. In Part 2 of our OWASP CI/CD Top 10 series, we’re looking at CICD-SEC-2: Inadequate

To help you combat the rise in seemingly harmless malicious packages, we’ve broken down some best practices in Part 3 of the Cloudsmith and OWASP CI/CD Top 10 series on Dependency Chain Abuse. Read the blog: cloudsmith.com/blog/owasp-ci-… Download the free guide:

“We wanted a product that was easy to use and hard to misuse.” 🎥 Listen to our CTO Lee Skillen discuss the mindset behind building for critical use: simple, secure, and cloud-native from day zero.

Is vibe coding more of a risk than a vibe? “Without security-aware tooling or policy enforcement, enterprises could end up unknowingly introducing vulnerabilities.” — said Nigel Douglas to The New Stack. Read more: thenewstack.io/vibing-dangero…

Look familiar? If you’d like a refresher on best practices for tackling Poisoned Pipeline Execution, we’re running through OWASP’s CI/CD Top 10 risks with advice on how to deal with these types of unauthorised executions. Check out Part 4: cloudsmith.com/blog/owasp-ci-… Download the

Happy to announce grlx is now being built and distributed with GoReleaser ! In addition to our official alpine packages, we are now offering aur packages for archlinux as an official distribution channel. .deb and .rpm packages are coming soon on Cloudsmith

QA ≠ Admin Developer ≠ Release Manager Strong Pipeline-Based Access Controls (PBAC) rely on separating duties across the pipeline: cloudsmith.com/blog/owasp-ci-… Download a full guide on OWASP’s CI/CD Top 10 risks: cloudsmith.com/campaigns/guid… #PBAC #OWASP #CI/CD

🌍 Cloudsmith is proud to sponsor PlatformCon 2025 - the worlds biggest platform engineering event! Join us for a full week of all things platform engineering—including free virtual sessions packed with insights into cloud-native artifact management at scale 🚀 Here’s what

In April, Scattered Spider cracked M&S’s systems in a massive ransomware attack. It all started with the theft of an NTDS.dit file. See Nigel Douglas’s advice for practitioners securing their CI/CD pipelines against lateral movement: cloudsmith.com/blog/owasp-ci-… Full guide:

We're thrilled to be part of PlatformCon 2025, the world’s largest platform engineering conference! This year, we're bringing two high-impact virtual talks to the stage 💥 More Than Code: How Culture Defines Platform Success Explore how team culture, not just tooling, shapes the

Is your Helm a risk? 🔍 If your business or open-source project relies on Helm charts, join Nigel Douglas, Head of Developer Relations at Cloudsmith, in a hands-on, virtual workshop during PlatformCon 2025: "What Supply Chain Risks Are Hidden in Your Helm Charts?" Join this

Are you at PlatformCon London? Join Spacelift and Cloudsmith TONIGHT at F1 Arcade London for an evening where competitive racing meets DevOps and platform engineering. Connect with peers, test your skills on full-spec racing simulators, and explore how to optimize your DevOps