Changelog/New

Enforce policies before any package download, even from proxied upstream registries

Jun 24 2025

Cloudsmith now gives you stronger control over your software supply chain by blocking downloads of any package that doesn’t pass your organization's security and compliance policies, including packages fetched from upstream registries.

Until now, Cloudsmith applied policy enforcement after the first download of a package proxied from an upstream registry. The package would be served immediately, and if the upstream source was configured to proxy and cache, the package would then be scanned and checked for policy violations. This behavior was intentional. It let customers prioritize speed for their developers while building workflows that protected production environments from vulnerabilities. Subsequent requests for the package would be subject to policy checks.

As awareness of software supply chain risks has grown, customers are now looking to extend the same level of protection to every touchpoint, including developer machines, starting from the very first download.

Now, you can configure Cloudsmith to delay that first download entirely, preventing developers and build tools from downloading a vulnerable or non-compliant package.

What’s changed?

This new enhancement to policy management acts as an important checkpoint option for all proxied package downloads. Here’s how it works:

  • Delayed Package Downloads: Any download request for a package that is not yet in your Cloudsmith repository and needs to be fetched from an upstream source, will be delayed until the package has been scanned, synchronized, and evaluated against your organization and repository policies.
  • Enhanced Security: This feature ensures that only packages that have successfully passed all policy checks can be downloaded by developers or build pipelines, significantly enhancing the integrity and security of the packages served.

Early Access Program

We are launching this new option in early access to all current Ultra plan customers to gather valuable feedback from our users and ensure it meets their needs. Your input will be crucial in refining and perfecting this and future enhancements to our policy management features.

Get Started

Reach out to us in order to start using this new feature and take your policy management to the next level.


Other logs

01/06
Improvement

Keep only what matters using search-based retention rules

You can now use Cloudsmith’s package search syntax to refine the scope of your repository's retention rules when configuring them via the Cloudsmith API. This flexible query language lets you filter packages by tag, version, downloads and more, making it easier to target exactly which packages to keep or remove…

Jun 19 2025
New

A simpler way to install the Cloudsmith CLI with Homebrew

Cloudsmith’s CLI is now available as an official Homebrew tap, making installing the Cloudsmith CLI straightforward and quick. For developers already using Homebrew, simply add the tap and install the CLI. Since Homebrew manages dependencies, you don’t need to install or manage Python yourself. Homebrew takes care of it for you. Getting started F…

Jun 13 2025
New

Improved support for Helm Charts with native OCI integration

You can now publish and manage Helm charts in Cloudsmith using modern OCI-based workflows. Charts pushed via Helm V3 to our OCI-compatible registry are correctly identified in the UI and supported through a new dedicated endpoint: helm.oci.cloudsmith.io. These improvements build on our full support for OCI v1.1 compliance and make adopting Helm’s latest distribution model easier…

Jun 12 2025
Keep up to date with our monthly product bulletin

By submitting this form, you agree to our privacy policy