Package groups are now available in Cloudsmith’s new web application. This view groups all packages within a repository by their format and name, allowing you to scan over repository contents more easily if you have multiple versions of packages within a repository…
We are pleased to announce dark mode for Cloudsmith’s new web application. Dark mode is an essential feature for modern web applications, and has been a frequent customer request since the new web app was released in Early Access…
Cloudsmith will now automatically generate a Cosign signature when you upload a container image, eliminating the need for manual key management. This simplifies image signing, making it easier to implement image verification in your workflows…
Cloudsmith customers can now create branded public repositories using our new distribution feature, Broadcasts. With Broadcasts, you can set up a custom domain, creating a single trusted place for users to access your software artifacts. Your users can discover packages, containers and SDKs, and download those artifacts right from the browser or pull them down using native tools like their IDE or CI/CD build systems…
To ensure that Cloudsmith continues to provide a consistent and secure experience for users of Dart packages, from February 28th 2025 Cloudsmith will only support Dart SDK version 2.15 or greater. After this date, support for older versions of the Dart SDK will be dropped…
Ensuring your packages and container images remain secure over time can be challenging, especially as new vulnerabilities surface daily and can emerge long after a package is first introduced. With Cloudsmith, you can now set up recurring security scans of your packages and images to check for new vulnerabilities and use that updated information in Cloudsmith’s policy manager to notify users or quarantine the package…
For customers who use Cloudsmith for Dart packages, Cloudsmith now supports caching from upstream repositories including pub.dev, the official package repository for Dart. This simplifies handling of public Dart packages and enables key improvements such as package vulnerability scanning to enhance and better secure your package workflows. Prior t…
Cloudsmith now automatically generates SBOMs during package synchronization of container images. This provides a CycloneDX format SBOM accessible via the API, and significantly quickens container image re-scan times. What are SBOMs? SBOMs (or Software Bill Of Materials) serve as an inventory of components comprising a software package. Based on a…
Cloudsmith has extended our support for security scanning to include Dart packages, helping customers who use Cloudsmith for Dart packages ship safe software. Cloudsmith’s security scanning checks for Common Vulnerabilities and Exposures (CVEs). Package vulnerability scanning is a key step in securing your software delivery pipelines, and using pa…
Cloudsmith’s support for Conda repositories now includes the ability to modify Conda repository metadata through repodata patching, giving customers a way to update package dependency constraints without republishing all packages. Repodata patching provides a resolution when updates to a package’s dependencies introduce breaking changes or other i…
By submitting this form, you agree to our privacy policy
