Operations | Monitoring | ITSM | DevOps | Cloud
The Place Where Modern Operations & Technology Come Together
The latest News and Information on Continuous Integration and Development, and related technologies.
Secure Docker Image Pulls from Cloudsmith to Kubernetes using OIDC
Pulling Docker images from private registries for containerised applications presents a security challenge. It requires authentication management, network access, and trust across distributed systems. Credentials must be securely handled and rotated, and image pulls can break due to network restrictions or expired tokens. All of this makes deployment and security harder.
OWASP CI/CD Part 5 - Insufficient PBAC
One of the more overlooked yet critical vulnerabilities highlighted in the OWASP Top 10 for CI/CD Security Risks is Insufficient PBAC (Pipeline-Based Access Controls). Let’s unpack what PBAC is, why it's essential, and how you can leverage modern access control tools like Open Policy Agent (OPA) and Rego to mitigate these risks effectively.
Docker Hardened Images & Cloudsmith: Modern Security for the Software Supply Chain
Explore how Docker and Cloudsmith help secure the software supply chain with SBOMs, signatures, provenance, and hardened images - enabling end-to-end visibility and trust without slowing development.
Open Container Initiative (OCI) Support in Cloudsmith
Kubernetes has become the de facto platform for orchestrating containers. Open standards complement Kubernetes by defining best practices for its implementation. These standards are developed by the open-source Kubernetes community (not a single vendor), ensuring vendor neutrality, easier integration with other tools, and overall system efficiency.
Multiple Malicious Packages Discovered on PyPI, npm, and RubyGems
Evidence of broad and sustained attacks using several npm, Python, and Ruby packages continues to emerge. A series of malicious packages have been added to the npm, PyPI, and RubyGems package repositories. The attacks have been ongoing for some time, with some seeded years ago. Their aims are manifold, including stealing funds from crypto wallets, deleting codebases, and obtaining Telegram messaging data.
Hyperparameter tuning for LLMs using CircleCI matrix workflows
Hyperparameter tuning is a critical step in optimizing large language models (LLMs). Parameters such as learning rate, batch size, weight decay, and number of training epochs can significantly affect convergence behavior and final model performance. While several approaches like grid search or random search are widely used, executing them manually is inefficient; especially when each training run is compute-intensive.
A dash of AI & Latest blogs | Argo Unpacked Ep. #9
In this episode, we’re sharing highlights from recent blog posts about Argo and chatting about how AI is starting to show up in the conversation. It’s a short, fun update on what’s happening in the community—come hang out!
Docker Hardened Images for tightened security and strong provenance
Docker's VP of Product, Michael Donovan, gives a quick overview of Docker Hardened Images and how they make open source software available in a hardened image container. They're minimal images with less attack surface and SLSA level 3 artifact compliance. They carry extensive provenance data, including SBOMs, CVEs, and VEX. Be confident that your software is safer from attack using Docker Hardened Images and Cloudsmith.
Michael Donovan, VP of Product at Docker, has a hot take on shift left security
Shift left means improving security at the early stages of software development. Is it the best approach? See the full webinar: https:/cloudsmith.com/webinars Get to know Cloudsmith: About Cloudsmith We offer the world's best cloud-native artifact management platform to control, secure, and distribute everything that flows through your software supply chain. Cloudsmith operates at enterprise scale, reduces risk, and streamlines builds.