Events That's a Wrap on KubeCon 2024! Ciara Carey reflects on her experience at the KubeCon event in Paris including her top 10 talks and current industry trends.
upstream World's First Private Hex Repository with Cloudsmith Level up supply chain security and package management for your organizations Erlang and Elixir teams with Cloudsmith's Private Hex Repositories.
DevSecOps Improving Observability With Cloudsmith Logs Glimpse the golden insights Cloudsmith’s logs offer and see how easy it is to pull and analyze them like a pro.
EU Simplify CRA Compliance With Modern Tooling It's a lot easier to get + stay CRA compliant when you have robust SSCS across your pipeline. See how using Cloudsmith helps.
How to comply with the EU Cyber Resilience Act This week, the European Union (EU) reached an agreement on the EU Cyber Resilience Act (CRA) akin to GDPR for cybersecurity. Set for adoption in 2024, the CRA aims to protect consumers from insecure digital products, introducing mandatory cybersecurity measures such as vulnerability disclosure, Software Bill of Materials (SBOMs), and
What is the EU Cyber Resilience Act? EU law is changing for hardware and software makers. Here's your 2-minute summary of the Cyber Resilience Act.
opensource Secure Open Source Consumption: Level 1 of S2C2F Uncover how to reach Level 1 in S2C2F a framework for secure OSS consumption.
software artifact management Why Programmers Need a C++ Package Manager Discover the risks and drawbacks of developing and distributing software without the support of a C++ package manager.
OSS Mastering Open Source Security: Your Guide to S2C2F We explore the fundamental principles and ascending maturity levels of the Framework, providing examples of real-world threats it can effectively counter.
OSS The Dangers Lurking in Open Source Software Our 1st blog in our series on securely consuming OSS. Today, I'll give an overview of some of the most common types of attacks from consuming OSS.
Software Supply Chain Securely Connect Cloudsmith to your CI/CD using OIDC Authentication Securely connect Cloudsmith to your CI/CD with OIDC. Cloudsmith now supports OIDC natively. OIDC tokens are a more secure way to handle authentication than long-lived credentials, and they remove the need to store your credentials in your CI/CD platform.
CI/CD Recap: 2022 State of DevOps Webinar State of DevOps moderator Ciara Carey recaps the Dec 15 session.
Deploy Software Could 2023 be the year of memory safety? We can completely eliminate software vulnerabilities caused by memory corruption by moving software away from C and C++. The National Security Agency (NSA) is urging developers to shift to memory safe languages – such as C#, Go, Java, Ruby, Rust, and Swift. Could 2023 be the year of memory safety?
Cloudsmith How to Manage Your Package Promotion Workflows with Cloudsmith Package promotion workflows are a great way to isolate and protect production repositories away from public upstreams, so they only receive clear and vetted packages.
Who What Where and Why of Commercial Open Source [Session Recap] Why do companies use commercial OSS instead of hosting it themselves? Lætitia Avrot, Field CTO at EDB and David Tuite Founder of Roadie talk about SLAs, security, maintenance, proprietary features, conferences and contributing to the open source ecosystem.
Events The EU Efforts To Secure Open Source Software [On-demand Session] Watch this session from Open Source Summit Dublin to learn more about the European Union's response to the ever-changing open source security landscape.
Events SBOMs: The New Standard in Supply Chain Security [On-demand Session] Watch this session from DevOps Con NYC to learn about this emerging standard, how it can improve the security of your supply chain, open source tools to help you generate and analyze SBOMs and the future of SBOMs.
Security How to Manage Your Vulnerability Workflows with Cloudsmith Scan your packages for vulnerabilities and never miss new vulnerabilities as they get discovered. Create actionable workflows by quarantining packages over defined vulnerability levels
Security Cloudsmith Supports OpenSSF's Efforts to Secure OSS As part of our mission to make it simple to secure software at scale through Continuous Packaging, Cloudsmith is proud to be an Open Source Security Foundation (OpenSSF) member.
Develop Software 10 ways to make your software pipeline more observable Ciara lists 10 ways to make your software pipelines more transparent and observable to gain insights, identify unusual behavior and possibly prevent a software supply chain attack.
Security How to Analyze an SBOM Ciara discusses how to analyze SBOMs for vulnerabilities using Open Source tools, and how Cloudsmith can take actions like quarantining your images if it contains vulnerabilities above a certain level.
Security How to Generate and Host an SBOM Ciara details how and when to generate an SBOM with the help of open-source tooling. Learn how to host SBoMs, as well as other SBOM considerations.
Webinar The Future is Cloud-native & Your Organization Should Be Too | Conf42 Cloud-Native Keynote [On-demand Session] In 2022, your entire tech stack is likely in the cloud - so why aren’t your software packages? Watch Ciara Carey's Conf42 Cloud-Native Keynote to explore why enterprises are going cloud-native.
Deploy Software Cloud-Native Package Management for the Banking Industry Technology-forward banks are embracing cloud-native tools in favour of on-premise tools. We explore why banks are moving to the cloud and what package management should look like in finance & banking.
Security Efforts to Secure OSS fired up after Log4Shell OSS is here to stay, and securing open-source supply chains is more important than ever. Learn about the critical security threats in OSS, and the current efforts to secure and build trust in OSS.