You can now easily host signed SBOMs alongside your OCI artifacts in Cloudsmith, and use them for incident investigations and run-time protection, further securing your software supply chain. SBOMs are fundamental to software supply chain security, so much so that the Open Source Security Foundation included "SBOMs Everywhere" as one of the 10 str…
At Cloudsmith, our mission is to be the universal package management solution for teams and enterprises. As a result, we continually expand and improve the package formats we support. We are delighted to be able to introduce support for public and private Conda package repositories. You can now securely host your Conda packages alongside other pac…
Good news! We've added support for Cosign to the Cloudsmith OCI registry. Cosign is part of the open-source project sigstore, which makes it easy for developers to sign releases and for users to verify them. With this integration, Cloudsmith customers can sign OCI artifacts using Cosign, and push the generated signature into Cloudsmith to be store…
We have always been big fans of Dart and what the Google Dart team has been trying to achieve. In fact, Cloudsmith was the first package management product to announce support for Dart packages in private repositories. With that in mind, we are happy to announce improvements to our Dart package support. Consulting with the Google Dart team on the…
Good news! We have added additional functionality to the Cloudsmith API and CLI to enable you to search for dependencies (such as the ever-dreaded log4j) across packages stored within Cloudsmith repositories.
The syntax is dependency:
One of the features our customers have requested is the ability to sort packages when querying via the Cloudsmith API. Good news everyone - we can now offer that functionality! What does this mean for me? By default we will sort packages by the uploaded date descending (the most recently uploaded package first), but what if you wanted to view w…
Our more observant Debian users may have noticed that we rolled out support for acquire-by-hash over the past week - you may have also noticed fewer pipeline disruptions as a result! What does this mean for me? If you're someone spinning many plates, you may have encountered some hiccups with your pipeline when updating your repository whilst sim…
Good news! You can now set a custom support email and URL for your organizations. For error messages when installs or setups go wrong or where we need to communicate an issue to your users, we'll now display your own support email and URL. You can configure it in your org profile settings: For example, if your users use the automated bash installs…
Good news! If you've been looking for an easy method of setting the default access for a repository across your organization, we've got you covered. Introducing repository-level default privileges: These complement the existing default org-wide repository privileges. Such that the privilege for a user is the greatest privilege granted to them via…
More account-based good news! We've surfaced the history of logins for your account: You can find the new information on your account security page, underneath the Session Management, as described previously. In addition to seeing the current sessions, the historical view of logins includes context such as the login method, Geo/IP location and det…
By submitting this form, you agree to our privacy policy
