Uncover SBOM benefits: Tackle vulnerabilities in dependencies/images, verify package authenticity, merge continuous packaging/security in CI/CD, ensure trust/provenance, and boost visibility with upstreams/signatures in your software supply chain.

Tom Gibson

Principal Engineer

Discover the value of SBOMs for your organization: Identify and address vulnerabilities in dependencies and container images, ensure package authenticity to prevent malicious infiltration, integrate continuous packaging and security in CI/CD pipelines, establish trust and provenance, and enhance visibility with upstreams and signatures in your software supply chain.

Modernizing the Management of Your Software Supply Chain 

Software supply chain

SBOMs

Software supply chain security is critical, yet artifact management often goes overlooked. Join Docker and Cloudsmith in this live webinar to explore how teams are securing the artifact lifecycle and staying ahead of evolving threats.

Michael Donovan

VP Product

Ralph McTeggart 

Jack Gibson

Senior Software Engineer

Containerized software and artifact management processes and technology have become soft spots in your software supply chain security — and attackers know it. From compromised CI/CD workflows to malicious open source packages, the threat surface has expanded — and attackers are increasingly targeting containers, registries, and build pipelines. Yet, many organizations still rely on default configurations, public registries, and unsigned packages — leaving critical blind spots in their security posture.

In this live session, Michael Donovan (VP of Product, Docker), Ralph McTeggart (Principal Engineer, Cloudsmith), and Jack Gibson (Senior Software Engineer, Cloudsmith) will walk through how leading teams are securing their software supply chains — with a sharp focus on artifact management. You’ll get a front-line view of how threats are evolving, how cybersecurity is reshaping security priorities, and what real-world strategies teams are using to lock down the full artifact lifecycle.

Topics will include
<ol>
<li>How attackers are targeting the software supply chain — and where your blind spots are; from tampered images to compromised CI/CD workflows, we’ll unpack real-world examples of how artifacts are being exploited — and why containers, public registries, and unsigned packages are common weak points</li>
<li>What a secure artifact lifecycle looks like in practice; learn the technical building blocks of a secure pipeline: signing, provenance via SLSA, tamper-proof storage, and enforcing policies without adding friction to dev workflows</li>
<li>How SBOMs and attestations create real visibility and trust. We’ll show how to integrate SBOMs and signed metadata into your pipeline for traceability — without slowing teams down</li>
<li>How to move toward zero-trust for artifacts - explore how forward-thinking teams are adopting cryptographic verification, trusted sources, and immutable audit logs to lock down the full software delivery process</li>
</ol>

State of the Union: Modern security approaches for the Software Supply Chain

Docker

Security

Signatures

Explore Helm chart security risks, real attacks, and vulnerabilities - learn how misconfigurations and dependencies threaten Kubernetes deployments.

Nigel Douglas

Head of Developer Relations

As Kubernetes adoption grows, Helm charts have become a go-to for app deployment - but they come with security risks. Public charts often include misconfigurations, insecure defaults, and vulnerable dependencies, opening the door to privilege escalation, data leaks, or even full-cluster compromise.

This webinar explores the evolving threat landscape around Helm charts in public repositories. From real-world incidents, like the Codecov supply chain attack, to hypothetical attack vectors like "ChartSploit", we highlight how seemingly benign configurations can be exploited. You'll gain insights into the anatomy of vulnerable charts, key risk areas such as RBAC misconfigurations and dependency vulnerabilities, and what recent CNCF data tells us about industry-wide exposure.

Identifying vulnerabilities in public Kubernetes Helm charts

Helm charts

Kubernetes

Watch this on-demand webinar to explore how data can be leveraged to protect your software supply chain. Learn how to extract actionable insights, enforce data-driven security policies, and enhance auditability with real-world strategies and examples.


Paddy Carey

Alison Sickelka

VP of Product

Dan McKinney

Solutions Engineer

In today’s rapidly evolving software landscape, organizations face unprecedented challenges in securing their supply chains. With deeper dependency trees, increasing third-party code contributions, and growing threats - from vulnerabilities and misconfigurations to malicious packages and targeted attacks - ensuring security without compromising agility has never been more critical.

Watch this on-demand webinar to explore how data can be leveraged to protect your software supply chain. Learn how to extract actionable insights, enforce data-driven security policies, and enhance auditability with real-world strategies and examples.

Gain the knowledge and tools needed to turn data into a powerful defense against ever-evolving threats. Watch now to strengthen your security posture and safeguard your organization’s software ecosystem.

Putting Your Data to Work to Protect Your Software Supply Chain

Software Supply Chain

Glenn Weinstein, CEO of CloudSmith, and Ronan O'Dooley, VP of Engineering, share their expert predictions and valuable insights to help you navigate the future of software supply chain management.

Ronan O'Dulaing

VP of Engineering

Glenn Weinstein

As the software ecosystem grows more complex and security challenges become more pressing, staying informed on emerging trends and threats is crucial. Listen to Glenn Weinstein, CEO of CloudSmith, and Ronan O'Dooley, VP of Engineering, share their expert predictions and valuable insights to help you navigate the future of software supply chain management.

Modernizing the Management of Your Software Supply Chain

Things you'll learn

Speakers

Summary

State of the Union: Modern security approaches for the Software Supply Chain

Identifying vulnerabilities in public Kubernetes Helm charts

Putting Your Data to Work to Protect Your Software Supply Chain

2025 Software Supply Chain Predictions