Unlocking Software Integrity: Native Signing & Policy Enforcement for Real-World CI/CD Pipelines
Secure your CI/CD pipeline with Cloudsmith and Chainguard. This session will show you how to embed native artifact signing and enforce security policies within your workflows, enabling fast, trusted shipping without compromise.
Things you'll learn
- How to integrate open-source tools to sign and verify artifacts in your pipeline
- Practical policy enforcement strategies to prevent unverified software from reaching production
- Best practices for managing and storing signed artifacts across your CI/CD workflow
- How to maintain compliance and traceability with audit logs and tamper-proof metadata
Speakers
Summary
Join us for a hands-on session on securing modern CI/CD pipelines through native signing and real-time policy controls. With software supply chain threats escalating, it’s critical to ensure only trusted, verifiable artifacts reach production. This session will show you how to integrate signing, provenance tracking, and policy checks directly into your CI/CD workflows - without slowing down delivery.
See how Cloudsmith and Chainguard are advancing DevSecOps with end-to-end artifact security, SBOM integration, and policy-driven CI/CD pipelines. You’ll leave with actionable tools and proven strategies to harden your pipeline and ship with confidence.
