Cloudsmith Changelog

Cloudsmith’s Enterprise Policy Management (EPM) now supports the Exploit Prediction Scoring System (EPSS), a data-driven metric designed to estimate the probability of a software vulnerability being exploited in the wild…

Cloudsmith has extended our Swift support to include the native signing of Swift packages. This update brings seamless, secure, and high-performance signing capabilities directly to iOS developers, eliminating the need for third-party workarounds or custom implementations…

Cloudsmith will now automatically generate a Cosign signature when you upload a container image, eliminating the need for manual key management. This simplifies image signing, making it easier to implement image verification in your workflows…

If your organization has a policy to rotate API keys, Cloudsmith can now help you enforce this using our API Key Policy, a new policy type for Ultra customers. Using this policy you can: Specify a maximum age for API keys throughout all accounts in your workspace. Enforce optional automatic API key refresh, which will automatically refresh any A…

We are happy to announce that Cloudsmith now supports the Chainguard Registry as an upstream source for container images. 🎉 Chainguard, a Docker Verified Publisher, offers Chainguard Images, which are minimal, hardened container images with impressive features: (Mostly) zero CVEs 💜 Includes SBOMs and signatures ✏️ Many images are distroless,…

In our continuous quest to enhance your development experience, we're thrilled to unveil our latest innovation – the Recycle Bin feature! Following up on our previous update introducing soft deleted packages, we've listened to your feedback and are excited to take things further. 🌟 What's New? 🎉 The Recycle Bin is a powerful addition to our pla…

Cloudsmith lets you control how your software is licensed by making it quick and easy to add a custom End User Licence Agreement for raw package downloads. And now, you can extend that control to any package format with EULA for entitlement tokens. With this new feature, you can specify that a EULA must be accepted before an entitlement token can…

We believe strongly that a single source for storing, securing, managing, and distributing all software within an organization is the first step to a trusted software supply chain. That's why Cloudsmith aims to support all the languages and package formats our customers use. With that in mind, we are delighted to announce that Cloudsmith now suppo…

Cloudsmith is excited to announce that Policy Management is in early access for customers. With Policy Management, you can automatically quarantine packages based on insights about your software artifacts, ensuring compliance and reducing software supply chain risk. Currently, customers can set license policies and vulnerability policies. License…