Our mission at Cloudsmith is to provide development, DevOps, and platform engineering teams with an incredibly powerful, easy-to-use tool for controlling and securing software artifacts globally. We build features with the enterprise in mind–features that provide centralized management and policy enforcement across hundreds of teams and thousands of developers.

We have an ambitious vision to run the world’s software supply chain more efficiently, more securely, and more intelligently than is possible with the traditional set of tools available in our market.

To that end, we made fantastic progress in 2025 in extending the reach of Cloudsmith to organizations new to enterprise-grade artifact management platforms, as well as organizations upgrading from legacy vendors to meet their internal scalability and security requirements. Let’s review some key milestones we achieved in 2025 with our customers and partners.

Company Updates

A peek behind the curtain into the goings-on at Cloudsmith HQ.

Serious Series B

We closed a $23M Series B funding round, led by TCV with participation from Insight Partners and many of our existing investors. This investment reflects the confidence our customers place in Cloudsmith to control their mission-critical software build workloads, as well as the hard work from every Cloudsmither. We’re using the funding to build an even better Cloudsmith that can cover more use cases, handle near-infinite scale, and be the fastest and most reliable solution on the market.

Headcount Boost

We added quite a few Cloudsmithers, increasing our total headcount by 92% in 2025. We’re using all that effort and brainpower to stay on top of the software supply chain security space, so we can help our customers protect their own build pipelines against emerging threats.

“I’d like to thank…”

A couple of notable honors made their way to Cloudsmith HQ this year:

• Northern Ireland Tech Awards 2025: Tech Visionary of the Year – Cloudsmith CTO Lee Skillen.
• Sifted 100 – UK & Ireland Leaderboard 2025: Cloudsmith ranked number 59.

Platform Updates

Ships are nothing new in Belfast, our home city which has a proud shipbuilding history. That said, at Cloudsmith, we prefer to ship code. Here are a few highlights from the new features and capabilities we launched in 2025:

• ML Model Registry: Cloudsmith extends artifact management and governance to ML models and datasets, allowing you to control and manage AI artifacts alongside the rest of your software supply chain. ML models flow through the same access controls, policies, scanning, and audit trails as packages and containers, so adopting AI doesn’t introduce new blind spots or require parallel tooling.
• Enterprise Policy Manager (EPM): Enables you to define policies as code that match how your pipelines and security rules actually work. Policies can incorporate context such as package metadata, vulnerability severity, and licenses, and enforce those criteria before promoting or using artifacts.
• Continuous Security: Automatically checks artifacts for vulnerabilities, malware, and malicious packages on a rolling basis, generating reports hourly. When a new vulnerability is reported against a previously allowed package, EPM triggers a re-evaluation of artifacts against your standing policies and automatically takes actions, such as blocking or quarantining.
• Malware scanning and malicious package detection: Adds malware and malicious package detection to traditional vulnerability scanning, preventing malicious packages from entering repositories or being distributed. This helps teams avoid pulling in unsafe dependencies from upstream sources and reduces the risk of compromised software spreading through CI/CD pipelines or to customers.
• Private Broadcasts: Enable teams to distribute software to customers or partners in a developer-native way, using the same delivery platform and governance they rely on internally, while presenting it through a branded, customer-facing experience. Customers can restrict, audit, and revoke access without setting up parallel systems or losing visibility–so external delivery doesn’t become a security or operational exception.
• Format improvements: We added new upstreams for four supported formats this year (Dart, Rust, Go, Conda), and increased our support for native signing to include Docker, NuGet, and Swift.
• Dark mode: When you want to give your eyes a rest, dark mode is at the ready!

Usage Growth

We know our customers derive business value from Cloudsmith, because they’re building more software with Cloudsmith.

• Total package delivery increased 352% YoY.
• The most popular artifact types were Python, npm, NuGet, rpm, Debian, and Maven, which together made up 90% of all artifact requests.
• The most consumed formats by size (accounting for 90% of total gigabytes delivered) were Docker, Python, raw, npm, and NuGet.
• Docker container image downloads increased by >250%.
  • 💡Interesting fact: In total bytes, Docker image deliveries in the first 10 days of December 2025 was nearly the same as that for the entire month of January 2025.
• npm and Python package delivery requests increased by 400% YoY.

Plays Well With Others: Community, Events, and Integrations

The Cloudsmith platform does a lot of heavy lifting, and it does even more together with our partners. We trotted (a good portion of) the globe and scoured the corners of the internet to deliver a better artifact management experience to developers and organizations alike.

Community and Events

We were active in the developer community in 2025. We sponsored or attended 18 events across North America and Europe, connecting with developers and platform teams in 10 cities at KubeCon + CloudNativeCon, GitHub Universe, PlatformCon, SRECon, and Container Days.

We’re in it for the bright lights and big stages, but some of our favorite moments came from smaller, high-impact community meetups like Kubernetes Community Days in New York and Edinburgh, Cloud Native Dublin, and BSides in our hometown of Belfast.

At every stop, big or small, our goals were to learn from the community, share what we’re building, and help teams ship software with confidence.

Cloudsmith Events by the Numbers

• 18 events
• 16 talks delivered
• 10 cities
• 2 continents

It’s worth noting that Cloudsmithers from all over the world also gathered three times this year in our home city of Belfast for all-hands offsites to learn, share, and grow together.

Integrations and DevEx

We’re developers building for developers. For us, it’s important to improve the developer experience. We built integrations for developer tools this year to make it easier for users to manage and secure their development pipelines. Here are a few highlights from 2025.

• MLFlow plugin: Allows users to manage experiments run on ML models and collaborate in a centralized location for machine learning test cases.
• Datadog: We improved our Datadog integration for better observability and monitoring of how artifacts flow through your software supply chain.
• Chainguard: You can integrate your Chainguard images and libraries, both public and private Chainguard registries, natively with Cloudsmith.
• VS Code extension: Explore and inspect your artifacts from within your VS Code development environment.
• AWS SageMaker: Bringing secure artifact management to machine learning development.
• Renovate: Keep dependencies up to date with Renovate and Cloudsmith.

Customer Support and Success

From initial conversations, to migrations, to ongoing support, Cloudsmithers provide users with the service and attention they need to make artifact management “just work.” Our customer support satisfaction rose to 99.2% in 2025 (up from 96.8% last year!).

Here’s some of our favorite feedback from customers:

"It's rare these days to see this level of support and engagement when dealing with SaaS support."

"I must say that the support we have received from Cloudsmith has been outstanding."

"I feel it’s important to recognise the Cloudsmith team who have been wonderful throughout the whole process...[they] were patient, fun to talk with (just real-human), knowledgeable, flexible, and truly listened to our needs."

We also published new case studies that demonstrate Cloudsmith’s value, showing how the Cloudsmith experience unfolds from the customer’s point of view.

• BHS Corrugated shifted focus from infrastructure to managing artifacts securely with Cloudsmith.
• The New England Center for Children migrated to Cloudsmith and eliminated outages entirely.
• A leading consumer and industrial electronics organization leveraged Cloudsmith’s Enterprise Policy Manager for better package visibility and governance.

What’s Next in 2026

We’re proud of what we helped customers achieve in 2025. And we’re doubling down on our R&D investments in 2026 to deliver an artifact management platform that exceeds anything on the market today.

We want Cloudsmith to be a platform that:

• Takes full advantage of our massive-scale, multi-tenant architecture to deliver previously unthinkable performance and scalability to CI/CD pipelines and IDEs no matter where they’re located.
• Provides practical solutions for securing the enterprise software supply chain from open source vulnerabilities and malicious packages without hindering productivity.
• Works in conjunction with your DevOps stack to deliver a single source of truth for software artifacts, informed by huge public data sets and AI-powered insights.

And we’ll do it all with our ultimate customer–the software developer–foremost in our minds.

Please reach out to me at ceo@cloudsmith.com with your thoughts and suggestions as we seek to build the artifact management platform that the world truly needs.