Cooldown policies now support NuGet
You can now apply cooldown policies to NuGet packages, protecting your supply chain from newly published versions that may carry malware or have not yet undergone sufficient community scrutiny…
You can now apply cooldown policies to NuGet packages, protecting your supply chain from newly published versions that may carry malware or have not yet undergone sufficient community scrutiny…
Cloudsmith has joined the GitHub secret scanning partner program. This integration helps prevent unauthorized use of your API keys by automatically detecting exposed keys before they can be exploited…
We’ve added support for PEP-658, allowing Python package clients to fetch only metadata from the Simple API during dependency resolution…
You can now apply cooldown policies to Go packages, protecting your supply chain from newly published versions that may carry malware or have not yet undergone sufficient community scrutiny…
Cloudsmith now handles authentication for Docker Hub and Docker Hardened Images (DHI) upstreams using a managed token, removing the need to supply your own credentials during setup. Authenticated requests receive a higher rate limit than anonymous access…
Cloudsmith Docs now supports dark mode, reducing eye strain when moving between the product and documentation. Toggle it manually in the footer, or let it follow your system theme…
Custom key-value metadata can now be attached to any package in Cloudsmith, making it possible to store structured contextual data - CI build info, Git provenance, compliance evidence, cost attribution - directly alongside the artifact it describes…
Packages from Debian, Alpine, PyPI, and other ecosystems that use native version ranges are now matched against a broader set of OSV advisories, building on existing coverage for SemVer-based ranges…
Cloudsmith's Terraform provider (v0.0.75) now supports full lifecycle management of policies and policy actions as code…
Two additional policy evaluation triggers are now available, ensuring that policies are enforced consistently across repositories without manual intervention…