Operations | Monitoring | ITSM | DevOps | Cloud

cloudsmith

Golden Paths Made Easy With Cloudsmith

Jul 14, 2025 By Cristian Garcia In Cloudsmith
Over the past few years, Platform Engineering has taken off as more and more as enterprise organisations adopt the practice of creating a centralised, self-service interface for developers to access the tools they need in order for them to do the job they were meant to do: build amazing software. At the heart of every Golden Path lies the ability to reliably produce, store, and consume build artifacts, from container images to internal libraries.
Read Post
cloudsmith

OWASP CI/CD Part 9: Improper Artifact Integrity Validation

Jul 10, 2025 By Nigel Douglas In Cloudsmith
Improper artifact integrity validation is a critical vulnerability in CI/CD pipelines characterised by insufficient mechanisms to cryptographically verify the authenticity and integrity of code and build artifacts traversing the pipeline. When these controls are weak or absent, adversaries with access to any pipeline stage can inject malicious or tampered artifacts that appear legitimate, enabling undetected propagation through the pipeline and eventual deployment into production environments.
Read Post
cloudsmith

Security is a leading priority for 2025

Jul 9, 2025 By Nigel Douglas In Cloudsmith
The Cloudsmith 2025 Artifact Management Report offers timely insights into how engineering and DevOps teams are evolving their approach to software artifact management and software supply chain security. With supply chain attacks on the rise and Generative AI reshaping development practices, teams are reevaluating how they manage, secure, and scale their artifact repository infrastructure.
Read Post
cloudsmith

The Artifact Management Market Is Up For Grabs

Jun 26, 2025 By Glenn Weinstein In Cloudsmith
The enterprise artifact management market - which has belonged for a while to JFrog and Sonatype - is now truly up for grabs. Cloudsmith was built on the core principle that cloud-native architecture matters. So does simplicity in design and workflow. Partnerships matter, too. We’ve built a comprehensive platform that controls and secures every artifact as it’s built, scanned, signed, stored, and shipped across the software supply chain.
Read Post
cloudsmith

OWASP CI/CD Part 8: Ungoverned Usage of 3rd Party Services

Jun 20, 2025 By Nigel Douglas In Cloudsmith
The boundaries of what organizations build internally and what they adopt externally have blurred. Developers routinely integrate third-party services into critical CI/CD pipelines, often with minimal friction and limited oversight. This rapid plug-and-play convenience, while key to modern engineering velocity, is also quietly expanding the attack surface in ways many teams struggle to track - let alone govern.
Read Post
cloudsmith

Adding AI to applications using the Model Context Protocol

Jun 20, 2025 By Ian Taylor In Cloudsmith
Large Language Models (LLMs) are now at the cutting edge of mainstream AI systems. Their impact has been seismic, sparking a new gold rush as application developers transform the user experience away from clicks and commands into natural language and advanced automation. However, application developers have a barrier to overcome. AI models need data to reason and respond to a particular application domain.
Read Post

Risk and the problems of 3rd party software dependencies

Jun 20, 2025 By Cloudsmith In Cloudsmith
Docker's VP of Product, Michael Donovan, discusses the importance of risk management and the security challenges introduced by the scale of 3rd party software dependency in development. See the full webinar: https:/cloudsmith.com/webinars Get to know Cloudsmith: About Cloudsmith We offer the world's best cloud-native artifact management platform to control, secure, and distribute everything that flows through your software supply chain. Cloudsmith operates at enterprise scale, reduces risk, and streamlines builds.
View Video

Using a Kubernetes credential provider with Cloudsmith

Jun 19, 2025 By Cloudsmith In Cloudsmith
Join Ian Duffy, Senior Site Reliability Engineer at Cloudsmith, as he discusses using credential providers in Kubernetes to securely pull images from private repositories. Credential providers are a great new feature that appeared in recent versions of Kubernetes. They allow you to pull images using a short-lived authentication token, which makes them less prone to leakage than long-lived credentials - bolstering security in the software supply chain.
View Video
cloudsmith

Goodbye imagePullSecrets, Hello Kubernetes Credential Providers

Jun 19, 2025 By Ian Duffy In Cloudsmith
Previously, we showed you how to securely pull Docker images from Cloudsmith to Kubernetes using OIDC with a CronJob-based approach. We concluded the post discussing credential provider plugins from Kubernetes 1.20 and an enhancement in Kubernetes 1.33 that offers a new approach for external registries like Cloudsmith. We have now built a credential provider that takes advantage of this new capability. This article explores what this means for the future of pulling images from Cloudsmith on Kubernetes.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.