How Cloudsmith Helped Protect the Software Supply Chain in 2023
As the "new guy" here at Cloudsmith (I was named CEO in August), I'm learning more every day about how customers use us to protect their software supply chains. We're doing everything we can to give you a single source of truth for every artifact - whether it's an open source package, a Docker container, a Linux image - that enters your software supply chain, and everything that you produce on the other side.
Turns out this is a massive challenge for most software organizations. When developers pull packages from public indexes like npm, pypi, Maven Central, or NuGet, they may be introducing known vulnerabilities into builds, or using code that's no longer actively maintained. It's hard to track and control what's coming in, and what's been permitted to be deployed to your production systems. The bad guys have discovered that the software supply chain has soft spots that can be used to introduce malware.
Cloudsmithers are dedicated to helping DevOps teams manage this end-to-end flow. Our flagship product, Cloudsmith, made great strides in 2023 towards providing a comprehensive solution that lets you keep an eye on every bit & byte that comes in or goes out. Here's a little visual summary of all we've achieved together in 2023:
- We added upstream support for Helm (Kubernetes), Python, and Terraform, meaning that we'll automatically pull and scan these artifacts from public sources when they're available, so you don't have to manually load them into your Cloudsmith repositories
- We improved our Container Registry by optimizing how we handle Docker layer de-duplication
- We added new package format support for Conan (C++)
- We've given customers more security controls with support for OIDC, policy management, allow & deny rules, and audit log exports
- We improved performance for faster caching and downloads
- We improved our Terraform Provider to give you more options to automate your pipelines
- We added new integrations for Roadie service catalogs and DataDog
- We launched Cloudsmith Navigator to help you find the best packages for your project
- And we did it all while maintaining a 97.5% customer support satisfaction score!
And we're just getting started. 2024 will be an even bigger year for Cloudsmith and our ecosystem. We saw a 48% increase this year in overall package download volumes, so we know how much you're counting on Cloudsmith to keep your builds safe and performant. So we promise our customers that we'll deliver more features and support that you need to take control of your software supply chains.
THANK YOU CLOUDSMITH CUSTOMERS!! Tell me how we're doing, or what you need from us in 2024 - ceo@cloudsmith.io.
And if you want to try out Cloudsmith, play around with your personal dev projects to get a feel for how it works, or use us to manage and distribute your open source project - get started at https://cloudsmith.io/user/signup. (It's free for up to 0.5GB of storage and 1GB of bandwidth per month for personal use, or 50GB of storage and 200GB of bandwidth for open-source projects.)
Liked this article? Don\'t be selfish (:-), share with others: Tweet