Software development in the banking and finance industry can make you feel like you’re wearing chains. Regulation, compliance, upfront costs, privacy, legacy systems, fear of cyberattacks, and an “if it ain’t broke” approach can lead to a lack of innovation. Despite these challenges, some technology-forward banks like Capital One, JP Morgan Chase, HSBC, and Wells Fargo have embraced the cloud and introduced DevSecOps and cloud-friendly architectural practices.

Software programs today can be likened to a complex stew, with multiple ingredients sourced from disparate places. In software, open-source tools are a major ingredient. According to the 2020 Open Source Security and Risk Analysis (OSSRA) report produced by the Synopsys Cybersecurity Research Center, 99 percent of the codebases contain at least one open source component, with open source comprising 70 percent of the code overall.

You know you need to secure your software supply chain. Everyone’s telling you that these days - your executives, your vendors, even the United States government. Your organization has an initiative to do so, or maybe they’ve brought in an expert to help you achieve this goal. But hold on a minute - do we have a shared understanding of what a software supply chain is, and what exactly makes it secure?

We break down the NuGet ecosystem in Cloudsmith's first ever hosted webinar!

As part of our mission to make it simple to secure software at scale through Continuous Packaging, Cloudsmith is excited to announce that we have become an Open Source Security Foundation (OpenSSF) member. OpenSSF is a cross-industry forum for a collaborative effort to improve security in open source software (OSS). One software pipeline's output is another's dependency- we are all splashing around in each other's supply chains.

From the history of supply chain security threats to security development and deployment we've covered everything you’ve always wanted to know about the software supply chain but were afraid to ask. Dan Lorenc, Founder/CEO, Chainguard, Paddy Carey, Senior Staff Engineer, Cloudsmith, Adil Leghari, Solutions Architect Manager, Cloudsmith and Dan McKinney, Developer Relations, Cloudsmith, gathered for a fireside chat to cover your most burning questions.

If you’ve spent any amount of time in the.NET / Microsoft developer ecosystem, you’ve probably heard the term “NuGet” in reference to code packages, package managers, software libraries, and even software installers. Understandably, this can cause a lot of confusion around what NuGet actually is.

Your entire tech stack is likely in the Cloud - so why aren’t your software packages?

A quick walkthrough of getting set up with a private repository for Terraform Modules on Cloudsmith, including uploading and downloading modules.

Who would have thought software could rattle the White House? But a vulnerability in Log4J, a popular open source software project, exposed critical digital infrastructure to remote code execution attacks. This prompted the US Government to engage big tech, infosec professionals, and open source organizations to come together to help secure open source software.