SBOMs, CRA compliance, and secure delivery – Cloudsmith x Octopus Deploy

Software supply chains get attacked at the build stage — not just in production. This video covers what it actually takes to build verifiable trust across the full delivery pipeline.

Ralph McTeggart, Principal Engineer at Cloudsmith, walks through the mechanics of securing artifacts from source to deployment. You'll learn what SBOM metadata teams need to capture to satisfy CRA requirements, how artifact signing, provenance, and vulnerability management fit into a compliant pipeline, and how Cloudsmith and Octopus Deploy work together to give engineering teams control at every stage of the lifecycle.

This session covers software supply chain security, SBOM generation, CRA compliance, artifact signing, provenance tracking, vulnerability management, and CI/CD pipeline security for DevOps and platform engineering teams.

This is a clip from the full webinar: Building Trust from Source to Ship, hosted by Cloudsmith and Octopus Deploy.

🔗 Full webinar + resources: https://cloudsmith.com/events/webinars/building-trust-from-source-to-ship-cloudsmith-and-octopus-deploy

More resources:
🔗 Integrating Cloudsmith with Octopus Deploy: https://help.cloudsmith.io/docs/integrating-octopus-deploy
🔗 CRA compliance guide: https://cloudsmith.com/blog/how-to-comply-with-eu-cyber-resilience

Book a demo to see how Cloudsmith secures your software supply chain end to end →
🔗 Book a demo: https://cloudsmith.com/book-a-demo
🔗 Free trial: https://app.cloudsmith.com/signup

#SoftwareSupplyChain #DevSecOps #CRACompliance #Cloudsmith #OctopusDeploy

Видео SBOMs, CRA compliance, and secure delivery – Cloudsmith x Octopus Deploy канала Cloudsmith