Speed up Python builds with PEP-658 support
We’ve added support for PEP-658, allowing Python package clients to fetch only metadata from the Simple API during dependency resolution…
Cloudsmith has joined the GitHub secret scanning partner program. This integration helps prevent unauthorized use of your API keys by automatically detecting exposed credentials before they can be exploited.
Cloudsmith issues API keys with a unique prefix. That prefix is registered with GitHub's secret scanning infrastructure, so when a Cloudsmith credential appears in a repo – in source code, a config file, a committed .env, or anywhere else GitHub indexes – GitHub detects and flags those credentials automatically.
If a leak occurs, Cloudsmith notifies the affected user and workspace owners directly to revoke or rotate the compromised key immediately.
Secret scanning runs automatically on public repositories for free. For more information about GitHub secret scanning for private repositories, see GitHub Docs: Secret scanning - How can I access this feature?
We’ve added support for PEP-658, allowing Python package clients to fetch only metadata from the Simple API during dependency resolution…
You can now apply cooldown policies to Go packages, protecting your supply chain from newly published versions that may carry malware or have not yet undergone sufficient community scrutiny…
Cloudsmith now handles authentication for Docker Hub and Docker Hardened Images (DHI) upstreams using a managed token, removing the need to supply your own credentials during setup. Authenticated requests receive a higher rate limit than anonymous access…
Cloudsmith Docs now supports dark mode, reducing eye strain when moving between the product and documentation. Toggle it manually in the footer, or let it follow your system theme…
Custom key-value metadata can now be attached to any package in Cloudsmith, making it possible to store structured contextual data - CI build info, Git provenance, compliance evidence, cost attribution - directly alongside the artifact it describes…
Packages from Debian, Alpine, PyPI, and other ecosystems that use native version ranges are now matched against a broader set of OSV advisories, building on existing coverage for SemVer-based ranges…