Optimized for distributed teams working at any scale, Cloudsmith is your single source of truth for software assets.

Open Source Software (OSS) presents boundless opportunities, and organizations face challenges in securely leveraging OSS Join Cloudsmith and Chainguard as we talk about the easy way to securely consume OSS. Discover S2C2F best practices for securely consuming OSS and understand how Cloudsmith's Cloud Native Artifact Management aligns with these standards. Learn about Chainguard zero CVE images drastically reduce vulnerabilities and image attack surface.

Worried about supply chain attacks and hidden vulnerabilities compromising your organization's software integrity? Join Alison Sickelka, VP Product, and Ciara Carey, Developer Relations, as they lead our webinar, 'Practical Workflows for Managing Vulnerabilities using Cloudsmith.' Discover how Cloudsmith serves as your organization's central source of truth for builds, mitigating risks, optimizing workflows, and ensuring global distribution.

Join us for a demo and Q&A on Cloudsmith's cloud native, global, universal artifact management platform! Learn how Cloudsmith can help you distribute software globally, secure your software supply chain, optimize your workflow and reduce infrastructure costs!

Listen to Rust expert Carol Nichols discuss how adopting a memory-safe language like Rust can significantly reduce vulnerabilities.

Cloudsmith Navigator helps engineers select the highest quality OSS packages for their projects. Navigator integrates and analyses data on NPM, PyPi, RubyGems and Maven packages, and assigns each one a score based on security, maintenance and documentation.

See how we've saved PagerDuty from pipeline disruption, support bottlenecks and more with first-class performance and service.

Today we are going to take a lookback on trends in the DevOps and supply chain security space in 2023 What kind of year has 2023 been for DevOps? Are people generating SBOMs? Were there any mad vulnerabilities? Are we all using AI in our workflows? We have 3 wonderful panellists: Glenn Weinstein Cloudsmith CEO Josh Bressers VP of Security at Anchore, Podcaster, Blogger Luca Lanziani Head of DevOps and Platform Engineering @NearForm and Blogger.

Tune in to learn about how to consume open source securely using an OpenSSF framework donated by Microsoft.

A Node.js module with nearly two million downloads a week was compromised after the library was injected with malicious code programmed to steal bitcoins in wallet apps. Join us as we delve into a real-world zero-day supply chain attack. Understand the response that followed, and how attacks like this can be mitigated. Learn from David Gonzalez, Principal Engineer at Cloudsmith and Member of the Node.js security working group, as he walks us through the incident.