Nov 14 2024

Cloudsmith achieves OCI v1.1 conformance, extending its cloud-native SSC control plane with OCI-based artifact management

ANNOUNCEMENT

Cloudsmith, the leading cloud-native artifact management platform, announced today its full compliance with and support of the Open Container Initiative (OCI) v1.1 standard. This milestone significantly expands Cloudsmith's capabilities to manage container images and associated artifacts, enabling organizations to establish and maintain comprehensive relationships across their entire Software Supply Chain (SSC).

Advanced Artifact Relationship Management

Cloudsmith's OCI v1.1 implementation goes beyond traditional container registry functionality by enabling organizations to establish explicit relationships between container images and their associated artifacts. This powerful capability allows teams to:
  • Link supply chain artifacts such as SBOMs, signatures, attestations, and vulnerability reports directly to their corresponding container images.
  • Distribute cloud-native OCI-based artifacts like Helm Charts, Kubernetes manifest files, WASM modules, and OPA bundles.
  • Store and track ML model data, feature store data, and associated metadata within the same registry alongside images.

    Unified Control Plane for Comprehensive Artifact Management

    Cloudsmith's implementation of OCI v1.1 seamlessly integrates with its existing universal artifact management platform. This integration gives organizations a centralized control plane for policy management across all assets, whether container images, linked artifacts, or any of the 30+ supported package formats. This unified approach enables:
    • Consistent policy enforcement across all artifact types.
    • Comprehensive audit trails of artifact lineage and interactions.
    • Unified security scanning across containers and associated artifacts.

      Future-Proofing Container Management

      Implementing OCI v1.1 on its cloud-native, fully managed platform, Cloudsmith delivers web-scale performance while ensuring compatibility with evolving container and artifact technologies. Unlike traditional container registries, Cloudsmith's universal artifact management capabilities provide a single source of truth for all software assets and their relationships, simplifying compliance and enhancing security across the entire software supply chain.

      “At Cloudsmith, we're revolutionizing how organizations manage relationships between containers and their associated artifacts," said Lee Skillen, Chief Technology Officer at Cloudsmith. "Our OCI v1.1 conformance enables teams to establish explicit connections between container images and crucial artifacts like SBOMs, signatures, attestations, and even ML-based data and metadata. It also supports OCI-based package formats, such as Helm Charts, WASM modules, OPA bundles, etc. This capability, combined with our unified policy management and support for over 30 distinct ecosystems, makes Cloudsmith the most comprehensive cloud-native platform for modern software supply chain management.”

      Founded in 2015 by open-source pioneer Docker, alongside other industry leaders, the OCI is a Linux Foundation project dedicated to establishing open standards for container formats and runtimes. The goal is to enhance interoperability across the container ecosystem, allowing developers to choose their tools rather than being confined to a specific set.

      Cloudsmith's support for OCI v1.1 is currently in early access for customers.

      About Cloudsmith

      Cloudsmith is a Belfast-headquartered software company that offers a cloud-based software supply chain management platform

      As, a trusted partner for software developers and organizations, Cloudsmith provides artifact storage, management and distribution solutions

      The company is committed to ensuring secure, reliable and efficient software delivery for its clients, making it an essential component of the software development ecosystem

      For More Information

      Resonance PR

      cloudsmith@resonancecrowd.com