Auditing and Reporting In Cloudsmith

What software assets does your organization use?

What sounds like a simple question is anything but. If we include every package and dependency that ends up in the code we produce then for most development teams the truthful answer is ‘we don’t know’.

As we’ve said enough times already, that really isn’t good enough anymore. And that’s one of the core motivations behind Cloudsmith. A central private repository provides an ‘isolation layer’ in which everything you use is both stored and controlled. 

Cloudsmith is entirely flexible in terms of how repositories are built and structured. Depending on what is convenient for your organization, you can either build universal repositories in which packages in multiple formats sit side-by-side, or format specific repositories.

But our support for transparency around the use of software assets across the entire organization doesn’t stop there.

Download And Access Logs

By providing a single repository for all your assets, Cloudsmith enables you to check at a glance exactly which individuals and processes are downloading those assets. This can be helpful in a number of ways. It certainly is if you need to quickly establish precisely where any given package may have been used in the wake of identifying a specific vulnerability.

Download logs in Cloudsmith, as shown below, mean you have a record of precisely what is being used where, and by who or what. At any moment you have a full audit trail and detailed information relating to every download of every asset, so you can ensure the right people are accessing the right things in the right way.

We also provide event logs along similar lines, so you can keep a handle of any actions against any package within your Cloudsmith environment.

Download logs in Cloudsmith
Download logs in Cloudsmith

Full Statistical Reporting

Beyond granular level access logs, Cloudsmith also supports aggregated reporting around access to each individual repository. This includes download and upload counts and associated bandwidth, plus downloads and uploads reported against geolocation, package type and distribution.

This type of reporting has a variety of uses. For one, it helps manage your account with Cloudsmith and ensure total visibility around usage, which in turn can be used to accurately forecast costs. (Cloudsmith also supports the configuration of retention/lifetime rules, meaning you can automatically delete or move packages after a certain amount of time in order to actively control those costs).

Statistics by Month View
Statistics by Month View

Full statistical reporting also provides key insight around which packages and formats are most popular, plus which are trending up or down in terms of usage. This data in turn can help understand where the business is particularly exposed to one package or package type, or alternatively which packages are being stored and rarely used.

All in, we provide a variety of methods for understanding how your repositories, packages and assets are used. All of them support better, more efficient development and distribution.