Join Mike and Dan McKinney from Cloudsmith in discussing SBOM for applications, along with cloud-native tooling for software supply chains. Delve into provenance history, GPG Keys, commit signing, package consumption, threat modeling, and roles in asset security.

Dan McKinney

<p>In this segment, Mike and Dan McKinney from Cloudsmith will be discussing SBOM and what that looks like for your applications. Other topics include: cloud-native tooling for your software supply chain, the history of provenance, GPG Keys &amp; signing commits, package consumption, understanding threat modeling, and knowing the roles and responsibilities when it comes to security of your assets. </p>


A Standardized Approach to SBOM

Topic

Discover how Cloudsmith's newly released support for Swift can revolutionize the way Swift developers manage dependencies.

Dave Verwer

Co-creator

Liana Ertz

Product Manager

Dom Katavic

Senior Software Engineer

Special guest Dave Verwer, co-creator of the Swift Package Index, will join us to discuss his role in developing the Swift Package Index for the community and the potential future of a Swift package registry. 

We will showcase Cloudsmith's newly released support for Swift, highlighting features like package hosting, vulnerability scanning, dependency management, and policy management. Discover how Cloudsmith's new capabilities can revolutionize the way Swift developers manage dependencies. Don't miss this opportunity to stay ahead in the ever-evolving world of Swift!




The Future of Managing Swift Dependencies | A New Era for Developers

Swift

Swift Package Index

Dependency Management

Join Cloudsmith and Spacelift on June 5 at 12:00 pm EDT/5:00 pm GMT as we delve into the world of enforcing secure, automated deployment practices through Infrastructure as Code (IaC). 


Emin Alemdar

Solutions Architect

Ciara Carey

Sales Engineer

We are thrilled to welcome Emin Alemdar, Solutions Architect at Spacelift, CNCF Ambassador, AWS Container Hero, and holder of multiple certifications (CKA, CKS, and 6x AWS Certified), as our guest speaker.

Emin will share invaluable insights on streamlining infrastructure management with Spacelift's sophisticated CI/CD platform, which supports various IaC tools, including Terraform, Pulumi, and Kubernetes. 

Key topics include: 
- What is Infrastructure as Code (IaC)? 
- How tools like Terraform can help with automating IaC? 
- Best practices for ensuring secure and automated IaC deployments. 
- How Cloudsmith's seamless integration with Helm and Terraform simplifies artifact management, aligning with industry standards for security and automation.


Enforce Secure Automated Deployment Practices through IaC

Best Practices

Automation

DevOps

Check out how to reduce the risk of data breaches by removing long-lived credentials from your CI/CD build pipelines using OpenID Connect (OIDC) authentication. 

We are back on May 22nd to see in action how OIDC tokens can provide enhanced security and convenience for your team, eliminating the need for long-lived credentials and reducing the risk of data breaches in your cloud environments. We'll demo how to connect to Cloudsmith to CI/CD pipelines using OpenID Connect (OIDC) authentication. 

Securely Connect Cloudsmith to Your CI/CD with OIDC Authentication

OIDC authentication

Zero Trust

Join Cloudsmith & guest Rob Godfrey, Senior Technical Architect at Financial Times, for DevOps Debriefs: discussing authentication's role in pipeline security. Find out how FT reacted to the CircleCI breach & how Cloudsmith's support of OIDC improved supply chain visibility

Rob Godfrey

Senior Technical Architect

In our first episode of DevOps Debriefs, join Cloudsmith and special guest Rob Godfrey, Senior Technical Architect at the Financial Times (FT) for a discussion on the crucial role of authentication and credential management in ensuring software pipeline security.

We’ll discuss:
Innovative strategies that empowered the Financial Times team to overcome software supply chain risks in their pipelines.
How the team responded to the fallout of the CircleCI breach.
Insights into the challenges and triumphs as the Financial Times fortified its pipelines against potential risks.
The pivotal role of Cloudsmith in supporting FT's adoption of OIDC and providing comprehensive visibility into their entire software supply chain.

DevOps Debriefs: How The Financial Times Beat Leaks with OIDC

Securing your organizations pipelines

Join Cloudsmith and Chainguard as we talk about the easy way to securely consume Open Source Software (OSS) for your organization using Artifact Management and images with zero vulnerabilities.

Adrian Mouat 

Developer Relations

<p>Join Cloudsmith and Chainguard as we talk about the easy way to securely consume Open Source Software (OSS) for your organization. Discover S2C2F best practices for securely consuming OSS and understand how Cloudsmith’s Cloud Native Artifact Management aligns with these standards. Learn about Chainguard zero CVE images drastically reduce vulnerabilities and image attack surface.</p>


A Standardized Approach to SBOM

Things you’ll learn

Speakers

Summary

Comments

The Future of Managing Swift Dependencies | A New Era for Developers

Enforce Secure Automated Deployment Practices through IaC

Securely Connect Cloudsmith to Your CI/CD with OIDC Authentication

DevOps Debriefs: How The Financial Times Beat Leaks with OIDC

Do You Know How to Securely Consume Open Source?