Secure your CI/CD pipeline with Cloudsmith and Chainguard. This session will show you how to embed native artifact signing and enforce security policies within your workflows, enabling fast, trusted shipping without compromise.

Ciara Carey

Solution Engineer

Alison Sickelka

VP of Product

David Gonzalez

Principal Engineer

Lee Skillen

Chief Technology Officer

Join us for a hands-on session on securing modern CI/CD pipelines through native signing and real-time policy controls.
With software supply chain threats escalating, it’s critical to ensure only trusted, verifiable artifacts reach production. This session will show you how to integrate signing, provenance tracking, and policy checks directly into your CI/CD workflows - without slowing down delivery. 

See how Cloudsmith and Chainguard are advancing DevSecOps with end-to-end artifact security, SBOM integration, and policy-driven CI/CD pipelines. You’ll leave with actionable tools and proven strategies to harden your pipeline and ship with confidence.

Unlocking Software Integrity: Native Signing & Policy Enforcement for Real-World CI/CD Pipelines

CI/CD

DevOps

Software supply chain security is critical, yet artifact management often goes overlooked. Join Docker and Cloudsmith in this live webinar to explore how teams are securing the artifact lifecycle and staying ahead of evolving threats.

Mel Kaulfuss

Containerized software and artifact management processes and technology have become soft spots in your software supply chain security — and attackers know it. From compromised CI/CD workflows to malicious open source packages, the threat surface has expanded — and attackers are increasingly targeting containers, registries, and build pipelines. Yet, many organizations still rely on default configurations, public registries, and unsigned packages — leaving critical blind spots in their security posture.

In this live session, Michael Donovan (VP of Product, Docker), Ralph McTeggart (Principal Engineer, Cloudsmith), and Jack Gibson (Senior Software Engineer, Cloudsmith) will walk through how leading teams are securing their software supply chains — with a sharp focus on artifact management. You’ll get a front-line view of how threats are evolving, how cybersecurity is reshaping security priorities, and what real-world strategies teams are using to lock down the full artifact lifecycle.

Topics will include
<ol>
<li>How attackers are targeting the software supply chain — and where your blind spots are; from tampered images to compromised CI/CD workflows, we’ll unpack real-world examples of how artifacts are being exploited — and why containers, public registries, and unsigned packages are common weak points</li>
<li>What a secure artifact lifecycle looks like in practice; learn the technical building blocks of a secure pipeline: signing, provenance via SLSA, tamper-proof storage, and enforcing policies without adding friction to dev workflows</li>
<li>How SBOMs and attestations create real visibility and trust. We’ll show how to integrate SBOMs and signed metadata into your pipeline for traceability — without slowing teams down</li>
<li>How to move toward zero-trust for artifacts - explore how forward-thinking teams are adopting cryptographic verification, trusted sources, and immutable audit logs to lock down the full software delivery process</li>
</ol>

State of the Union: Modern security approaches for the Software Supply Chain

artifact management

Explore Helm chart security risks, real attacks, and vulnerabilities - learn how misconfigurations and dependencies threaten Kubernetes deployments.

Nigel Douglas

Head of Developer Relations

As Kubernetes adoption grows, Helm charts have become a go-to for app deployment - but they come with security risks. Public charts often include misconfigurations, insecure defaults, and vulnerable dependencies, opening the door to privilege escalation, data leaks, or even full-cluster compromise.

This webinar explores the evolving threat landscape around Helm charts in public repositories. From real-world incidents, like the Codecov supply chain attack, to hypothetical attack vectors like "ChartSploit", we highlight how seemingly benign configurations can be exploited. You'll gain insights into the anatomy of vulnerable charts, key risk areas such as RBAC misconfigurations and dependency vulnerabilities, and what recent CNCF data tells us about industry-wide exposure.

Identifying vulnerabilities in public Kubernetes Helm charts

Helm charts

Kubernetes

In publishing and graphic design, Lorem ipsum is a placeholder text commonly used to demonstrate the visual form of a document or a typeface without relying on meaningful content. Lorem ipsum may be used as a placeholder before the final copy is available.

Past Webinar

Watch this on-demand webinar to explore how data can be leveraged to protect your software supply chain. Learn how to extract actionable insights, enforce data-driven security policies, and enhance auditability with real-world strategies and examples.


Paddy Carey

Dan McKinney

In today’s rapidly evolving software landscape, organizations face unprecedented challenges in securing their supply chains. With deeper dependency trees, increasing third-party code contributions, and growing threats - from vulnerabilities and misconfigurations to malicious packages and targeted attacks - ensuring security without compromising agility has never been more critical.

Watch this on-demand webinar to explore how data can be leveraged to protect your software supply chain. Learn how to extract actionable insights, enforce data-driven security policies, and enhance auditability with real-world strategies and examples.

Gain the knowledge and tools needed to turn data into a powerful defense against ever-evolving threats. Watch now to strengthen your security posture and safeguard your organization’s software ecosystem.

Unlocking Software Integrity: Native Signing & Policy Enforcement for Real-World CI/CD Pipelines

Things you'll learn

Speakers

Summary

State of the Union: Modern security approaches for the Software Supply Chain

Identifying vulnerabilities in public Kubernetes Helm charts

Past Webinar

Putting Your Data to Work to Protect Your Software Supply Chain