ON DEMAND / webinar

Unlocking Software Integrity: Native Signing & Policy Enforcement

  • 45 mins

Things you'll learn

  • How to integrate open-source tools to sign and verify artifacts in your pipeline
  • Practical policy enforcement strategies to prevent unverified software from reaching production
  • Best practices for managing and storing signed artifacts across your CI/CD workflow
  • How to maintain compliance and traceability with audit logs and tamper-proof metadata

Speakers

Manfred Moser
Manfred Moser
Senior Principal Developer Relations EngineerChainguard
Liana Ertz
Liana Ertz
Product ManagerCloudsmith
Mark McMurray
Mark McMurray
Senior Software EngineerCloudsmith

Summary

Join us for a hands-on session on securing modern CI/CD pipelines through native signing and real-time policy controls. With software supply chain threats escalating, it’s critical to ensure only trusted, verifiable artifacts reach production. This session will show you how to integrate signing, provenance tracking, and policy checks directly into your CI/CD workflows - without slowing down delivery.

See how Cloudsmith and Chainguard are advancing DevSecOps with end-to-end artifact security, SBOM integration, and policy-driven CI/CD pipelines. You’ll leave with actionable tools and proven strategies to harden your pipeline and ship with confidence.