Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on Continuous Integration and Development, and related technologies.

Using a Kubernetes credential provider with Cloudsmith

Jun 19, 2025 By Cloudsmith In Cloudsmith
Join Ian Duffy, Senior Site Reliability Engineer at Cloudsmith, as he discusses using credential providers in Kubernetes to securely pull images from private repositories. Credential providers are a great new feature that appeared in recent versions of Kubernetes. They allow you to pull images using a short-lived authentication token, which makes them less prone to leakage than long-lived credentials - bolstering security in the software supply chain.
View Video
cloudsmith

Goodbye imagePullSecrets, Hello Kubernetes Credential Providers

Jun 19, 2025 By Ian Duffy In Cloudsmith
Previously, we showed you how to securely pull Docker images from Cloudsmith to Kubernetes using OIDC with a CronJob-based approach. We concluded the post discussing credential provider plugins from Kubernetes 1.20 and an enhancement in Kubernetes 1.33 that offers a new approach for external registries like Cloudsmith. We have now built a credential provider that takes advantage of this new capability. This article explores what this means for the future of pulling images from Cloudsmith on Kubernetes.
Read Post
cloudsmith

AI is now writing code at scale - but who's checking it?

Jun 18, 2025 By Nigel Douglas In Cloudsmith
As Generative AI (GenAI) reshapes the software development landscape, the risks and complexities around managing what gets built, where it comes from, and how it’s secured are growing just as fast. The Cloudsmith 2025 Artifact Management Report dives into this shift, offering critical insights into how teams are adapting their infrastructure and software supply chain security practices in response to the AI-generated code.
Read Post

DevEx Unpacked 006 - Leadership, Scaling & Serving Developers with Glenn Weinstein

Jun 18, 2025 By Cloudsmith In Cloudsmith
Episode 006: In this episode of DevEx Unpacked, Cloudsmith co-founder Alan Carson sits down with CEO Glenn Weinstein for a deep dive into leadership, growth, and developer-first thinking. Glenn shares his journey from programming on a Commodore PET to founding and selling a startup, his lessons from Twilio, and what drew him to lead Cloudsmith. The two discuss what it takes to build a category-defining company from Belfast, navigating VC funding, and how values like resilience, clarity, and service drive long-term success.
View Video
cloudsmith

CVE-2025-3248: Serious vulnerability found in popular Python AI package

Jun 17, 2025 By Nigel Douglas In Cloudsmith
Researchers at Trend Micro have uncovered a critical unauthenticated remote code execution (RCE) vulnerability affecting Langflow versions prior to 1.3.0. Langflow is a Python-based visual framework for building AI applications and boasts over 70,000 stars on GitHub and over 21,000 global weekly downloads from the public PyPI upstream. Source: Cloudsmith Navigator Versions released before 1.3.0 contain a serious flaw in the code validation logic, which allows arbitrary code execution.
Read Post
cloudsmith

OWASP CI/CD Part 7: Insecure System Configuration

Jun 16, 2025 By Nigel Douglas In Cloudsmith
Insecure system configuration is a textbook example of how neglected settings can create an entry point for attackers targeting your CI/CD pipelines. It’s rarely the cutting-edge zero-day that causes a breach. More often, it’s the unpatched service, the overly permissive role, or the default password that was never changed. While this risk overlaps with CI/CD credential hygiene (covered in Part 6 of our OWASP CI/CD series), the focus here is much broader.
Read Post

DevEx Unpacked 005 - Secure DevOps, Rego Policies & Growing Cloudsmith with Ciara Carey

Jun 16, 2025 By Cloudsmith In Cloudsmith
Episode 005: In this episode of DevEx Unpacked, Alan Carson chats with Ciara Carey, Solutions Engineer at Cloudsmith, about her career journey from developer to DevRel to her current customer-facing role. Ciara shares real-world insights on software supply chain security, how teams are using Enterprise Policy Management (EPM) to control open source risk, and why Cloudsmith’s cloud-native platform is a game changer for DevSecOps workflows.
View Video
circleci

Kubernetes sidecar deployment using CircleCI

Jun 16, 2025 By Terrence Aluda In CircleCI
Kubernetes excels at managing complex, containerized systems, and one of its most impactful patterns is the sidecar. Sidecar containers extend applications by running supplementary processes in tandem. This modular architecture enables enhanced observability, networking, or security layers — all without changing the core application code. Continuous Integration and Continuous Deployment (CI/CD) practices are key to reliably shipping these configurations.
Read Post

DevEx Unpacked 004 - Scaling Startups, Blockchain & Developer Culture with Jack Spargo

Jun 13, 2025 By Cloudsmith In Cloudsmith
Episode 004: In this episode of DevEx Unpacked, Alan Carson chats with Jack Spargo, CTO of Control Alt, about his fascinating career journey from aerospace engineering to leading blockchain-powered investment platforms. Jack shares lessons from being acquired overnight, the challenges of building a platform from scratch, and why he’s betting big on junior engineers and AI augmentation. They explore the realities of compliance, software supply chain security, and why Northern Ireland is fast becoming a serious start-up hub.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.