Security - Cloudsmith

Security

A collection of 29 posts

Native Signing Support In Cloudsmith Extended To Docker, NuGet, And Swift

Native Signing Support In Cloudsmith Extended To Docker, NuGet, And Swift

Signing Artifacts to Prevent Artifact Poisoning Breaches in software artifact integrity can have severe consequences. Bad actors poison artifacts by injecting malicious code into software packages, libraries, or container images, tricking developers and users into downloading compromised artifacts. These attacks can lead to data breaches, system takeovers, and widespread supply

Fortify Dependency Management With Cloudsmith + Dependabot

Protect ALL of your packages and deliver consistent builds by combining Dependabot's automated dependency updates with Cloudsmith's package centralization, upstream capabilities, and security controls.

Implementing Zero Trust Security With Cloudsmith in 5 Steps

Learn how to strengthen and maintain your Zero Trust security posture, improve compliance, and reduce risk with Cloudsmith's armory of access, pipeline, publishing, and monitoring controls.

How to Audit Your Software Supply Chain Security

Software Supply Chain

How to Audit Your Software Supply Chain Security

Digital threats are part of the development landscape, so how should you audit your software supply chain security to ensure you protect your pipeline? This blog will take you through the threats that are lurking and the steps you can follow to guard against them.

Take control of user management with Cloudsmith's new SCIM capabilities

Security Featured

Take control of user management with Cloudsmith's new SCIM capabilities

Cloudsmith announces expanded support for System for Cross-domain Identity Management (SCIM) for user management and enhanced software supply chain security

Cloudsmith's Enhanced Security with Policy Management

Cloudsmith's Enhanced Security with Policy Management

Learn all about how Cloudsmith ensures robust cloud-native software artifact management, emphasizing authentication, license compliance, and vulnerability mitigation, all while maintaining a holistic approach to security.

How Do Mature DevOps Teams Manage Software Security? [On-demand Session]

How Do Mature DevOps Teams Manage Software Security? [On-demand Session]

We’ve assembled a panel of experts from the mature DevOps teams of Puppet and Shopify to answer some of your biggest software security questions.

The EU Efforts To Secure Open Source Software [On-demand Session]

The EU Efforts To Secure Open Source Software [On-demand Session]

Watch this session from Open Source Summit Dublin to learn more about the European Union's response to the ever-changing open source security landscape.

SBOMs: The New Standard in Supply Chain Security [On-demand Session]

SBOMs: The New Standard in Supply Chain Security [On-demand Session]

Watch this session from DevOps Con NYC to learn about this emerging standard, how it can improve the security of your supply chain, open source tools to help you generate and analyze SBOMs and the future of SBOMs.

How to Manage Your Vulnerability Workflows with Cloudsmith

How to Manage Your Vulnerability Workflows with Cloudsmith

Scan your packages for vulnerabilities and never miss new vulnerabilities as they get discovered. Create actionable workflows by quarantining packages over defined vulnerability levels

Cloudsmith is an Open Source Security Foundation (OpenSSF) member!

Cloudsmith Supports OpenSSF's Efforts to Secure OSS

As part of our mission to make it simple to secure software at scale through Continuous Packaging, Cloudsmith is proud to be an Open Source Security Foundation (OpenSSF) member.

10 ways to make your software pipeline more observable

Develop Software

10 ways to make your software pipeline more observable

Ciara lists 10 ways to make your software pipelines more transparent and observable to gain insights, identify unusual behavior and possibly prevent a software supply chain attack.

how to analyze sboms

How to Analyze an SBOM

Ciara discusses how to analyze SBOMs for vulnerabilities using Open Source tools, and how Cloudsmith can take actions like quarantining your images if it contains vulnerabilities above a certain level.

How to generate and host SBOMs

How to Generate and Host an SBOM

Ciara details how and when to generate an SBOM with the help of open-source tooling. Learn how to host SBoMs, as well as other SBOM considerations.

Software package management for the banking and finance industry

Deploy Software

Cloud-Native Package Management for the Banking Industry

Technology-forward banks are embracing cloud-native tools in favour of on-premise tools. We explore why banks are moving to the cloud and what package management should look like in finance & banking.

Cloudsmith's software bill of materials (SBOM) designed as a soup!

Understanding and Implementing a Software Bill of Materials

Although the concept of an SBOM is not new, it has recently come into prominence due to several key events. We delve into what SBOMs are, why organisations need SBOMs, benefits of SBOMs and more.

Securing OSS after Log4shell

Efforts to Secure OSS fired up after Log4Shell

OSS is here to stay, and securing open-source supply chains is more important than ever. Learn about the critical security threats in OSS, and the current efforts to secure and build trust in OSS.

Log4shell explained

All About Log4j/Log4Shell + Mitigation (CVE-2021-44228 and Beyond)

This article discusses the background, impact, identification, and mitigation of Log4Shell vulnerability, one of the worst vulnerabilities to arise in the past decade.

th3_GR1NCH who wanted to steal Christmas

th3_GR1NCH who wanted to steal Christmas

Happy Packaging! This holiday season we've a couple of fun short stories to share with you!

Cloudsmith is officially ISO27001:2013 certified

Cloudsmith is ISO27001:2013 Certified

Cloudsmith is certified under the Information Security Management Systems standard ISO 27001:2013, the global standard for IT security management policies.

CVE-2021-44228 (log4shell / log4j)

Cloudsmith Not Impacted By CVE-2021-44228 (log4shell / log4j)

Following a security audit, we confirm that CVE-2021-44228 does not impact the Cloudsmith service.

Securing End to End Software Delivery With Cloudsmith & Buildkite [On-demand Session]

Securing End to End Software Delivery With Cloudsmith & Buildkite [On-demand Session]

Join our webinar with Buildkite as we explore Buildkite's integration and delivery for a true continuous software pipeline in the cloud.

Cloudsmith joins NICyber Security Cluster

Cloudsmith joins NICyber Security Cluster

Cloudsmith was accepted to The Northern Ireland Cyber Security Cluster - companies developing world-leading cybersecurity technologies.

Target, Track and Trace your Vulnerabilities

Target, Track and Trace your Vulnerabilities

Scan your packages for vulnerabilities at will. Find out how to get continuous coverage, and never miss new vulnerabilities as they get discovered.

Dependency Confusion Attacks

Dependency Confusion Attacks

A new class of software supply chain attack shows that a lot of organizations are vulnerable to the injection of malicious code into their build processes. Are you one of them?