You can now use quick filters in the package vulnerability view to filter Common Vulnerabilities and Exposures (CVEs) by severity.
The view will still default to ordering vulnerabilities by severity — with Critical issues at the top — but quick filters make it easier to filter directly for High, Medium, Low, or Unknown severities. This helps security teams quickly triage and prioritize, especially when working with artifacts that may have a high number of CVEs (for example, Docker images where the base image alone may contribute a large number).
Cloudsmith now detects malicious packages using data from OSV.dev and the OpenSSF Malicious Packages project so you can see, stop, and govern open source packages designed to attack your supply chain before they reach your builds or customers…
You can now use Cloudsmith’s package search syntax to refine the scope of your repository's retention rules when configuring them via the Cloudsmith web application and via the Cloudsmith Terraform provider. This functionality builds on the existing support to scope retention rules by package search syntax via the API, and makes it easier to target exactly which packages to keep or remove…
Today we are releasing a refreshed and re-architected documentation website for Cloudsmith…
We've reduced the delay between a download event and its appearance in Client Logs, giving you faster visibility into your package delivery pipeline. This makes it easier to analyze trends, troubleshoot issues, and keep your workflows moving…
As part of upcoming improvements to our logging pipeline, we’ve made adjustments to our underlying data processing. These changes include the path and uri fields in the web application and the uri field in Client Logs exports…
Identify and prioritize new vulnerabilities in your existing artifacts with Cloudsmith’s Continuous Security. Continuous Security runs hourly checks against trusted vulnerability data sources, enabling faster detection and response to newly disclosed threats without the need for manual re-scans…
