Don’t let hidden threats slow you down. Discover how Cloudsmith & Kusari enable proactive security to prevent tampering, improve visibility, and speed deployments—reducing rework and strengthening your software supply chain.

Ben Cotton

Open Source Program Lead

Nigel Douglas

Head of Developer Relations

Security checks are more critical than ever as attackers increasingly target software supply chains, from dependencies to CI/CD systems. But speed is just as important. Slowing down development isn’t an option, so organizations need security that enables rapid releases without adding friction.

The real competitive advantage comes from building security into your workflow so that speed and safety go hand in hand. Whether you’re under pressure to reduce risk, or enabling speed at scale, you’ll leave with actionable steps to make your pipeline not only secure but trustworthy - and spookily efficient.

In this joint webinar from Cloudsmith and Kusari, our experts will show you how to turn security from a bottleneck into a force multiplier.

More Trust, Less Boo! Haunt-Free Deployments with Cloudsmith & Kusari

Software Supply Chain Securely

Distribute Software Globally

The recent npm supply chain attack was a wake-up call: open source dependencies are a critical risk vector. If your organization isn’t actively securing the way you source, store, and distribute software artifacts, you’re exposed.

Cristian Garcia

Senior Customer Success Manager

Gwen Burchell

Engineering Manager

The recent npm supply chain attack was a wake-up call: open source dependencies are one of the most critical risk vectors facing modern software teams. High-profile incidents like the npm cryptocurrency attack and the S1ngularity/nx breach have made it clear that vulnerabilities don’t just come from the code you write, they often hide in the transitive dependencies your applications rely on.

If your organization isn’t actively securing how you source, store, and distribute software artifacts, you’re exposed. And while you can’t stop attackers from trying, you can prepare to minimize risk and disruption when the next breach inevitably happens.

In this webinar, we’ll explore what these attacks revealed about dependency risk, why practices like lockfiles and dependency pinning matter, and how to build resilience with approaches like Continuous Security and Verified Registries. You’ll also see how Cloudsmith helps teams automatically mitigate malware and vulnerabilities, so you can stay ahead of threats without slowing development.

Lessons from the npm Attack: How to Secure Dependencies with Artifact Management

Not every CVE is worth chasing. In this webinar, we’ll show how to combine CVSS severity with EPSS exploitability inside Open Policy Agent (OPA) to automatically quarantine the vulnerabilities that matter most. 

Vulnerability management isn’t about patching everything - it’s about patching what actually matters. CVSS gives you severity. EPSS gives you probability. Together, they let you prioritize risk in a way that reflects real-world exploitation, not just theoretical impact.</>

In this session, we’ll show how to integrate EPSS and CVSS into Open Policy Agent (OPA) to automatically quarantine packages that cross defined thresholds. Using Rego, you’ll learn how to encode risk-based policies that block high-severity, high-likelihood vulnerabilities before they hit production - without slowing down development workflows.

From CVE Scores to Action: Enforcing Artifact Management Policies in OPA

Sofware supply chain security

Vulnerability Management

Secure your CI/CD pipeline with Cloudsmith and Chainguard. This session will show you how to embed native artifact signing and enforce security policies within your workflows, enabling fast, trusted shipping without compromise.

Manfred Moser

Senior Principal Developer Relations Engineer

Liana Ertz

Product Manager

Mark McMurray

Senior Software Engineer

Join us for a hands-on session on securing modern CI/CD pipelines through native signing and real-time policy controls.
With software supply chain threats escalating, it’s critical to ensure only trusted, verifiable artifacts reach production. This session will show you how to integrate signing, provenance tracking, and policy checks directly into your CI/CD workflows - without slowing down delivery. 

See how Cloudsmith and Chainguard are advancing DevSecOps with end-to-end artifact security, SBOM integration, and policy-driven CI/CD pipelines. You’ll leave with actionable tools and proven strategies to harden your pipeline and ship with confidence.

Unlocking Software Integrity: Native Signing & Policy Enforcement

Chainguard

CI/CD

Signatures

Security

Artifact management is now central to secure software delivery - but AI, compliance, and scale are raising the stakes. Join us live as we unpack key insights from the 2025 Artifact Management Report and explore how teams are adapting to this fast-changing landscape.

The software development landscape is undergoing a major transformation driven by the rise of AI and automation. While these technologies offer incredible speed and innovation, they also introduce new pressures - demanding that software delivery be faster, more secure, and fully compliant with evolving global regulations.
Drawing on insights from over 300 engineering, DevOps, and security professionals, this webinar will examine how leading organizations are rethinking their artifact infrastructure to meet these modern challenges. From securing pipelines to navigating compliance, we’ll dive into the practical steps teams are taking to adapt.
We'll gain deeper insight into the challenges users face in securing AI-driven pipelines, especially as threats like AI malware hidden in unvetted dependencies (e.g., through manipulation techniques like slopsquatting) continue to emerge. We'll also explore developers' concerns around scalability, performance, and the security limitations of today’s artifact management systems.
In addition, we’ll cover how organizations are aligning with regulatory frameworks like SLSA, DORA, and the EU CRA by building in traceability, auditability, and automated policy enforcement. Finally, we’ll look at strategies for enabling cross-functional collaboration, while still maintaining strict governance, visibility, and control over the entire software supply chain.

More Trust, Less Boo! Haunt-Free Deployments with Cloudsmith & Kusari

Things you'll learn

Speakers

Summary

Lessons from the npm Attack: How to Secure Dependencies with Artifact Management

From CVE Scores to Action: Enforcing Artifact Management Policies in OPA

Unlocking Software Integrity: Native Signing & Policy Enforcement

From AI to Scalability: 2025 Trends in Artifact Management