This week, the European Union (EU) reached an agreement on the EU Cyber Resilience Act (CRA). See if your product must comply, how to comply and what is exempt.

It's a lot easier to get + stay CRA compliant when you have robust SSCS across your pipeline. See how using Cloudsmith helps.

This week, we announced that Cloudsmith has taken an impressive $11M in additional funding, hot on the heels of our $15M Series A two years ago. That's not just serious cash for a startup; it's a game-changer! The natural questions are: why did we take it, and what's our big-picture plan?

Uncover how to reach Level 1 in S2C2F a framework for secure OSS consumption.

Discover the risks and drawbacks of developing and distributing software without the support of a C++ package manager.

Welcome to our 2nd blog in our series on how to securely consume Open Source Software (OSS). Attacks targeting OSS are on the rise, making the security of your software supply chain a top priority. The 1st blog gave an overview of some of the most common types of attacks. Today we’ll explore the Secure Supply Chain Consumption Framework (S2C2F) that can help you mitigate against these attacks.

Our 1st blog in our series on securely consuming OSS. Today, I'll give an overview of some of the most common types of attacks from consuming OSS. Open-source software (OSS) fuels innovation. Over 96% of commercial applications rely on at least one OSS component (Synopsys, 2023). At Cloudsmith, we champion OSS and understand its indispensable role in today's software landscape. However, the escalating threat of supply chain attacks targeting OSS demands a robust defence.

Are your CI/CD pipelines at risk? They might be if you use long-lived, static credentials and tokens. Long-lived, static credentials and tokens are one of the most common causes of data breaches in cloud environments. CI/CD tools need access to cloud services to publish artifacts, deploy software, and access resources on their cloud provider. So, they need credentials. It's tempting to hard-code them. But that's a bad idea.

When a headhunter reached out to me about the CEO role at Cloudsmith (where I started in August!), one of the first things I did was sign up for a trial account. The product's depth and sophistication really impressed me, and contributed to my decision to go ahead with the interviews. (Glad I did.) They were right; our web interface is still largely a Django web app, tightly coupled to the back end, and you can see the Bootstrap showing everywhere.

Discover Cloudsmith Navigator: a revolutionary tool designed to guide software engineering teams in selecting top-quality open source packages. By analyzing and scoring thousands of packages based on security, maintenance, and documentation, Navigator simplifies the package selection process. Choosing the right software package for your project can sometimes feel like finding a needle in a haystack.