Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on Continuous Integration and Development, and related technologies.

cloudsmith

Adding AI to applications using the Model Context Protocol

Jun 20, 2025 By Ian Taylor In Cloudsmith
Large Language Models (LLMs) are now at the cutting edge of mainstream AI systems. Their impact has been seismic, sparking a new gold rush as application developers transform the user experience away from clicks and commands into natural language and advanced automation. However, application developers have a barrier to overcome. AI models need data to reason and respond to a particular application domain.
Read Post

Risk and the problems of 3rd party software dependencies

Jun 20, 2025 By Cloudsmith In Cloudsmith
Docker's VP of Product, Michael Donovan, discusses the importance of risk management and the security challenges introduced by the scale of 3rd party software dependency in development. See the full webinar: https:/cloudsmith.com/webinars Get to know Cloudsmith: About Cloudsmith We offer the world's best cloud-native artifact management platform to control, secure, and distribute everything that flows through your software supply chain. Cloudsmith operates at enterprise scale, reduces risk, and streamlines builds.
View Video

Using a Kubernetes credential provider with Cloudsmith

Jun 19, 2025 By Cloudsmith In Cloudsmith
Join Ian Duffy, Senior Site Reliability Engineer at Cloudsmith, as he discusses using credential providers in Kubernetes to securely pull images from private repositories. Credential providers are a great new feature that appeared in recent versions of Kubernetes. They allow you to pull images using a short-lived authentication token, which makes them less prone to leakage than long-lived credentials - bolstering security in the software supply chain.
View Video
cloudsmith

Goodbye imagePullSecrets, Hello Kubernetes Credential Providers

Jun 19, 2025 By Ian Duffy In Cloudsmith
Previously, we showed you how to securely pull Docker images from Cloudsmith to Kubernetes using OIDC with a CronJob-based approach. We concluded the post discussing credential provider plugins from Kubernetes 1.20 and an enhancement in Kubernetes 1.33 that offers a new approach for external registries like Cloudsmith. We have now built a credential provider that takes advantage of this new capability. This article explores what this means for the future of pulling images from Cloudsmith on Kubernetes.
Read Post
cloudsmith

AI is now writing code at scale - but who's checking it?

Jun 18, 2025 By Nigel Douglas In Cloudsmith
As Generative AI (GenAI) reshapes the software development landscape, the risks and complexities around managing what gets built, where it comes from, and how it’s secured are growing just as fast. The Cloudsmith 2025 Artifact Management Report dives into this shift, offering critical insights into how teams are adapting their infrastructure and software supply chain security practices in response to the AI-generated code.
Read Post

DevEx Unpacked 006 - Leadership, Scaling & Serving Developers with Glenn Weinstein

Jun 18, 2025 By Cloudsmith In Cloudsmith
Episode 006: In this episode of DevEx Unpacked, Cloudsmith co-founder Alan Carson sits down with CEO Glenn Weinstein for a deep dive into leadership, growth, and developer-first thinking. Glenn shares his journey from programming on a Commodore PET to founding and selling a startup, his lessons from Twilio, and what drew him to lead Cloudsmith. The two discuss what it takes to build a category-defining company from Belfast, navigating VC funding, and how values like resilience, clarity, and service drive long-term success.
View Video
cloudsmith

CVE-2025-3248: Serious vulnerability found in popular Python AI package

Jun 17, 2025 By Nigel Douglas In Cloudsmith
Researchers at Trend Micro have uncovered a critical unauthenticated remote code execution (RCE) vulnerability affecting Langflow versions prior to 1.3.0. Langflow is a Python-based visual framework for building AI applications and boasts over 70,000 stars on GitHub and over 21,000 global weekly downloads from the public PyPI upstream. Source: Cloudsmith Navigator Versions released before 1.3.0 contain a serious flaw in the code validation logic, which allows arbitrary code execution.
Read Post
cloudsmith

OWASP CI/CD Part 7: Insecure System Configuration

Jun 16, 2025 By Nigel Douglas In Cloudsmith
Insecure system configuration is a textbook example of how neglected settings can create an entry point for attackers targeting your CI/CD pipelines. It’s rarely the cutting-edge zero-day that causes a breach. More often, it’s the unpatched service, the overly permissive role, or the default password that was never changed. While this risk overlaps with CI/CD credential hygiene (covered in Part 6 of our OWASP CI/CD series), the focus here is much broader.
Read Post

DevEx Unpacked 005 - Secure DevOps, Rego Policies & Growing Cloudsmith with Ciara Carey

Jun 16, 2025 By Cloudsmith In Cloudsmith
Episode 005: In this episode of DevEx Unpacked, Alan Carson chats with Ciara Carey, Solutions Engineer at Cloudsmith, about her career journey from developer to DevRel to her current customer-facing role. Ciara shares real-world insights on software supply chain security, how teams are using Enterprise Policy Management (EPM) to control open source risk, and why Cloudsmith’s cloud-native platform is a game changer for DevSecOps workflows.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.