Blog | Resources | Cloudsmith

Enterprise-Grade Software Security: Mastering Control Over Your Software IP

Enterprise-Grade Software Security: Mastering Control Over Your Software IP

Enterprises should prioritize securing their software artifacts to protect intellectual property (IP), maintain compliance, and mitigate supply chain risks. A strong security posture requires a deep understanding of access management, distribution controls, compliance enforcement, and software lifecycle governance. This guide explores key principles of software security and best practices that

Streamlining CI/CD Pipelines with Automated Policy Checks

Streamlining CI/CD Pipelines with Automated Policy Checks

Continuous Integration and Continuous Deployment (CI/CD) pipelines power modern DevOps. They enable teams to deliver software faster, with greater reliability and confidence. However, as development accelerates, ensuring security, compliance, and quality becomes increasingly complex. Automated policy checks streamline CI/CD pipelines by addressing these challenges directly. Why Automate Policy

Secure and Compliant Software Delivery with Cloudsmith Policy Management

Secure and Compliant Software Delivery with Cloudsmith Policy Management

Managing software artifacts across distributed teams and complex infrastructures securely demands proactive measures. Robust policy management is the best way to ensure compliance in your software supply chain. Cloudsmith, the leading cloud-native package management platform, can streamline policy management and strengthen security. Let’s explore why policy management matters and

Cloudsmith 2024: By the Numbers

Cloudsmith 2024: By the Numbers

2024 was a year of incredible stories. At Cloudsmith, we had the privilege of being part of our customers' journeys as they reached significant milestones, driving growth, innovation, and strengthened trust across the globe. Our customers led the way, leveraging Cloudsmith’s capabilities to enhance their workflows, scale their

A Year to Remember: Cloudsmith’s Journey Through 2024 🚀🌍

A Year to Remember: Cloudsmith’s Journey Through 2024 🚀🌍

What a year it’s been at Cloudsmith. As we look back on 2024, it’s hard not to feel a sense of pride - and even a little awe - at how far we’ve come. From a scrappy startup to a trusted partner for some of the biggest

Thoughts on Datadog’s new Supply-Chain Firewall

Thoughts on Datadog’s new Supply-Chain Firewall

Last month, Datadog announced an interesting and useful new feature they call the Supply-Chain Firewall (SCFW). It offers a real-time scanning approach that identifies vulnerabilities as developers pull packages from public registries like npmjs. It highlights the broader challenge organizations face when securing their software supply chain: managing risk consistently

Mastering Your JFrog Artifactory Migration: Steps to Success

Artifact Management

Mastering Your JFrog Artifactory Migration: Steps to Success

Migrating from JFrog Artifactory to a new artifact management platform like Cloudsmith can feel like a daunting task. We promise, it’s actually easier and more straightforward than you think! Our experience with other customers has shown that even if you have a complex setup with hundreds of teams and

An image of the new Cloudsmith web app

web app Featured

Launching the new Cloudsmith Web App

After a focused period of design and development, the new Cloudsmith web app is now available to all customers at app.cloudsmith.com. The new web app replaces the existing cloudsmith.io, which will be fully decommissioned in June 2025. Benefits for Cloudsmith Customers The new web app is designed

Elevating Software Distribution with Cloudsmith’s Broadcasts

Elevating Software Distribution with Cloudsmith’s Broadcasts

For organizations, distributing software artifacts effectively is crucial to building strong developer relationships and delivering a seamless experience. Yet, managing and personalizing the distribution of software packages—like SDKs or container images—can be challenging. Cloudsmith, a leader in cloud-native artifact management, has introduced Broadcasts to address these needs. With

Securely Store and Distribute OCI Artifacts

Securely Store and Distribute OCI Artifacts

As containerized environments evolve, effective artifact management is crucial for any organization using Kubernetes or similar ecosystems. Cloudsmith’s container registry now fully complies with the Open Container Initiative (OCI) distribution specification, allowing customers to store, secure, and distribute images and artifacts with greater efficiency. This release marks an evolution

Introducing Cloudsmith’s Advanced Observability Suite for Enterprise Artifact Management

Introducing Cloudsmith’s Advanced Observability Suite for Enterprise Artifact Management

As software complexity advances, understanding what’s happening across every part of your software supply chain becomes crucial. You need to see where artifacts are used, how secure they are, and whether they meet compliance standards. The ability to capture this is known as observability. Observability goes beyond data collection

Introducing Cloudsmith’s Enterprise Policy Manager

Introducing Cloudsmith’s Enterprise Policy Manager

In a rapidly evolving digital environment, organizations across various sectors—including technology firms, financial services, and manufacturing—rely on effective management of software artifacts to secure their software supply chains The risk of supply chain attacks has intensified, revealing vulnerabilities at every stage of artifact management. Compliance breaches, data leaks,

Your Ultimate KubeCon Guide

Your Ultimate KubeCon Guide

KubeCon is almost here, and if this is your first time attending or you’re a seasoned pro, you’re in for a treat! 🎉 Next week, KubeCon will take over Salt Lake City, bringing together the brightest minds in cloud-native tech. Whether you're a developer, engineer, or IT

Integrating Dependabot with Cloudsmith Using OIDC

Integrating Dependabot with Cloudsmith Using OIDC

This guide will walk you through configuring GitHub Dependabot to authenticate with Cloudsmith using OIDC.

GitOps Pipelines with Codefresh and Cloudsmith

Integrations Featured

GitOps Pipelines with Codefresh and Cloudsmith

Integrating Cloudsmith, a cloud-native artifact management platform, with Codefresh enhances your CI/CD workflows in several significant ways. Read this blog to learn more about this powerful combination, and its automation of artifact handling and simplification of deployments!

"Cloud Native" - Why it matters?

Cloudsmith Featured

"Cloud Native" - Why it matters?

The difference between "Cloud Native" and "Cloud Hosted" products lies in their architecture, design philosophy, and how they leverage cloud infrastructure. Let’s break down the key distinctions.

What happens when you upload a Package?

What happens when you upload a Package?

Packages in Cloudsmith repository are so much more than just “bits on disk”, and treating them as such is really doing them a disservice!

Cloudsmith is headed to Salt Lake City for KubeCon North America 2024

Cloudsmith is headed to Salt Lake City for KubeCon North America 2024

The Cloudsmith team is heading to KubeCon / CloudNativeCon North America in Salt Lake City, Nov ember 13-15.

How to Manage Your Package Promotion Workflows with Cloudsmith

How to Manage Your Package Promotion Workflows with Cloudsmith

Package promotion workflows are a great way to isolate and protect production repositories away from public upstreams, so they only receive clear and vetted packages.

Level up your private npm registries in Deno with Cloudsmith

Level up your private npm registries in Deno with Cloudsmith

We’re excited to announce that Deno, the modern JavaScript and TypeScript runtime, now supports private npm registries. You can now leverage Cloudsmith to securely host and share your npm modules directly within your Deno projects.

Reflecting on ShipItCon 2024: High-performing teams need flow

Reflecting on ShipItCon 2024: High-performing teams need flow

ShipItCon, one of Europe’s most vibrant indie tech conferences, just wrapped up in Dublin last week. It brought together software engineers and technologists to tackle a central theme - Flow.

Announcing the Release of Cloudsmith CLI GitHub Action 🚀

Announcing the Release of Cloudsmith CLI GitHub Action 🚀

We just released the Cloudsmith CLI GitHub Action. This new GitHub Action simplifies the process of installing and pre-authenticating the Cloudsmith CLI using OpenID Connect (OIDC) or an API Key. Whether managing packages, pushing artifacts, or automating your CI/CD workflows, this action is designed to streamline your experience and

Cloudsmith CEO Glenn Weinstein chatting with team

What Makes Cloudsmith Special: Reflections on 1 Year as CEO

Find out what Glenn sees as Cloudsmith's three winningest characteristics as he looks back on his first 12 months as CEO.

Using Cloudsmith as a Dependency Firewall

Using Cloudsmith as a Dependency Firewall

Cloudsmith does more than store and manage artifacts. It protects them, too. In this article, we explain how you can prevent software supply chain threats by using our platform as a vital isolation layer between your binaries and risks in public open source repositories.

blue and green graphic

5 Lessons on the Evolution From DevOps to Platform Engineering

Get the highlights from our July webinar on platform engineering, featuring senior Cloudsmithers and Humanitec's Luca Galante.