Integrations Integrating Dependabot with Cloudsmith Using OIDC This guide will walk you through configuring GitHub Dependabot to authenticate with Cloudsmith using OIDC.
Integrations Featured GitOps Pipelines with Codefresh and Cloudsmith Integrating Cloudsmith, a cloud-native artifact management platform, with Codefresh enhances your CI/CD workflows in several significant ways. Read this blog to learn more about this powerful combination, and its automation of artifact handling and simplification of deployments!
Cloudsmith How to Manage Your Package Promotion Workflows with Cloudsmith Package promotion workflows are a great way to isolate and protect production repositories away from public upstreams, so they only receive clear and vetted packages.
Level up your private npm registries in Deno with Cloudsmith We’re excited to announce that Deno, the modern JavaScript and TypeScript runtime, now supports private npm registries. You can now leverage Cloudsmith to securely host and share your npm modules directly within your Deno projects.
Reflecting on ShipItCon 2024: High-performing teams need flow ShipItCon, one of Europe’s most vibrant indie tech conferences, just wrapped up in Dublin last week. It brought together software engineers and technologists to tackle a central theme - Flow.
Using Cloudsmith as a Dependency Firewall Cloudsmith does more than store and manage artifacts. It protects them, too. In this article, we explain how you can prevent software supply chain threats by using our platform as a vital isolation layer between your binaries and risks in public open source repositories.
Security Fortify Dependency Management With Cloudsmith + Dependabot Protect ALL of your packages and deliver consistent builds by combining Dependabot's automated dependency updates with Cloudsmith's package centralization, upstream capabilities, and security controls.
Security Implementing Zero Trust Security With Cloudsmith in 5 Steps Learn how to strengthen and maintain your Zero Trust security posture, improve compliance, and reduce risk with Cloudsmith's armory of access, pipeline, publishing, and monitoring controls.
Featured Enhance Security with Chainguard and Cloudsmith At Cloudsmith, we are excited to announce our support for the Chainguard Registry as an upstream source. By consolidating all your artifacts, packages, and now Chainguard Images into Cloudsmith, your organization can: * Reduce risk of attack with no/low vulnerability base images provided by Chainguard. * Effortlessly deploy and distribute your
Zero Trust Pipelines with OIDC, Cloudsmith, and GitHub Actions In CI/CD workflows, leaked credentials pose a significant threat, potentially leading to unauthorized access, data breaches, and system compromises, ultimately disrupting development pipelines and undermining the integrity of software deployment processes.
6 Must-See DevOps Talks at PlatformCon 2024 Ciara’s sifted through over 130 talks from next month's PlatformCon to shortlist the DevOps pick of the litter for you.
"My CI/CD Platform was Breached!" Now What? On January 4, 2023, CircleCI warned its customers to rotate “any and all secrets” after a compromise by an unauthorized third party.
Events That's a Wrap on KubeCon 2024! Ciara Carey reflects on her experience at the KubeCon event in Paris including her top 10 talks and current industry trends.
upstream World's First Private Hex Repository with Cloudsmith Level up supply chain security and package management for your organizations Erlang and Elixir teams with Cloudsmith's Private Hex Repositories.
DevSecOps Improving Observability With Cloudsmith Logs Glimpse the golden insights Cloudsmith’s logs offer and see how easy it is to pull and analyze them like a pro.
EU Simplify CRA Compliance With Modern Tooling It's a lot easier to get + stay CRA compliant when you have robust SSCS across your pipeline. See how using Cloudsmith helps.
How to comply with the EU Cyber Resilience Act This week, the European Union (EU) reached an agreement on the EU Cyber Resilience Act (CRA) akin to GDPR for cybersecurity. Set for adoption in 2024, the CRA aims to protect consumers from insecure digital products, introducing mandatory cybersecurity measures such as vulnerability disclosure, Software Bill of Materials (SBOMs), and
What is the EU Cyber Resilience Act? EU law is changing for hardware and software makers. Here's your 2-minute summary of the Cyber Resilience Act.
opensource Secure Open Source Consumption: Level 1 of S2C2F Uncover how to reach Level 1 in S2C2F a framework for secure OSS consumption.
software artifact management Why Programmers Need a C++ Package Manager Discover the risks and drawbacks of developing and distributing software without the support of a C++ package manager.
OSS Mastering Open Source Security: Your Guide to S2C2F We explore the fundamental principles and ascending maturity levels of the Framework, providing examples of real-world threats it can effectively counter.
OSS The Dangers Lurking in Open Source Software Our 1st blog in our series on securely consuming OSS. Today, I'll give an overview of some of the most common types of attacks from consuming OSS.
Software Supply Chain Securely Connect Cloudsmith to your CI/CD using OIDC Authentication Securely connect Cloudsmith to your CI/CD with OIDC. Cloudsmith now supports OIDC natively. OIDC tokens are a more secure way to handle authentication than long-lived credentials, and they remove the need to store your credentials in your CI/CD platform.
CI/CD Recap: 2022 State of DevOps Webinar State of DevOps moderator Ciara Carey recaps the Dec 15 session.
Deploy Software Could 2023 be the year of memory safety? We can completely eliminate software vulnerabilities caused by memory corruption by moving software away from C and C++. The National Security Agency (NSA) is urging developers to shift to memory safe languages – such as C#, Go, Java, Ruby, Rust, and Swift. Could 2023 be the year of memory safety?
