Operations | Monitoring | ITSM | DevOps | Cloud

cloudsmith

Security is a leading priority for 2025

Jul 9, 2025 By Nigel Douglas In Cloudsmith
The Cloudsmith 2025 Artifact Management Report offers timely insights into how engineering and DevOps teams are evolving their approach to software artifact management and software supply chain security. With supply chain attacks on the rise and Generative AI reshaping development practices, teams are reevaluating how they manage, secure, and scale their artifact repository infrastructure.
Read Post
cloudsmith

The Artifact Management Market Is Up For Grabs

Jun 26, 2025 By Glenn Weinstein In Cloudsmith
The enterprise artifact management market - which has belonged for a while to JFrog and Sonatype - is now truly up for grabs. Cloudsmith was built on the core principle that cloud-native architecture matters. So does simplicity in design and workflow. Partnerships matter, too. We’ve built a comprehensive platform that controls and secures every artifact as it’s built, scanned, signed, stored, and shipped across the software supply chain.
Read Post
cloudsmith

OWASP CI/CD Part 8: Ungoverned Usage of 3rd Party Services

Jun 20, 2025 By Nigel Douglas In Cloudsmith
The boundaries of what organizations build internally and what they adopt externally have blurred. Developers routinely integrate third-party services into critical CI/CD pipelines, often with minimal friction and limited oversight. This rapid plug-and-play convenience, while key to modern engineering velocity, is also quietly expanding the attack surface in ways many teams struggle to track - let alone govern.
Read Post
cloudsmith

Adding AI to applications using the Model Context Protocol

Jun 20, 2025 By Ian Taylor In Cloudsmith
Large Language Models (LLMs) are now at the cutting edge of mainstream AI systems. Their impact has been seismic, sparking a new gold rush as application developers transform the user experience away from clicks and commands into natural language and advanced automation. However, application developers have a barrier to overcome. AI models need data to reason and respond to a particular application domain.
Read Post

Risk and the problems of 3rd party software dependencies

Jun 20, 2025 By Cloudsmith In Cloudsmith
Docker's VP of Product, Michael Donovan, discusses the importance of risk management and the security challenges introduced by the scale of 3rd party software dependency in development. See the full webinar: https:/cloudsmith.com/webinars Get to know Cloudsmith: About Cloudsmith We offer the world's best cloud-native artifact management platform to control, secure, and distribute everything that flows through your software supply chain. Cloudsmith operates at enterprise scale, reduces risk, and streamlines builds.
View Video

Using a Kubernetes credential provider with Cloudsmith

Jun 19, 2025 By Cloudsmith In Cloudsmith
Join Ian Duffy, Senior Site Reliability Engineer at Cloudsmith, as he discusses using credential providers in Kubernetes to securely pull images from private repositories. Credential providers are a great new feature that appeared in recent versions of Kubernetes. They allow you to pull images using a short-lived authentication token, which makes them less prone to leakage than long-lived credentials - bolstering security in the software supply chain.
View Video
cloudsmith

Goodbye imagePullSecrets, Hello Kubernetes Credential Providers

Jun 19, 2025 By Ian Duffy In Cloudsmith
Previously, we showed you how to securely pull Docker images from Cloudsmith to Kubernetes using OIDC with a CronJob-based approach. We concluded the post discussing credential provider plugins from Kubernetes 1.20 and an enhancement in Kubernetes 1.33 that offers a new approach for external registries like Cloudsmith. We have now built a credential provider that takes advantage of this new capability. This article explores what this means for the future of pulling images from Cloudsmith on Kubernetes.
Read Post
cloudsmith

AI is now writing code at scale - but who's checking it?

Jun 18, 2025 By Nigel Douglas In Cloudsmith
As Generative AI (GenAI) reshapes the software development landscape, the risks and complexities around managing what gets built, where it comes from, and how it’s secured are growing just as fast. The Cloudsmith 2025 Artifact Management Report dives into this shift, offering critical insights into how teams are adapting their infrastructure and software supply chain security practices in response to the AI-generated code.
Read Post

DevEx Unpacked 006 - Leadership, Scaling & Serving Developers with Glenn Weinstein

Jun 18, 2025 By Cloudsmith In Cloudsmith
Episode 006: In this episode of DevEx Unpacked, Cloudsmith co-founder Alan Carson sits down with CEO Glenn Weinstein for a deep dive into leadership, growth, and developer-first thinking. Glenn shares his journey from programming on a Commodore PET to founding and selling a startup, his lessons from Twilio, and what drew him to lead Cloudsmith. The two discuss what it takes to build a category-defining company from Belfast, navigating VC funding, and how values like resilience, clarity, and service drive long-term success.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.