Operations | Monitoring | ITSM | DevOps | Cloud

Cloudsmith Navigator helps engineers select the highest quality OSS packages for their projects. Navigator integrates and analyses data on NPM, PyPi, RubyGems and Maven packages, and assigns each one a score based on security, maintenance and documentation.

See how we've saved PagerDuty from pipeline disruption, support bottlenecks and more with first-class performance and service.

Today we are going to take a lookback on trends in the DevOps and supply chain security space in 2023 What kind of year has 2023 been for DevOps? Are people generating SBOMs? Were there any mad vulnerabilities? Are we all using AI in our workflows? We have 3 wonderful panellists: Glenn Weinstein Cloudsmith CEO Josh Bressers VP of Security at Anchore, Podcaster, Blogger Luca Lanziani Head of DevOps and Platform Engineering @NearForm and Blogger.

Tune in to learn about how to consume open source securely using an OpenSSF framework donated by Microsoft.

A Node.js module with nearly two million downloads a week was compromised after the library was injected with malicious code programmed to steal bitcoins in wallet apps. Join us as we delve into a real-world zero-day supply chain attack. Understand the response that followed, and how attacks like this can be mitigated. Learn from David Gonzalez, Principal Engineer at Cloudsmith and Member of the Node.js security working group, as he walks us through the incident.

The rise and popularity of containers and Kubernetes have revolutionised the IT industry but also introduced a lot of complexity including a huge number of vulnerabilities coming from different container image layers. To master those vulnerabilities both DevOps and Security teams are struggling to prioritise and address them, often without sufficient clarity or accountable insights.

“Overcoming Complexity and Cost” will delve into the challenges faced by software developers in managing complexity and reducing costs during the software development lifecycle. We will bring together industry experts to explore strategies, best practices, and emerging technologies that can empower developers to tackle these complex problems. Featuring: Mel Kaulfuss, Staff Developer Advocate, Buildkite Shanea Leven, Founder & CEO, CodeSee Tamara Miner, Principal Strategy Consultant, Pragma Moderated by Dan McKinney, Technical Account Manager, Cloudsmith.

While "secure software supply chain" can feel like a buzzword, the past 18 months have shown companies, open-source communities, and vendors making significant progress toward making it a reality. In this panel discussion, real-world practitioners will share their insights and experiences in securing the software supply chain. The panelists will cover a range of topics, from best practices in vulnerability management, risk assessment of open-source dependencies, and generating authenticated provenance, to the challenges of integrating security into the DevOps workflow. They will provide actionable strategies for improving security while maintaining development speed, and share real-world examples of how their organizations have successfully secured their software supply chains.

Software Bill of Materials (SBOM) are new and exciting, but what do they actually do and do you REALLY need one? If you read any security news lately, it seems like everyone is talking about how an SBOM can solve whatever problem they have, and they are years into their SBOM journey. But many of us don’t even know what they are.

Any organization that has taken on the daunting task of securing their software supply chain knows the challenges, pitfalls and caveats that come with implementing security best practices. SLSA 1.0, a community-backed framework that provides a comprehensive checklist of security controls and standards, is here! So what does it mean for you and your organization? This session gathers SLSA experts from across the industry to discuss the practical uses of the framework.