Cloudsmith launches Enterprise Policy Manager for software supply chain

Cloudsmith addresses weaponization of the software supply chain with advanced security capabilities

Cloudsmith announced an expansion of its advanced security capabilities, framing the platform as a unified control plane that bridges the gap between threat intelligence and active enforcement. The release highlights two core capabilities — continuous package enrichment (pulling from OSV.dev, EPSS, and OpenSSF malicious package data) and OPA-based policy management with features like cool-down periods, exploitability prioritization, deep SBOM inspection, and malicious package detection. The underlying argument: security tools surface risk just fine, but enforcement is disconnected from where software actually moves — and Cloudsmith fixes that.

Mar 23 2026

Press releases

Cloudsmith Launches MCP Server to Enhance Developers’ AI-powered Workflows

Cloudsmith announced the early access launch of its Model Context Protocol (MCP) Server. This new integration layer brings Cloudsmith’s capabilities directly into the developer’s AI-powered workflows

Nov 10 2025

Press coverage

Silicon Republic: Belfast’s Cloudsmith raises $23m in oversubscribed round

Mar 4 2025