Cloudsmith

1.3K posts

Cloudsmith banner
Cloudsmith

Cloudsmith

@cloudsmith

Ship trusted software, fast. Cloud-native artifact management for the AI era — security enforced before packages reach your build environment.

The Cloud (obviously) Katılım Ekim 2015
612 Takip Edilen1.1K Takipçiler
Cloudsmith
Cloudsmith@cloudsmith·
Attackers didn't need a fake package this time. They hijacked #AsyncAPI's own CI/CD pipeline and shipped the malware through the real one – 2.9 million weekly downloads before anyone caught it. Full attack breakdown: cloudsmith.com/blog/inside-th…
English
0
0
1
32
Cloudsmith
Cloudsmith@cloudsmith·
A look at everything we shipped in Q2 2026, from connected repositories and policy automation to upstream improvements, package recovery, and more: in Q2🚀 cloudsmith.com/blog/what-clou…
English
0
1
1
26
Cloudsmith
Cloudsmith@cloudsmith·
Every container inherits its base image. If that image carries unpatched CVEs, your app does too, before you've written a line of code. Here's how to make @wiz_io WizOS hardened images the frictionless default across your org. cloudsmith.com/blog/start-sec…
English
0
0
2
76
Cloudsmith
Cloudsmith@cloudsmith·
Cloudsmith is now a @github secret scanning partner. If your API key ends up in a public repo, GitHub catches it and tells us. One more layer of control over your software supply chain 🛡️ github.blog/changelog/2026…
English
0
1
1
75
Cloudsmith
Cloudsmith@cloudsmith·
The logic is rather simple: if you can compromise the framework itself, you have the ability to compromise highly sensitive infrastructure. Today, it's happened again - this time #Mastra was the target. Full attack breakdown: cloudsmith.com/blog/inside-th…
English
0
0
0
63
Cloudsmith
Cloudsmith@cloudsmith·
Automate now > explain to regulators later. 87 days until the CRA's 24-hour reporting rule kicks in. We broke down what engineering teams should be working towards for compliance. cloudsmith.com/blog/the-eu-cy…
English
0
0
1
55
Cloudsmith
Cloudsmith@cloudsmith·
Move fast (with guardrails).
English
0
1
1
50
Cloudsmith
Cloudsmith@cloudsmith·
AI coding tools are pulling in dependencies faster than any senior engineer can review them. AI's speed, matched with automation, guardrails, and a strong artifact management layer, provides a secure development foundation. Here's how we think about it. ↓
English
0
0
1
35
Cloudsmith
Cloudsmith@cloudsmith·
Are you at PlatformCon London? Join Spacelift and Cloudsmith TONIGHT at F1 Arcade London for an evening where competitive racing meets DevOps and platform engineering. Connect with peers, test your skills on full-spec racing simulators, and explore how to optimize your DevOps for both speed and control. 📅 Date: Wednesday, 25 June ⏰ Time: 7:00 PM - 10:00 PM BST 📍 Location: F1 Arcade London - 1 New Change, London EC4M 9AF, United Kingdom 🔥 Space is limited—reserve your spot now! 🔥 👉 events.spacelift.io/iac-grand-prix… See you there!
Cloudsmith tweet media
English
0
1
4
1.1K
Cloudsmith
Cloudsmith@cloudsmith·
Is your Helm a risk? 🔍 If your business or open-source project relies on Helm charts, join Nigel Douglas, Head of Developer Relations at Cloudsmith, in a hands-on, virtual workshop during PlatformCon 2025: "What Supply Chain Risks Are Hidden in Your Helm Charts?" Join this hands-on workshop to explore real-world Helm vulnerabilities and learn practical strategies to automate and strengthen your Kubernetes security posture. Reserve your spot 👉 platformcon.com/sessions/what-… 🗓️ Friday, 27 June at 4:00 PM BST / 11:00 AM EST 📍 Virtual #PlatformEngineering #PlatformCon2025 #KubernetesSecurity #Helm
Cloudsmith tweet media
English
0
1
4
824
Cloudsmith
Cloudsmith@cloudsmith·
We're thrilled to be part of PlatformCon 2025, the world’s largest platform engineering conference! This year, we're bringing two high-impact virtual talks to the stage 💥 More Than Code: How Culture Defines Platform Success Explore how team culture, not just tooling, shapes the true success of platform engineering 🌟 Artifact Management Unleashed: Powering Your Packages at Lightning Speed Discover how to optimize package delivery and streamline your artifact workflows for peak performance 🚀 This week only, PlatformCon attendees can enter to win a $250 gift card at the end of each talk! Watch now: cloudsmith.com/events/confere… #PlatformEngineering #PlatformCon25
Cloudsmith tweet mediaCloudsmith tweet media
English
0
0
3
403
Cloudsmith
Cloudsmith@cloudsmith·
🌍 Cloudsmith is proud to sponsor PlatformCon 2025 - the worlds biggest platform engineering event! Join us for a full week of all things platform engineering—including free virtual sessions packed with insights into cloud-native artifact management at scale 🚀 Here’s what we’re bringing to the table: 💡 23-27 June | 2 Virtual Talks • More Than Code: How Culture Defines Platform Success — Explore how platform strategy aligned with company goals enables empowered engineering teams. • Artifact Management Unleashed: Powering Your Packages at Lightning Speed — Discover how smart caching and optimized registry access can supercharge your package delivery. 🇬🇧 25 June | London Live Day - Booth 8 • Stop by Booth 8 to see why Cloudsmith is the world’s best cloud-native artifact management platform—fully managed, built for scale, and designed to secure and streamline everything in your software supply chain. • Get hands-on with the Cloudsmith platform, enter to win great prizes, and take home great swag! 🗓️ When: Wednesday, 25 June 📍 Where: Convene Sancroft, St. Paul's - London 🛠️ 27 June | Virtual Workshop • What Supply Chain Risks Are Hidden in Your Helm Charts? — A hands-on deep dive into vulnerabilities, attack scenarios, and best practices for securing Helm charts, ensuring supply chain security and compliance. 👉 Learn more & explore our sessions: cloudsmith.com/events/confere… #PlatformEngineering #PlatformCon25 #ArtifactManagement
Cloudsmith tweet media
English
0
0
2
242
Cloudsmith retweetledi
grlx / stateful server enjoyer (same thing)
Happy to announce grlx is now being built and distributed with @GoReleaser ! In addition to our official alpine packages, we are now offering aur packages for archlinux as an official distribution channel. .deb and .rpm packages are coming soon on @cloudsmith
English
1
5
6
582
Cloudsmith
Cloudsmith@cloudsmith·
Look familiar? If you’d like a refresher on best practices for tackling Poisoned Pipeline Execution, we’re running through OWASP’s CI/CD Top 10 risks with advice on how to deal with these types of unauthorised executions. Check out Part 4: cloudsmith.com/blog/owasp-ci-… Download the free guide: cloudsmith.com/campaigns/guid…
Cloudsmith tweet media
English
0
0
1
147