Managing dependencies is a fact of life in modern software development. But at Cloudsmith, we’re focused on ensuring that the process is as painless as possible.
To that end, we’re delighted to announce both upstream proxying and caching for Maven packages. Together they mean simpler, more reliable integration of third party packages into the development process. Better software, faster.
In the simplest terms, upstream proxying means Cloudsmith is now your single point of contact for all Maven packages or dependencies. By proxying upstream dependencies located in Maven Central (the ‘accepted’ central repository for Java packages), Cloudsmith enables your organization, and your build systems, to deal with a single point of contact (us) rather than having to build and manage multiple integrations.
To put that another way, if your build requires any specific dependency, and informs Cloudsmith of that requirement, we will find that dependency upstream and proxy within our platform. This ensures that the dependency is made available to your organization in the same way that every other package, dependency or asset within Cloudsmith is.
This process is completely transparent and controllable to the Cloudsmith customer. You determine ahead of time which repositories you want Cloudsmith to check, and the precedence or priority between them. We also allow our users to specify what to do in the event of upstream failure - whether to retry, and after what period of time.
All in, upstream proxying is one more step in ensuring that dependencies are available when you need them, and available through Cloudsmith: meaning simpler integration and faster builds.
A step further, if you like, is caching. This involves Cloudsmith locating, downloading and storing dependencies within the Cloudsmith environment. So in other words, rather than act as a go-between Cloudsmith does the whole job.
This can have many benefits, but primary among them are:
Guaranteed great performance. Cloudsmith ensures lightning-fast delivery to any location on the globe - not something you can take for granted when integrating packages from public repositories.
Control: storing packages and dependencies within Cloudsmith gives you a greater ability to scan for vulnerabilities, check licensing implications, and monitor where and how packages are used. These things are not possible (or are at least difficult) when integrating straight from public repositories.
Caching gives you all these advantages, but you can still define when Cloudsmith goes looking for a new version of any given package before bringing it into your own private repository, so you lose no control when it comes to precisely how Cloudsmith and Maven Central interact.
Together, these new features bring Cloudsmith closer than ever to our goal: becoming a single source of truth for all the software assets an organization uses. By providing a single integration for all packages and dependencies we greatly improve the reliability and simplicity of development and deployment processes. And by bringing all assets together within the Cloudsmith environment we allow for greater levels of control and security than ever before.