Cloudsmith Changelog

RSS Feed
Early access

Malicious package detection

Cloudsmith now detects malicious packages using data from OSV.dev and the OpenSSF Malicious Packages project so you can see, stop, and govern open source packages designed to attack your supply chain before they reach your builds or customers…

Enforce license compliance with Enterprise Policy Management

You can now use package license data in Enterprise Policy Management (EPM) to create policies based on a package’s software license. This lets you automatically govern license usage in line with your organization’s policies, giving you direct control over which packages are approved for use in your software supply chain…

Streamlined access to Client Logs via our web app

We've introduced Client Logs into the new web app user interface, delivering a significantly improved experience for gaining visibility into package usage across your Cloudsmith workspace. Previously available in our legacy UI, Client Logs is now more performant, accessible, and interactive. This allows you to visualize, filter, and export information to better understand how your packages are consumed, whether by CI/CD pipelines, IDEs, or external consumers…

Introducing native Swift signing

Cloudsmith has extended our Swift support to include the native signing of Swift packages. This update brings seamless, secure, and high-performance signing capabilities directly to iOS developers, eliminating the need for third-party workarounds or custom implementations…

Introducing API Key Policy

If your organization has a policy to rotate API keys, Cloudsmith can now help you enforce this using our API Key Policy, a new policy type for Ultra customers. Using this policy you can: Specify a maximum age for API keys throughout all accounts in your workspace. Enforce optional automatic API key refresh, which will automatically refresh any A…

Build on Chainguard Registry Images in Cloudsmith

We are happy to announce that Cloudsmith now supports the Chainguard Registry as an upstream source for container images. 🎉 Chainguard, a Docker Verified Publisher, offers Chainguard Images, which are minimal, hardened container images with impressive features: (Mostly) zero CVEs 💜 Includes SBOMs and signatures ✏️ Many images are distroless,…

Showing 1 to 10 of 14 results
Keep up to date with our monthly product bulletin