Detect and prioritize new vulnerabilities faster with Continuous Security

Identify and prioritize new vulnerabilities in your existing artifacts with Cloudsmith’s Continuous Security. Continuous Security runs hourly checks against trusted vulnerability data sources, enabling faster detection and response to newly disclosed threats without the need for manual re-scans. Each finding includes an Exploit Prediction Scoring System (EPSS) score so you can quickly gauge real-world exploit likelihood and respond accordingly.

EPM Policies are continuously evaluated
EPM Policies are continuously evaluated

What’s new

  • Proactive threat detection: Hourly updates flag new threats affecting artifacts already in your repositories, reducing the time between disclosure and detection.
  • Automated governance with Enterprise Policy Management: Vulnerabilities identified by Continuous Security can be managed and actioned using EPM and policies-as-code (Rego-based syntax), preventing downloads or tagging risky artifacts.
  • No change to existing scanning: The standard vulnerability scanning functionality remains unchanged. Continuous Security acts as an additional, proactive layer of security and does not replace or alter the behavior of the existing on-demand and on-upload scanning processes.
  • Broad format support: This new capability is available for all package formats supported by standard vulnerability scanning.
  • Trusted data sources: Continuous Security aggregates data from trusted and reputable sources:
    • Aqua Trivy DB (refreshed every 6 hours)
    • Exploit Prediction Scoring System (EPSS) (refreshed every 24 hours)

Continuous Security is a fundamental component of our Enterprise Policy Management (EPM) suite. It is available in Early Access for all workspaces where EPM has been enabled.

Learn more about Continuous Security in Enterprise Policy Management in our documentation. Interested in Early Access for Enterprise Policy Management? Contact us.

Keep up to date with our monthly product bulletin