More events now trigger policy evaluations
Two additional policy evaluation triggers are now available, ensuring that policies are enforced consistently across repositories without manual intervention…
Jun 15 2026
Cloudsmith's Terraform provider (v0.0.75) now supports full lifecycle management of policies and policy actions as code.
We’ve added native Terraform resources and data sources that let you create, configure, and manage policies as code, including Rego rules and associated actions, directly from your infrastructure-as-code workflows.
How it works
Four new Terraform constructs are available:
- cloudsmith_policy: Defines a workspace-scoped policy with a Rego rule, precedence, enabled state, and whether it is terminal in the evaluation chain.
- cloudsmith_policy_action: Attaches one or more actions to a policy (e.g. quarantine a package, add/remove tags, hide a package), each with its own precedence.
- data.cloudsmith_policy: Returns a specific policy by its slug for use as a reference or output.
- data.cloudsmith_policy_list: Queries multiple policies by name pattern or sort order.
See the policy example in the terraform-provider-cloudsmith GitHub repository for an example of a Terraform module that uses the Cloudsmith provider to create:
- A quarantine-on-missing-tag policy
- A tag cleanup policy
- A cooldown policy
To learn more, see the Terraform Registry: Cloudsmith documentation.
Getting started
Policy as code is currently available in early access. If you would like to try this feature, please contact us.
Other logs
01/06
Create and manage connected repositories with Terraform
With the new cloudsmith_connected_repository resource for the Cloudsmith Terraform provider, you can define connected repository configurations in code alongside the rest of your Cloudsmith infrastructure…
Jun 15 2026
Align npm dist-tags with upstream registries
By default, Cloudsmith assigns the `latest` dist-tag to the package with the highest semantic version number, which may not match what the upstream registry considers `latest`. A new per-repository setting, npm upstream tags take precedence, lets upstream distribution tags (dist-tags) override Cloudsmith’s semantic versioning (SemVer)-based tag assignment…
Jun 9 2026
Cooldown policies now prevent builds from seeing non-compliant packages
A cooldown policy now filters non-compliant package versions from the repository index before package managers ever see them. This provides both security control and a better developer experience: clean resolution to the next compliant version, no build failures, and no waiting…
Jun 2 2026
Deprecating Cloudsmith CLI action v1
Cloudsmith CLI Action v1 is now deprecated. Security-only patches will continue until 31st December 2026, after which v1 reaches end-of-life (EOL). Migrate to v2 before 31st December 2026 to avoid disruption…
May 8 2026
Version handling improvements
We're rolling out improvements to how Cloudsmith evaluates relational version ranges across the platform to ensure clearer and more predictable results for semantic version searches and version-based ordering…
May 7 2026
Keep up to date with our monthly product bulletin