Consuming Open Source Securely using S2C2F
Tune in to learn about how to consume open source securely using an OpenSSF framework donated by Microsoft.
Operations | Monitoring | ITSM | DevOps | Cloud
The Place Where Modern Operations & Technology Come Together
Cloudsmith
What is the EU Cyber Resilience Act?
EU law is changing for hardware and software makers. Here's your 2-minute summary of the Cyber Resilience Act.
How to comply with the EU Cyber Resilience Act
This week, the European Union (EU) reached an agreement on the EU Cyber Resilience Act (CRA). See if your product must comply, how to comply and what is exempt.
You Took HOW Much Money?!?
This week, we announced that Cloudsmith has taken an impressive $11M in additional funding, hot on the heels of our $15M Series A two years ago. That's not just serious cash for a startup; it's a game-changer! The natural questions are: why did we take it, and what's our big-picture plan?
Secure Open Source Consumption: Level 1 of S2C2F
Uncover how to reach Level 1 in S2C2F a framework for secure OSS consumption.
Why C and C++ programmers should use a package manager
Discover the risks and drawbacks of developing and distributing software without the support of a C++ package manager.
Understanding Zero-Day Vulnerabilities in Software Supply Chain
A Node.js module with nearly two million downloads a week was compromised after the library was injected with malicious code programmed to steal bitcoins in wallet apps. Join us as we delve into a real-world zero-day supply chain attack. Understand the response that followed, and how attacks like this can be mitigated. Learn from David Gonzalez, Principal Engineer at Cloudsmith and Member of the Node.js security working group, as he walks us through the incident.
Mastering Open Source Security: Your Guide to S2C2F
Welcome to our 2nd blog in our series on how to securely consume Open Source Software (OSS). Attacks targeting OSS are on the rise, making the security of your software supply chain a top priority. The 1st blog gave an overview of some of the most common types of attacks. Today we’ll explore the Secure Supply Chain Consumption Framework (S2C2F) that can help you mitigate against these attacks.
The Dangers Lurking in Open Source Software
Our 1st blog in our series on securely consuming OSS. Today, I'll give an overview of some of the most common types of attacks from consuming OSS. Open-source software (OSS) fuels innovation. Over 96% of commercial applications rely on at least one OSS component (Synopsys, 2023). At Cloudsmith, we champion OSS and understand its indispensable role in today's software landscape. However, the escalating threat of supply chain attacks targeting OSS demands a robust defence.
Securely Connect Cloudsmith to your CI/CD using OIDC Authentication
Are your CI/CD pipelines at risk? They might be if you use long-lived, static credentials and tokens. Long-lived, static credentials and tokens are one of the most common causes of data breaches in cloud environments. CI/CD tools need access to cloud services to publish artifacts, deploy software, and access resources on their cloud provider. So, they need credentials. It's tempting to hard-code them. But that's a bad idea.