"My CI/CD Platform was Breached!" Now What?

On January 4, 2023, CircleCI warned its customers to rotate “any and all secrets” after a compromise by an unauthorized third party.

open source

Cloudsmith ♥ OSS

CEO Glenn Weinstein highlights Cloudsmith's support of the open source community.

Events

That's a Wrap on KubeCon 2024!

Ciara Carey reflects on her experience at the KubeCon event in Paris including her top 10 talks and current industry trends.

Cloudsmith Shines Bright at Digital DNA Awards

The wins just keep coming! Today we celebrate fresh evidence of the mark we're making in the industry.

announcement Featured

Welcoming Karen Gardner as Chief Marketing Officer

Cloudsmith announces that Sonatype veteran Karen Gardner will join as Chief Marketing Officer

Caching and Upstream Proxying For CRAN's R Packages

Cloudsmith now supports upstream proxying and caching for CRAN's R packages. That means simpler, more reliable integration of third-party packages into your organization's development process. Better software, faster!

software supply chain security

Cloudsmith Achieves ISO 27001:2013 Recertification

Learn about Cloudsmith's recent ISO 27001:2013 recertification, highlighting the team's unwavering commitment to security excellence and customer trust.

Events

Cloudsmith is headed to Paris for KubeCon Europe 2024

Team Cloudsmith is headed to Paris March 19 - 22, 2024 for KubeCon / CloudNativeCon Europe.

ceo Featured

A CEO’s Reflections: 6 Months In

Sharing what I've learned as Cloudsmith's CEO, and how our customers use cloud-native artifact management to build with confidence.

6 Essential Features for Your Next Artifact Manager

Add these must-haves to your selection matrix to find an artifact management tool that will transform your DevOps and software delivery.

upstream

World's First Private Hex Repository with Cloudsmith

Level up supply chain security and package management for your organizations Erlang and Elixir teams with Cloudsmith's Private Hex Repositories.

Software Supply Chain

How to Audit Your Software Supply Chain Security

Digital threats are part of the development landscape, so how should you audit your software supply chain security to ensure you protect your pipeline? This blog will take you through the threats that are lurking and the steps you can follow to guard against them.

Cloudsmith

Cloudsmith Navigator: The Trusted Guide to OSS Package Quality

Cloudsmith Navigator: a free tool designed to help software engineering teams select the best OSS packages for their projects.

DevSecOps

Improving Observability With Cloudsmith Logs

Glimpse the golden insights Cloudsmith’s logs offer and see how easy it is to pull and analyze them like a pro.

announcement

Coming Soon: Cloudsmith Migration Toolkit

One of our core motivations in building Cloudsmith is to make software developers' lives easier.  We want Cloudsmith to be one of those great products that feels intuitive and automates everything. As we’re picking up more and larger customers, we’re seeing an increased need for migration tools.

Security Featured

Take control of user management with Cloudsmith's new SCIM capabilities

Cloudsmith announces expanded support for System for Cross-domain Identity Management (SCIM) for user management and enhanced software supply chain security

Featured

How Cloudsmith Helped Protect the Software Supply Chain in 2023

As the "new guy" here at Cloudsmith (I was named CEO in August), I'm learning more every day about how customers use us to protect their software supply chains. We're doing everything we can to give you a single source of truth for every

EU

Simplify CRA Compliance With Modern Tooling

It's a lot easier to get + stay CRA compliant when you have robust SSCS across your pipeline. See how using Cloudsmith helps.

How to comply with the EU Cyber Resilience Act

This week, the European Union (EU) reached an agreement on the EU Cyber Resilience Act (CRA) akin to GDPR for cybersecurity.  Set for adoption in 2024, the CRA aims to protect consumers from insecure digital products, introducing mandatory cybersecurity measures such as vulnerability disclosure, Software Bill of Materials (SBOMs), and

What is the EU Cyber Resilience Act?

EU law is changing for hardware and software makers. Here's your 2-minute summary of the Cyber Resilience Act.

funding Featured

You Took HOW Much Money?!?

This week, we announced that Cloudsmith has taken an impressive $11M in additional funding, hot on the heels of our $15M Series A two years ago. That's not just serious cash for a startup; it's a game-changer! The natural questions are: why did we take it,

opensource

Secure Open Source Consumption: Level 1 of S2C2F

Uncover how to reach Level 1 in S2C2F a framework for secure OSS consumption.

software artifact management

Why Programmers Need a C++ Package Manager

Discover the risks and drawbacks of developing and distributing software without the support of a C++ package manager.

OSS

Mastering Open Source Security: Your Guide to S2C2F

We explore the fundamental principles and ascending maturity levels of the Framework, providing examples of real-world threats it can effectively counter.

OSS

The Dangers Lurking in Open Source Software

Our 1st blog in our series on securely consuming OSS. Today, I'll give an overview of some of the most common types of attacks from consuming OSS.