Operations | Monitoring | ITSM | DevOps | Cloud

DevEx Unpacked 005 - Secure DevOps, Rego Policies & Growing Cloudsmith with Ciara Carey

Episode 005: In this episode of DevEx Unpacked, Alan Carson chats with Ciara Carey, Solutions Engineer at Cloudsmith, about her career journey from developer to DevRel to her current customer-facing role. Ciara shares real-world insights on software supply chain security, how teams are using Enterprise Policy Management (EPM) to control open source risk, and why Cloudsmith’s cloud-native platform is a game changer for DevSecOps workflows.

DevEx Unpacked 004 - Scaling Startups, Blockchain & Developer Culture with Jack Spargo

Episode 004: In this episode of DevEx Unpacked, Alan Carson chats with Jack Spargo, CTO of Control Alt, about his fascinating career journey from aerospace engineering to leading blockchain-powered investment platforms. Jack shares lessons from being acquired overnight, the challenges of building a platform from scratch, and why he’s betting big on junior engineers and AI augmentation. They explore the realities of compliance, software supply chain security, and why Northern Ireland is fast becoming a serious start-up hub.

DevEx Unpacked 003 - Scaling Cloudsmith, Security Innovation & Developer DNA with Tom Gibson

Episode 003: In this episode of DevEx Unpacked, Alan Carson sits down with Tom Gibson, Principal Engineer and long-time Cloudsmith team member, to trace his journey from early start-up to leading strategic innovation in the CTO’s office. Tom shares behind-the-scenes stories about engineering through scale, building continuous security scanning, and what it takes to evolve a developer-first platform.

DevEx Unpacked 002 - DevRel, Donuts & Distributed Systems with Dan McKinney

Episode 002: In this episode of DevEx Unpacked, Alan Carson sits down with Dan McKinney, one of Cloudsmith’s earliest team members and now Head of Solutions Engineering. Dan reflects on his unique journey from writing docs and filming DevRel videos to leading high-stakes enterprise sales. Discover how Cloudsmith scaled from a two-person start-up to a platform trusted by global enterprises, why software supply chain security is more urgent than ever, and what features make developers and security teams lean in.

OWASP CI/CD Part 6: Insufficient Credential Hygiene

This post, part six of our OWASP CI/CD Top 10 series, looks at some of the common risks associated with Insufficient Credential Hygiene. By better understanding the flaws that affect credential hygiene, we can better understand how even the most sophisticated pipelines were compromised.

DevEx Unpacked 001 - Scaling Secure Software with Alison Sickelka

Episode 001: In this inaugural episode of DevEx Unpacked, host Alan Carson sits down with Alison Sickelka, VP of Product at Cloudsmith, for a deep dive into the evolution of software supply chain security. Alison shares her journey from journalism to product leadership, the unique talent landscape in Belfast, and how Cloudsmith is pioneering secure artifact management. Learn how Cloudsmith's Enterprise Policy Management is shaping compliance strategies, why SBOMs are crucial, and where AI fits in a secure DevOps future.

Secure Docker Image Pulls from Cloudsmith to Kubernetes using OIDC

Pulling Docker images from private registries for containerised applications presents a security challenge. It requires authentication management, network access, and trust across distributed systems. Credentials must be securely handled and rotated, and image pulls can break due to network restrictions or expired tokens. All of this makes deployment and security harder.

OWASP CI/CD Part 5 - Insufficient PBAC

One of the more overlooked yet critical vulnerabilities highlighted in the OWASP Top 10 for CI/CD Security Risks is Insufficient PBAC (Pipeline-Based Access Controls). Let’s unpack what PBAC is, why it's essential, and how you can leverage modern access control tools like Open Policy Agent (OPA) and Rego to mitigate these risks effectively.

Open Container Initiative (OCI) Support in Cloudsmith

Kubernetes has become the de facto platform for orchestrating containers. Open standards complement Kubernetes by defining best practices for its implementation. These standards are developed by the open-source Kubernetes community (not a single vendor), ensuring vendor neutrality, easier integration with other tools, and overall system efficiency.