You can now host and distribute your machine learning (ML) models and datasets using Cloudsmith. This brings the same security, governance, and cloud-native performance you already rely on for packages, containers, and binaries to your AI workflows…
You can now filter vulnerabilities by Common Vulnerabilities and Exposures (CVE) severity in the package vulnerability view, using the quick filter selectors…
Cloudsmith now detects malicious packages using data from OSV.dev and the OpenSSF Malicious Packages project so you can see, stop, and govern open source packages designed to attack your supply chain before they reach your builds or customers…
You can now use Cloudsmith’s package search syntax to refine the scope of your repository's retention rules when configuring them via the Cloudsmith web application and via the Cloudsmith Terraform provider. This functionality builds on the existing support to scope retention rules by package search syntax via the API, and makes it easier to target exactly which packages to keep or remove…
Today we are releasing a refreshed and re-architected documentation website for Cloudsmith…
We've reduced the delay between a download event and its appearance in Client Logs, giving you faster visibility into your package delivery pipeline. This makes it easier to analyze trends, troubleshoot issues, and keep your workflows moving…
As part of upcoming improvements to our logging pipeline, we’ve made adjustments to our underlying data processing. These changes include the path and uri fields in the web application and the uri field in Client Logs exports…
Identify and prioritize new vulnerabilities in your existing artifacts with Cloudsmith’s Continuous Security. Continuous Security runs hourly checks against trusted vulnerability data sources, enabling faster detection and response to newly disclosed threats without the need for manual re-scans…
Packages added to Cloudsmith are scanned for vulnerabilities and malware, and passed through our policy engine. When we identify vulnerable packages, we produce and collate a range of descriptive data to help explain those vulnerabilities. Previously, that data was only available in our legacy web app, and more recently via our API. We've now broug…
The official Cloudsmith extension for Visual Studio Code is here. It brings your package visibility workflow directly into the IDE, allowing you to browse and inspect repositories and packages without switching context…
