Cloudsmith today announced the launch of its Enterprise Policy Manager, a policy-as-code engine that uses artifact management as the central control plane for governing software supply chains. By integrating comprehensive policy management at the artifact level, Cloudsmith helps enterprise organizations with observability, auditable policies, control, and flexibility, ultimately enabling them to scale their software supply chains without compromising development speed or security.

Enterprise Policy Manager will debut at 

, taking place between November 12th and 15th.

Cloudsmith’s Enterprise Policy Manager is designed as a control plane for the software supply chain, centralizing governance and providing comprehensive visibility over every component from development to production. It mitigates risks by ingesting and enriching metadata from various sources (e.g., vulnerability databases and quality metrics), informing policy decisions. It also ensures all dependencies meet security and compliance requirements before they enter development pipelines by screening and quarantining risky or outdated components.

The platform’s emphasis on observability and auditable policies allows enterprises to maintain full traceability, demonstrating compliance and reducing risks associated with third-party software.

Security and DevOps teams have also long struggled to balance their competing priorities: CISOs impose strict security policies to protect organizational assets, while security has traditionally been incorporated later in the development cycle, making it challenging to meet security and regulatory standards without impacting speed. Cloudsmith’s Enterprise Policy Manager bridges this gap by embedding security checks seamlessly into development, allowing companies to shift security “left” and catch vulnerabilities earlier without delays.

“We’re building a solution that anticipates future security and compliance requirements,” said Glenn Weinstein, CEO of Cloudsmith. "Enterprises will face increasing security and regulatory pressures on their software supply chains. Cloudsmith is an essential infrastructure for secure, efficient, and compliant software delivery, and we’ll be adding predictive risk analytics, AI-driven security recommendations, and full lifecycle compliance management to serve as the backbone of global software supply chains.

“Our goal is to empower companies to ship secure software at scale, with confidence and speed, redefining what it means to be secure,” Weinstein added.

Cloudsmith’s artifact repositories are the central control point for governing the flow of all software components, particularly third-party artifacts like open-source packages. This centralization ensures that all dependencies are vetted, monitored, and compliant before they reach developers or production systems.

Cloudsmith enriches software artifacts with extensive metadata, including vulnerability scores, dependency risk indicators, and third-party quality metrics. This data helps both security and development teams make informed decisions, preventing the integration of untrusted or vulnerable packages.

With policy-as-code capabilities, companies can create and enforce policies tailored to their unique compliance and security needs. This enables CISOs to maintain strict security standards while allowing developers to innovate without constant security interruptions. 

Customizable, Data-Driven Policies for CISO peace of mind

Quickly create observable, verifiable, and repeatable policies across your organization, automated through Cloudsmith’s API, and store them as code.

Policy as Code

The visual policy builder offers an intuitive interface that allows both technical and non-technical users to create policies easily. For complex needs, the platform supports Open Policy Agent (OPA) and Rego, enabling developers and security teams to work within familiar frameworks. This flexibility allows for seamless collaboration between security and development without sacrificing productivity.

Developer-Friendly Policy Creation

Each policy decision is logged and auditable, enabling full traceability and compliance for regulated industries. Cloudsmith’s transparent decision logs help enterprises demonstrate regulatory compliance, reducing the risks and potential costs associated with third-party software. 

Observable, Auditable Security

Key Features of Cloudsmith's Enterprise Policy Manager

Cloudsmith is a Belfast-headquartered software company that offers a cloud-based software supply chain management platform

As, a trusted partner for software developers and organizations, Cloudsmith provides artifact storage, management and distribution solutions

The company is committed to ensuring secure, reliable and efficient software delivery for its clients, making it an essential component of the software development ecosystem


About Cloudsmith

Overview and key features demonstrated by Cloudsmith engineer, Paddy Carey

Preview video of Cloudsmith's Enterprise Policy Manager

Links & Resources

For More Information

Cloudsmith today announced the launch of its Enterprise Policy Manager, a policy-as-code engine that uses artifact management as the central control plane for governing software supply chains. 

Cloudsmith launches Enterprise Policy Manager for software supply chain

Cloudsmith announced the early access launch of its Model Context Protocol (MCP) Server. This new integration layer brings Cloudsmith’s capabilities directly into the developer’s AI-powered workflows

Cloudsmith Launches MCP Server to Enhance Developers’ AI-powered Workflows

Silicon Republic: Belfast’s Cloudsmith raises $23m in oversubscribed round

Oversubscribed funding round by TCV and Insight Partners accelerates Cloudsmith’s global ambitions 

Cloudsmith launches Enterprise Policy Manager for software supply chain

Cloudsmith Launches MCP Server to Enhance Developers’ AI-powered Workflows

Silicon Republic: Belfast’s Cloudsmith raises $23m in oversubscribed round

Cloudsmith Raises $23M Series B to secure the future of software supply chains