Security

A collection of 28 posts

Security

Fortify Dependency Management With Cloudsmith + Dependabot

Protect ALL of your packages and deliver consistent builds by combining Dependabot's automated dependency updates with Cloudsmith's package centralization, upstream capabilities, and security controls.

Security

Implementing Zero Trust Security With Cloudsmith in 5 Steps

Learn how to strengthen and maintain your Zero Trust security posture, improve compliance, and reduce risk with Cloudsmith's armory of access, pipeline, publishing, and monitoring controls.

Software Supply Chain

How to Audit Your Software Supply Chain Security

Digital threats are part of the development landscape, so how should you audit your software supply chain security to ensure you protect your pipeline? This blog will take you through the threats that are lurking and the steps you can follow to guard against them.

Security Featured

Take control of user management with Cloudsmith's new SCIM capabilities

Cloudsmith announces expanded support for System for Cross-domain Identity Management (SCIM) for user management and enhanced software supply chain security

Cloudsmith

Cloudsmith's Enhanced Security with Policy Management

Learn all about how Cloudsmith ensures robust cloud-native software artifact management, emphasizing authentication, license compliance, and vulnerability mitigation, all while maintaining a holistic approach to security.

Webinar

How Do Mature DevOps Teams Manage Software Security? [On-demand Session]

We’ve assembled a panel of experts from the mature DevOps teams of Puppet and Shopify to answer some of your biggest software security questions.

Events

The EU Efforts To Secure Open Source Software [On-demand Session]

Watch this session from Open Source Summit Dublin to learn more about the European Union's response to the ever-changing open source security landscape.

Events

SBOMs: The New Standard in Supply Chain Security [On-demand Session]

Watch this session from DevOps Con NYC to learn about this emerging standard, how it can improve the security of your supply chain, open source tools to help you generate and analyze SBOMs and the future of SBOMs.

Security

How to Manage Your Vulnerability Workflows with Cloudsmith

Scan your packages for vulnerabilities and never miss new vulnerabilities as they get discovered. Create actionable workflows by quarantining packages over defined vulnerability levels

Security

Cloudsmith Supports OpenSSF's Efforts to Secure OSS

As part of our mission to make it simple to secure software at scale through Continuous Packaging, Cloudsmith is proud to be an Open Source Security Foundation (OpenSSF) member.

Develop Software

10 ways to make your software pipeline more observable

Ciara lists 10 ways to make your software pipelines more transparent and observable to gain insights, identify unusual behavior and possibly prevent a software supply chain attack.

Security

How to Analyze an SBOM

Ciara discusses how to analyze SBOMs for vulnerabilities using Open Source tools, and how Cloudsmith can take actions like quarantining your images if it contains vulnerabilities above a certain level.

Security

How to Generate and Host an SBOM

Ciara details how and when to generate an SBOM with the help of open-source tooling. Learn how to host SBoMs, as well as other SBOM considerations.

Deploy Software

Cloud-Native Package Management for the Banking Industry

Technology-forward banks are embracing cloud-native tools in favour of on-premise tools. We explore why banks are moving to the cloud and what package management should look like in finance & banking.

Security

Understanding and Implementing a Software Bill of Materials

Although the concept of an SBOM is not new, it has recently come into prominence due to several key events. We delve into what SBOMs are, why organisations need SBOMs, benefits of SBOMs and more.

Security

Efforts to Secure OSS fired up after Log4Shell

OSS is here to stay, and securing open-source supply chains is more important than ever. Learn about the critical security threats in OSS, and the current efforts to secure and build trust in OSS.

Security

All About Log4j/Log4Shell + Mitigation (CVE-2021-44228 and Beyond)

This article discusses the background, impact, identification, and mitigation of Log4Shell vulnerability, one of the worst vulnerabilities to arise in the past decade.

Security

th3_GR1NCH who wanted to steal Christmas

Happy Packaging! This holiday season we've a couple of fun short stories to share with you!

Security

Cloudsmith is ISO27001:2013 Certified

Cloudsmith is certified under the Information Security Management Systems standard ISO 27001:2013, the global standard for IT security management policies.

Security

Cloudsmith Not Impacted By CVE-2021-44228 (log4shell / log4j)

Following a security audit, we confirm that CVE-2021-44228 does not impact the Cloudsmith service.

Webinar

Securing End to End Software Delivery With Cloudsmith & Buildkite [On-demand Session]

Join our webinar with Buildkite as we explore Buildkite's integration and delivery for a true continuous software pipeline in the cloud.

Security

Cloudsmith joins NICyber Security Cluster

Cloudsmith was accepted to The Northern Ireland Cyber Security Cluster - companies developing world-leading cybersecurity technologies.

Security

Target, Track and Trace your Vulnerabilities

Scan your packages for vulnerabilities at will. Find out how to get continuous coverage, and never miss new vulnerabilities as they get discovered.

Security

Dependency Confusion Attacks

A new class of software supply chain attack shows that a lot of organizations are vulnerable to the injection of malicious code into their build processes. Are you one of them?

Security

SolarWinds and the Secure Software Supply Chain

Software supply chain attacks have continued since the SolarWinds breach, so what can you do about them?