Cooldown policies now support NuGet
You can now apply cooldown policies to NuGet packages, protecting your supply chain from newly published versions that may carry malware or have not yet undergone sufficient community scrutiny…
You can now apply cooldown policies to NuGet packages, protecting your supply chain from newly published versions that may carry malware or have not yet undergone sufficient community scrutiny…
You can now apply cooldown policies to Go packages, protecting your supply chain from newly published versions that may carry malware or have not yet undergone sufficient community scrutiny…
Custom key-value metadata can now be attached to any package in Cloudsmith, making it possible to store structured contextual data - CI build info, Git provenance, compliance evidence, cost attribution - directly alongside the artifact it describes…
You can now host and distribute your machine learning (ML) models and datasets using Cloudsmith. This brings the same security, governance, and cloud-native performance you already rely on for packages, containers, and binaries to your AI workflows…
Cloudsmith now detects malicious packages using data from OSV.dev and the OpenSSF Malicious Packages project so you can see, stop, and govern open source packages designed to attack your supply chain before they reach your builds or customers…
Identify and prioritize new vulnerabilities in your existing artifacts with Cloudsmith’s Continuous Security. Continuous Security runs hourly checks against trusted vulnerability data sources, enabling faster detection and response to newly disclosed threats without the need for manual re-scans…
You can now use package license data in Enterprise Policy Management (EPM) to create policies based on a package’s software license. This lets you automatically govern license usage in line with your organization’s policies, giving you direct control over which packages are approved for use in your software supply chain…
You can now use Broadcasts to distribute your open-source packages, with separate allowances and usage designed to support maintainers and communities building in the open…
We've introduced Client Logs into the new web app user interface, delivering a significantly improved experience for gaining visibility into package usage across your Cloudsmith workspace. Previously available in our legacy UI, Client Logs is now more performant, accessible, and interactive. This allows you to visualize, filter, and export information to better understand how your packages are consumed, whether by CI/CD pipelines, IDEs, or external consumers…
Cloudsmith’s Enterprise Policy Management (EPM) now supports the Exploit Prediction Scoring System (EPSS), a data-driven metric designed to estimate the probability of a software vulnerability being exploited in the wild…