Cloudsmith has extended our support for security scanning to include Dart packages, helping customers who use Cloudsmith for Dart packages ship safe software. Cloudsmith’s security scanning checks for Common Vulnerabilities and Exposures (CVEs). Package vulnerability scanning is a key step in securing your software delivery pipelines, and using pa…
Cloudsmith’s support for Conda repositories now includes the ability to modify Conda repository metadata through repodata patching, giving customers a way to update package dependency constraints without republishing all packages. Repodata patching provides a resolution when updates to a package’s dependencies introduce breaking changes or other i…
If your organization has a policy to rotate API keys, Cloudsmith can now help you enforce this using our API Key Policy, a new policy type for Ultra customers. Using this policy you can: Specify a maximum age for API keys throughout all accounts in your workspace. Enforce optional automatic API key refresh, which will automatically refresh any A…
After a focused period of design and development, the new Cloudsmith web app is now available to all customers at app.cloudsmith.com. The new web app replaces the existing cloudsmith.io, which will be fully decommissioned in June 2025. The new web app is designed to give you a clearer picture of the software flowing into and out of your business:…
Following our announcement of Hex registry support in July 2024, Cloudsmith has extended that support to include upstreams, making Elixir and Erlang package management easier. This support is compatible with any registry that adheres to the v2 registry specification. Highlights Proxying Packages: Directly proxy Hex packages, such as Hex.pm or pri…
Cloudsmith’s container registry fully complies with the Open Container Initiative (OCI) v1.1 standard, letting customers store, secure, and distribute OCI container images and arbitrary artifacts such as Helm charts, binaries, and custom formats…
We've improved our versioning logic to accurately handle the parsing and semantic sorting of versions with prerelease components. 🛠 What changed? Previously, our implementation treated all numbers in prerelease components as a single integer when comparing versions. For example, when comparing versions 1.0.0-alpha.1.3.1 and 1.0.0-alpha.1.22, th…
Integrating Cloudsmith with Azure DevOps pipelines just got easier with the release of Cloudsmith’s command-line interface (CLI) extension for Azure DevOps. With this extension, there’s no need to manually install or configure the Cloudsmith CLI. Our task automates everything, ensuring the Cloudsmith CLI is ready to go on Linux and Windows runners…
In addition to Cloudsmith’s Roadie Backstage plugin now being an official Roadie plugin, we’ve added new functionality and given the components a fresher look. Roadie is a SaaS application with a fully customizable internal developer portal built on Backstage. If your organization is not yet using an internal developer portal, we recommend explori…
You can now integrate Cloudsmith with Argo CD to automate the deployment of your Kubernetes applications using Helm charts and Docker images securely stored in Cloudsmith repositories. 🚀 With flexible authentication options, including API keys and OpenID Connect (OIDC), you can automate deployment workflows while ensuring security and efficiency…