Don’t let hidden threats slow you down. Discover how Cloudsmith & Kusari enable proactive security to prevent tampering, improve visibility, and speed deployments—reducing rework and strengthening your software supply chain.

Ben Cotton

Open Source Program Lead

Nigel Douglas

Head of Developer Relations

Security checks are more critical than ever as attackers increasingly target software supply chains, from dependencies to CI/CD systems. But speed is just as important. Slowing down development isn’t an option, so organizations need security that enables rapid releases without adding friction.

The real competitive advantage comes from building security into your workflow so that speed and safety go hand in hand. Whether you’re under pressure to reduce risk, or enabling speed at scale, you’ll leave with actionable steps to make your pipeline not only secure but trustworthy - and spookily efficient.

In this joint webinar from Cloudsmith and Kusari, our experts will show you how to turn security from a bottleneck into a force multiplier.

More Trust, Less Boo! Haunt-Free Deployments with Cloudsmith & Kusari

Software Supply Chain Securely

Distribute Software Globally

Secure your CI/CD pipeline with Cloudsmith and Chainguard. This session will show you how to embed native artifact signing and enforce security policies within your workflows, enabling fast, trusted shipping without compromise.

Manfred Moser

Senior Principal Developer Relations Engineer

Liana Ertz

Product Manager

Mark McMurray

Senior Software Engineer

Join us for a hands-on session on securing modern CI/CD pipelines through native signing and real-time policy controls.
With software supply chain threats escalating, it’s critical to ensure only trusted, verifiable artifacts reach production. This session will show you how to integrate signing, provenance tracking, and policy checks directly into your CI/CD workflows - without slowing down delivery. 

See how Cloudsmith and Chainguard are advancing DevSecOps with end-to-end artifact security, SBOM integration, and policy-driven CI/CD pipelines. You’ll leave with actionable tools and proven strategies to harden your pipeline and ship with confidence.

Unlocking Software Integrity: Native Signing & Policy Enforcement

Chainguard

CI/CD

Signatures

Security

Artifact management is now central to secure software delivery - but AI, compliance, and scale are raising the stakes. Join us live as we unpack key insights from the 2025 Artifact Management Report and explore how teams are adapting to this fast-changing landscape.

The software development landscape is undergoing a major transformation driven by the rise of AI and automation. While these technologies offer incredible speed and innovation, they also introduce new pressures - demanding that software delivery be faster, more secure, and fully compliant with evolving global regulations.
Drawing on insights from over 300 engineering, DevOps, and security professionals, this webinar will examine how leading organizations are rethinking their artifact infrastructure to meet these modern challenges. From securing pipelines to navigating compliance, we’ll dive into the practical steps teams are taking to adapt.
We'll gain deeper insight into the challenges users face in securing AI-driven pipelines, especially as threats like AI malware hidden in unvetted dependencies (e.g., through manipulation techniques like slopsquatting) continue to emerge. We'll also explore developers' concerns around scalability, performance, and the security limitations of today’s artifact management systems.
In addition, we’ll cover how organizations are aligning with regulatory frameworks like SLSA, DORA, and the EU CRA by building in traceability, auditability, and automated policy enforcement. Finally, we’ll look at strategies for enabling cross-functional collaboration, while still maintaining strict governance, visibility, and control over the entire software supply chain.

 From AI to Scalability: 2025 Trends in Artifact Management

2025 Artifact Management Report

artifact management

SLSA

DORA

NIS2

Software supply chain security is critical, yet artifact management often goes overlooked. Join Docker and Cloudsmith in this live webinar to explore how teams are securing the artifact lifecycle and staying ahead of evolving threats.

Michael Donovan

VP Product

Ralph McTeggart 

Principal Engineer

Jack Gibson

Containerized software and artifact management processes and technology have become soft spots in your software supply chain security — and attackers know it. From compromised CI/CD workflows to malicious open source packages, the threat surface has expanded — and attackers are increasingly targeting containers, registries, and build pipelines. Yet, many organizations still rely on default configurations, public registries, and unsigned packages — leaving critical blind spots in their security posture.

In this live session, Michael Donovan (VP of Product, Docker), Ralph McTeggart (Principal Engineer, Cloudsmith), and Jack Gibson (Senior Software Engineer, Cloudsmith) will walk through how leading teams are securing their software supply chains — with a sharp focus on artifact management. You’ll get a front-line view of how threats are evolving, how cybersecurity is reshaping security priorities, and what real-world strategies teams are using to lock down the full artifact lifecycle.

Topics will include
<ol>
<li>How attackers are targeting the software supply chain — and where your blind spots are; from tampered images to compromised CI/CD workflows, we’ll unpack real-world examples of how artifacts are being exploited — and why containers, public registries, and unsigned packages are common weak points</li>
<li>What a secure artifact lifecycle looks like in practice; learn the technical building blocks of a secure pipeline: signing, provenance via SLSA, tamper-proof storage, and enforcing policies without adding friction to dev workflows</li>
<li>How SBOMs and attestations create real visibility and trust. We’ll show how to integrate SBOMs and signed metadata into your pipeline for traceability — without slowing teams down</li>
<li>How to move toward zero-trust for artifacts - explore how forward-thinking teams are adopting cryptographic verification, trusted sources, and immutable audit logs to lock down the full software delivery process</li>
</ol>

State of the Union: Modern security approaches for the Software Supply Chain

Docker

Explore Helm chart security risks, real attacks, and vulnerabilities - learn how misconfigurations and dependencies threaten Kubernetes deployments.

As Kubernetes adoption grows, Helm charts have become a go-to for app deployment - but they come with security risks. Public charts often include misconfigurations, insecure defaults, and vulnerable dependencies, opening the door to privilege escalation, data leaks, or even full-cluster compromise.

This webinar explores the evolving threat landscape around Helm charts in public repositories. From real-world incidents, like the Codecov supply chain attack, to hypothetical attack vectors like "ChartSploit", we highlight how seemingly benign configurations can be exploited. You'll gain insights into the anatomy of vulnerable charts, key risk areas such as RBAC misconfigurations and dependency vulnerabilities, and what recent CNCF data tells us about industry-wide exposure.

More Trust, Less Boo! Haunt-Free Deployments with Cloudsmith & Kusari

Things you'll learn

Speakers

Summary

Unlocking Software Integrity: Native Signing & Policy Enforcement

From AI to Scalability: 2025 Trends in Artifact Management

State of the Union: Modern security approaches for the Software Supply Chain

Identifying vulnerabilities in public Kubernetes Helm charts