Packages added to Cloudsmith are scanned for vulnerabilities and malware, and passed through our policy engine. When we identify vulnerable packages, we produce and collate a range of descriptive data to help explain those vulnerabilities. Previously, that data was only available in our legacy web app, and more recently via our API. We've now broug…
Client log exports now provide a more comprehensive overview of package delivery. In addition to GET requests, client log exports will include other HTTP request types, including HEAD, POST, and OPTIONS requests. This gives you a full view of package delivery, moving beyond just download tracking to include metadata checks and other repository interactions…
Broadcasts now support using your own domain as the endpoint for package distribution, helping you deliver a more consistent and trusted experience for developers and end users…
We have improved sorting and filtering in the new web application, making it easier to manage members, teams and service accounts in Cloudsmith…
Following our announcement last week about our support for the Go Proxy, we have released two new feature enhancements: Caching for Go modules and Proxy to Go Checksum Database…
You can now use Cloudsmith’s package search syntax to refine the scope of your repository's retention rules when configuring them via the Cloudsmith API. This flexible query language lets you filter packages by tag, version, downloads and more, making it easier to target exactly which packages to keep or remove…
We’ve expanded the Cloudsmith Datadog integration to include new metrics and events that give you deeper visibility into your Cloudsmith workspace’s artifact usage, access patterns, and compliance…
As organizations use Cloudsmith to manage increasingly large volumes of packages and metadata, the demands on search have changed. To ensure we provide a performant and reliable search experience for all customers, we’ve moved from an implicit to an explicit search model…
You can now upload and distribute arbitrary files via Cloudsmith Maven repositories, whether pulled from upstream sources or directly uploaded…
We now verify the authenticity of sign-ins from new or unrecognized devices. Because this is a new change, you may be asked to verify a device even if it has accessed Cloudsmith before. By confirming both your login credentials and the device, we help prevent unauthorized access with minimal disruption to your workflow…
