Operations | Monitoring | ITSM | DevOps | Cloud

Thoughts On the Codecov Breach

It was revealed just a few days ago that US Federal investigators are looking into an intrusion and insertion of malicious code into Codecov. As many readers here will already know, Codecov is a software auditing tool that analyses your source code to check for the amount of test coverage. The intrusion targeted the Codecov bash uploader, which is a script that provides a way to send coverage reports to Codecov.

Missing Infrastructure: Accelerated Worldwide Delivery

Software development by distributed teams is nothing new. But since 2020, it’s no longer just teams that are globally dispersed, it is the individual team members themselves. Remote working is the new normal. So in this unpredictable, “modern” world we’re in, how do you put together a solution that delivers for every single team member, no matter their location?

Dependency Confusion Attacks

You must secure your software supply chain. Now, more than ever, it is vital. For a long time, a primary concern in security was malicious actors exploiting inherent weaknesses in software. Privilege escalations, SQL injections, race conditions etc. These are, of course, still a concern and should be afforded the attention that they deserve. But now, there is another worry, one that is arguably even more important – A Supply Chain Attack.

Build Trust with a Custom Domain

Security in software is now everyone’s problem. We can no longer simply rely on InfoSec teams or your equivalent Gary “he-likes-security” to handle security-related processes and issues. All software, tools, infrastructure, and services need to be trusted. It is important to us at Cloudsmith to provide you with the ability to build that trust within your teams or with your customers. Cloudsmith allows you to use your own domain name for your repositories.

Welcome To The Show - The Bintray Replacement

It’s finally happened. After months of whispers, JFrog have announced the sunsetting date for Bintray - their distribution add-on to their long-standing on-premises Artifactory product. It’s officially shutting down on May 1, 2021. Cloudsmith is a direct replacement for Bintray. And Artifactory. And their X-Ray product. Don’t get us wrong - JFrog has achieved a lot over the years and we would never publicly speak out against them.