Identify and prioritize new vulnerabilities in your existing artifacts with Cloudsmith’s Continuous Security. Continuous Security runs hourly checks against trusted vulnerability data sources, enabling faster detection and response to newly disclosed threats without the need for manual re-scans…
Packages added to Cloudsmith are scanned for vulnerabilities and malware, and passed through our policy engine. When we identify vulnerable packages, we produce and collate a range of descriptive data to help explain those vulnerabilities. Previously, that data was only available in our legacy web app, and more recently via our API. We've now broug…
The official Cloudsmith extension for Visual Studio Code is here. It brings your package visibility workflow directly into the IDE, allowing you to browse and inspect repositories and packages without switching context…
Client log exports now provide a more comprehensive overview of package delivery. In addition to GET requests, client log exports will include other HTTP request types, including HEAD, POST, and OPTIONS requests. This gives you a full view of package delivery, moving beyond just download tracking to include metadata checks and other repository interactions…
You can now use package license data in Enterprise Policy Management (EPM) to create policies based on a package’s software license. This lets you automatically govern license usage in line with your organization’s policies, giving you direct control over which packages are approved for use in your software supply chain…
Client logs and usage reporting improvements are now generally available in the new web application. These updates give you deeper visibility into package downloads, delivery trends and the repositories or tokens driving your usage…
You can now view architecture and distribution tags in the Packages table in the new web application. This makes it easier to tell apart packages with the same name but different architectures or distributions, and to quickly find the right one…
If you use Renovate to manage dependencies, you can now include packages from your Cloudsmith repositories in the same automated workflows. That means Renovate can track and update internal packages, as well as any open source dependencies pulled through upstream registries…
Broadcasts now support using your own domain as the endpoint for package distribution, helping you deliver a more consistent and trusted experience for developers and end users…
You can now use Broadcasts to distribute your open-source packages, with separate allowances and usage designed to support maintainers and communities building in the open…
