Operations | Monitoring | ITSM | DevOps | Cloud

npm axios attack - What happened and how to protect your supply chain

100M+ weekly downloads. One compromised maintainer account. A remote access trojan in two active release branches. This is a 30-minute breakdown of the Axios npm supply chain attack – how it happened, why it was hard to detect, and what any engineering team can do right now to reduce exposure. Nigel Douglas, Head of Developer Relations at Cloudsmith, is joined by Jenn Gile, co-founder of Open Source Malware, a community-driven threat intelligence platform focused on malicious open source packages.

Building a secure golden path: Cloudsmith x Octopus Deploy webinar

What does it take to build a "Golden Path" that developers actually want to use? In this expert-led webinar, Cloudsmith and Octopus Deploy team up to explore the missing link in your software supply chain: turning artifact creation and management into an automated, trust-backed journey from source to ship.

Beyond the build: How DataHub uses Cloudsmith to power worldwide software distribution

You’ve built a world-class platform – now how do you get it into the hands of your users without "download friction"? In this video, we look at how DataHub, the leading open source metadata platform, uses Cloudsmith as its cloud-native distribution engine to deliver high-performance software artifacts to a global audience with zero downtime and zero maintenance.

The modern JFrog alternative: Why ConstructConnect switched to Cloudsmith

Is your artifact management slowing down your development velocity? In this video, we dive into how ConstructConnect migrated from JFrog Cloud to Cloudsmith–the world’s leading cloud-native artifact management platform–to eliminate hidden costs, simplify their CI/CD pipelines, and secure their software supply chain.

Stop Managing Infrastructure: How BHS Corrugated Scaled Artifact Management with Cloudsmith

Are you spending more time maintaining your artifact servers than building software? In this video, we explore how BHS Corrugated–a global leader in manufacturing technology with a presence in 20 countries–transformed their developer experience by moving from fragmented, self-hosted GitHub repositories to Cloudsmith: the world’s leading cloud-native artifact management platform.

Introduction to Cloudsmith: Platform Overview

Learn how to control, secure, and distribute software artifacts with this full on-demand platform demo of Cloudsmith. In this video, Solutions Engineers Dan and Ciara walk you through key features, including web app setup, logging, policy enforcement, signing, and global distribution. Through live demos, you'll see how to integrate Cloudsmith into your CI/CD pipeline, enforce security and compliance, control access with entitlement tokens, and automate everything using the API.

Risk and the problems of 3rd party software dependencies

Docker's VP of Product, Michael Donovan, discusses the importance of risk management and the security challenges introduced by the scale of 3rd party software dependency in development. See the full webinar: https:/cloudsmith.com/webinars Get to know Cloudsmith: About Cloudsmith We offer the world's best cloud-native artifact management platform to control, secure, and distribute everything that flows through your software supply chain. Cloudsmith operates at enterprise scale, reduces risk, and streamlines builds.

Using a Kubernetes credential provider with Cloudsmith

Join Ian Duffy, Senior Site Reliability Engineer at Cloudsmith, as he discusses using credential providers in Kubernetes to securely pull images from private repositories. Credential providers are a great new feature that appeared in recent versions of Kubernetes. They allow you to pull images using a short-lived authentication token, which makes them less prone to leakage than long-lived credentials - bolstering security in the software supply chain.

DevEx Unpacked 006 - Leadership, Scaling & Serving Developers with Glenn Weinstein

Episode 006: In this episode of DevEx Unpacked, Cloudsmith co-founder Alan Carson sits down with CEO Glenn Weinstein for a deep dive into leadership, growth, and developer-first thinking. Glenn shares his journey from programming on a Commodore PET to founding and selling a startup, his lessons from Twilio, and what drew him to lead Cloudsmith. The two discuss what it takes to build a category-defining company from Belfast, navigating VC funding, and how values like resilience, clarity, and service drive long-term success.

DevEx Unpacked 005 - Secure DevOps, Rego Policies & Growing Cloudsmith with Ciara Carey

Episode 005: In this episode of DevEx Unpacked, Alan Carson chats with Ciara Carey, Solutions Engineer at Cloudsmith, about her career journey from developer to DevRel to her current customer-facing role. Ciara shares real-world insights on software supply chain security, how teams are using Enterprise Policy Management (EPM) to control open source risk, and why Cloudsmith’s cloud-native platform is a game changer for DevSecOps workflows.