Nov 14 2024
Cloudsmith achieves OCI v1.1 conformance, extending its cloud-native SSC control plane with OCI-based artifact management
ANNOUNCEMENT
Cloudsmith, the leading cloud-native artifact management platform, announced today its full compliance with and support of the Open Container Initiative (OCI) v1.1 standard. This milestone significantly expands Cloudsmith's capabilities to manage container images and associated artifacts, enabling organizations to establish and maintain comprehensive relationships across their entire Software Supply Chain (SSC).
Advanced Artifact Relationship Management
- Link supply chain artifacts such as SBOMs, signatures, attestations, and vulnerability reports directly to their corresponding container images.
- Distribute cloud-native OCI-based artifacts like Helm Charts, Kubernetes manifest files, WASM modules, and OPA bundles.
- Store and track ML model data, feature store data, and associated metadata within the same registry alongside images.
Unified Control Plane for Comprehensive Artifact Management
- Consistent policy enforcement across all artifact types.
- Comprehensive audit trails of artifact lineage and interactions.
- Unified security scanning across containers and associated artifacts.
Future-Proofing Container Management
Implementing OCI v1.1 on its cloud-native, fully managed platform, Cloudsmith delivers web-scale performance while ensuring compatibility with evolving container and artifact technologies. Unlike traditional container registries, Cloudsmith's universal artifact management capabilities provide a single source of truth for all software assets and their relationships, simplifying compliance and enhancing security across the entire software supply chain.
“At Cloudsmith, we're revolutionizing how organizations manage relationships between containers and their associated artifacts," said Lee Skillen, Chief Technology Officer at Cloudsmith. "Our OCI v1.1 conformance enables teams to establish explicit connections between container images and crucial artifacts like SBOMs, signatures, attestations, and even ML-based data and metadata. It also supports OCI-based package formats, such as Helm Charts, WASM modules, OPA bundles, etc. This capability, combined with our unified policy management and support for over 30 distinct ecosystems, makes Cloudsmith the most comprehensive cloud-native platform for modern software supply chain management.”
Founded in 2015 by open-source pioneer Docker, alongside other industry leaders, the OCI is a Linux Foundation project dedicated to establishing open standards for container formats and runtimes. The goal is to enhance interoperability across the container ecosystem, allowing developers to choose their tools rather than being confined to a specific set.
Cloudsmith's support for OCI v1.1 is currently in early access for customers.
About Cloudsmith
Cloudsmith is a Belfast-headquartered software company that offers a cloud-based software supply chain management platform
As, a trusted partner for software developers and organizations, Cloudsmith provides artifact storage, management and distribution solutions
The company is committed to ensuring secure, reliable and efficient software delivery for its clients, making it an essential component of the software development ecosystem
For More Information
Resonance PR
cloudsmith@resonancecrowd.com