We’ve added a last_downloaded field to packages in Cloudsmith, extending search-based package retention rules to enable cleanup of unused packages.
This feature allows you to create retention rules that automatically clean up packages in your repository based on usage, rather than just age or count, ensuring you retain only actively used packages.
The new last_downloaded field is available for use in package queries when setting up or modifying retention rules via the Cloudsmith UI, API and Terraform provider. This field is also exposed in the API and UI, and can be used for general package search filtering.
If you want to set up a retention rule that automatically deletes packages older than a year, you can include the following package filter in your retention rule:
last_downloaded:<"now - 366 days"
This functionality is not currently available for Docker images, but Docker support is planned for an upcoming release. Additionally, if a package is only proxied through Cloudsmith and never downloaded from the cache afterward, its total downloads will be 0, and the last_downloaded date will be null.
You can now use the package publish date in Enterprise Policy Manager (EPM) for npm packages. This enables you to define policies that automatically quarantine new packages for a specific time period (e.g., two weeks) after release…
Cloudsmith’s Enterprise Policy Manager (EPM) now leverages Software Bill of Materials (SBOM) data to enable powerful, component-level policies for Docker and OCI container images…
You can now better assess a vulnerability's impact by exploring its key details directly within the vulnerabilities table for a package or container. We've introduced an expanded row layout that shows all available information for a specific finding, helping you make more informed decisions about your response. Additionally, we’ve added CVSS score…
We’ve recently released a set of improvements across the Cloudsmith web app focused on logs, error messaging, and usability…
Monitoring the software licenses in use across your organization is critical, and could help you avoid costly re-work in the future. Cloudsmith's web app now gives you a breakdown of your packages by license, and lists packages with no apparent software license…
You can now use Cloudsmith to proxy and cache packages from public Conda channels (upstreams). This update helps you create a single, reliable source of truth for all your Conda packages, combining your private packages with cached versions of the public upstreams you depend on…
