By submitting, you are subscribing to artiFACTS, Cloudsmith's monthly product newsletter. You can unsubscribe at any time.

Most software pipelines focus on writing code and deploying it, but the real risk is what happens in between. Join Cloudsmith and Octopus Deploy to learn how to build trust in software artifacts and enforce security and compliance through your Golden Path.

Ralph McTeggart 

Principal Engineer

Steve Fenton

Director of Developer Relations

Cristian Garcia

Senior Customer Success Manager

Golden Paths help scale developer productivity - but most stop before the point where trust actually breaks down.

Teams invest in source control and deployment automation, but what happens in between - artifact movement, approvals, and integrity - is often overlooked.

In this session, Cloudsmith and Octopus Deploy will show how to build trust continuously, from source to ship. You’ll leave with a clear mental model for trust in software delivery, and practical guidance on enforcing chain of custody, policy, and authorization through your Golden Path.

Because if you can’t prove it, you don’t control it.


Building trust from source to ship: The missing link in your Golden Path

Learn how to safely ingest, verify, and manage LLM models from Hugging Face in this live webinar. See a real workflow for quarantining, approving, and promoting models into production without slowing developers down.

Nigel Douglas

Head of Developer Relations

Liana Ertz

Product Manager

Open model ecosystems like Hugging Face have transformed how teams build with AI. But with that speed comes risk: unverified publishers, mutable artifacts, dependency confusion, and models that change beneath your feet.

If you’re pulling models straight into production pipelines, you’re inheriting all the uncertainty of the public internet - into some of your most sensitive systems.

In this live session, Cloudsmith experts will show you how to take control of your AI supply chain. You’ll learn how to securely ingest, verify, and distribute LLM models from Hugging Face without slowing your teams down.

How to securely source your LLM models from Hugging Face

Sofware supply chain security

Attackers are exploiting typos and AI-generated code to slip malicious packages into software ecosystems. Learn how typosquatting and slopsquatting attacks work, why AI is accelerating them, and the practical steps to detect, prevent, and secure your supply chain.

As software ecosystems expand, attackers are exploiting the smallest cracks - from a single typo to a reused name - to sneak in malicious packages. The rise of AI-generated code has amplified this problem. Automated code suggestions, dependency management, and code-completion tools can unintentionally introduce lookalike or compromised packages into projects. These lookalikes are easy to miss and can bypass traditional security checks, creating serious downstream risk.

This session combines real-world examples with practical advice on how to detect, respond to, and prevent squatting attacks in a world where AI-driven development is changing how code is written, shared, and reused. You’ll leave with a clearer understanding of how these threats operate, a simple framework for detection and response, and actionable steps to make your package ecosystem more resilient.

From naming hygiene to automation strategies, this session will help your teams stay one step ahead of the next squatting campaign, whether it is targeting human developers or being propagated by AI-generated code, and keep your software supply chain secure.

Typosquatting & Slopsquatting: Detecting and defending against malicious packages

Don’t let hidden threats slow you down. Discover how Cloudsmith & Kusari enable proactive security to prevent tampering, improve visibility, and speed deployments—reducing rework and strengthening your software supply chain.

Ben Cotton

Open Source Program Lead

Security checks are more critical than ever as attackers increasingly target software supply chains, from dependencies to CI/CD systems. But speed is just as important. Slowing down development isn’t an option, so organizations need security that enables rapid releases without adding friction.

The real competitive advantage comes from building security into your workflow so that speed and safety go hand in hand. Whether you’re under pressure to reduce risk, or enabling speed at scale, you’ll leave with actionable steps to make your pipeline not only secure but trustworthy - and spookily efficient.

In this joint webinar from Cloudsmith and Kusari, our experts will show you how to turn security from a bottleneck into a force multiplier.

More Trust, Less Boo! Haunt-Free Deployments with Cloudsmith & Kusari

Software Supply Chain Securely

Distribute Software Globally

The recent npm supply chain attack was a wake-up call: open source dependencies are a critical risk vector. If your organization isn’t actively securing the way you source, store, and distribute software artifacts, you’re exposed.

Gwen Burchell

Engineering Manager

The recent npm supply chain attack was a wake-up call: open source dependencies are one of the most critical risk vectors facing modern software teams. High-profile incidents like the npm cryptocurrency attack and the S1ngularity/nx breach have made it clear that vulnerabilities don’t just come from the code you write, they often hide in the transitive dependencies your applications rely on.

If your organization isn’t actively securing how you source, store, and distribute software artifacts, you’re exposed. And while you can’t stop attackers from trying, you can prepare to minimize risk and disruption when the next breach inevitably happens.

In this webinar, we’ll explore what these attacks revealed about dependency risk, why practices like lockfiles and dependency pinning matter, and how to build resilience with approaches like Continuous Security and Verified Registries. You’ll also see how Cloudsmith helps teams automatically mitigate malware and vulnerabilities, so you can stay ahead of threats without slowing development.

Building trust from source to ship: The missing link in your Golden Path

Things you'll learn

Speakers

Summary

How to securely source your LLM models from Hugging Face

Typosquatting & Slopsquatting: Detecting and defending against malicious packages

More Trust, Less Boo! Haunt-Free Deployments with Cloudsmith & Kusari

Lessons from the npm Attack: How to Secure Dependencies with Artifact Management