ConstructConnect is a leader in construction technology, providing software solutions that simplify the preconstruction process for thousands of firms across the U.S. and Canada. They provide data and software that helps contractors and manufacturers find, bid, and win the right projects. With a portfolio that includes On Center, PlanSwift, QuoteSoft, SmartBid, and iSqFt, the company supports one of the largest networks of contractors and manufacturers. Everything they do is designed to make preconstruction easier and more connected.
With a development team of over 100 engineers, and support needed for multiple artifact formats: npm, Helm, Maven, Python, NuGet and Docker - the company needed a modern, robust platform to manage its software delivery pipelines, enforce supply‑chain security and support future growth across the broader Roper Technologies group.
The Challenge
ConstructConnect initially adopted JFrog Cloud because it promised a cloud-hosted solution that could replace the complexity of on-premises artifact management. The team was looking for easier infrastructure management, CI/CD integration, and faster software delivery without maintaining legacy servers.
Initially, JFrog Cloud delivered on this promise, but ultimately the ConstructConnect team ran into challenges that required maintenance and overhead. These challenges compounded, restricting velocity, security, and scalability for ConstructConnect.
The [JFrog Cloud] migration was pretty painful. We recognized the issues with them relatively quickly. Much of the problem came when we went asking for help - most calls turned into a sales pitch instead of solving the problem. It took months to turn off our original [JFrog] cloud instance, and almost a year to resolve the billing issues.
With JFrog Cloud, ConstructConnect experienced slow, inconsistent support resources that created a critical challenge for their team. Critical tickets took days to resolve, generating unexpected costs - one incident alone resulted in $48,000 in additional charges due to unanticipated data transfers. Hidden fees and unpredictable costs limited budget transparency and left the team frustrated. Disconnected platform experiences also made it difficult to implement comprehensive vulnerability scanning, enforce policy compliance, or integrate smoothly with other systems in ConstructConnect’s growing ecosystem.
In the first twelve hours, it was about $7,500. By the time we got it turned off, we had spent $48,000. We couldn’t stop the plugin once it was initiated. We had to reach tier-three support to bounce the server. That was the final nail in the coffin. Procurement was completely exhausted. My team was frustrated, and we didn’t have a path to resolution.
The InfoSec group demanded stronger software supply chain security, adding even more pressure to the situation. Developers struggled to manage technical debt, legacy tooling, and complex artifact pipelines, while spending significant time on workarounds instead of delivering features. Artifact organization was fragmented, data usage and storage constraints were challenging to manage, and the JFrog platform lacked visibility, leading to limited overall control and security assurance. With their contract set to expire in July 2025, it became clear that staying on JFrog would continue to restrict velocity, security, and scalability.
The Solution
ConstructConnect selected Cloudsmith for its fully managed, truly cloud-native platform offering transparent pricing, robust security, and seamless integration with existing DevOps workflows. Migration followed a “golden path” methodology: artifacts were initially consolidated into a monolithic repository in Cloudsmith before being reorganized into application-specific repositories. This approach enabled a smooth transition while minimizing disruption to active development. Cloudsmith quickly became more than just a platform - it became a partner.
We were focused on something that was truly cloud-native, not just something migrated into the cloud. We set up rubrics of pros and cons and did a rapid proof of concept across security, governance, and usability. Cloudsmith checked all the boxes for us - pricing, capability, and overall philosophy.
By integrating directly with GitLab CI/CD and Terraform, ConstructConnect’s teams can now automate builds, deployments, and infrastructure management without friction. Developers spend less time managing pipeline bottlenecks and more time delivering features, while security and compliance policies are enforced automatically within the workflow. The fully cloud-native architecture supports high-concurrency pipelines, ensuring faster, more reliable builds and smoother releases across the organization.
With Cloudsmith, we sign in once, get our resources, and move along. That immediately simplified our CI/CD pipelines.
By implementing vulnerability scanning, EPM-driven policy enforcement, license scanning, package signing, and SBOM generation, ConstructConnect significantly strengthened its security posture. By combining these capabilities, Cloudsmith provided actionable insights that reduced noise from irrelevant alerts. Teams can now focus on the vulnerabilities that actually posed a risk to production systems. Enterprise Policy Manager allows automation of quarantined and blocking of non-compliant or vulnerable packages, ensuring that only artifacts that had been scanned for malware and CVE’s moved through the supply chain.
The most important capability for us is the ability to quarantine and block vulnerable artifacts. Ease of access to vulnerability information - and the ability to act on it - has been the biggest change for us. Our internal governance scores continue to improve, and Cloudsmith has been a major contributor to that. We’re a stone’s throw away from having zero high or critical vulnerabilities in our supply chain.
ConstructConnect can now manage all their artifacts - npm, Helm, Maven, Python, NuGet, and Docker - within multi-format repositories. Developers spend less time juggling fragmented repositories or troubleshooting inconsistencies, while Docker image management is simpler and more reliable. By consolidating multiple formats into one secure system, teams can move faster, reduce errors, and maintain a consistent, compliant software supply chain across all projects.
With JFrog, we were curating individual repositories and having to create virtuals for each one - there was a lot of complexity. With Cloudsmith, it’s an application with a multi-format repository, which has reduced the management burden on my team.
While Cloudsmith's platform was one of the main reasons Construct Connect decided to migrate, the partnership is defined by more than technology alone. Cloudsmith’s transparent pricing model eliminated hidden fees, freeing ConstructConnect from constantly monitoring usage to avoid costly overages. With predictable costs and no surprise data transfer charges, the team can now focus on building rather than budgeting. Even though ConstructConnect had chosen JFrog Cloud - not an on-premise setup, they still struggled with slow, inconsistent support that left them waiting days for responses and often incurring extra costs in the meantime. With Cloudsmith, proactive and reliable support gives them direct access to engineers who understand their environment. Combined with an intuitive, modern interface, robust logging, fine-grained access controls, and better asset organization, developers can focus on delivering features instead of firefighting infrastructure and cost issues.
Cloudsmith support responded to us before we even asked the question. They didn’t just give us an answer — they monitored the impact and optimized it for us. It felt like they were part of my team. That level of engagement blew my mind. Support here is better than the support I have on any system I’m responsible for. Not just better than JFrog - better than all of them.
The Results
By moving to Cloudsmith, ConstructConnect has secured their software supply chain with security features that are built into workflows, while also enabling faster, more efficient software delivery. Builds are more reliable, deployments are smoother, and developers now work within a modern, intuitive environment that allows them to focus on shipping value rather than maintaining outdated systems.
With JFrog, once something was running, you couldn’t stop it. With Cloudsmith, there’s a control panel - I can stop things immediately. I don’t have to SSH into a box. That’s what cloud-native really means to us.
ConstructConnect has regained control over its costs. Transparent pricing and the removal of hidden data transfer fees brought clarity and predictability to their operations. Cloudsmith supports their high-volume, multi-format operations securely and reliably.
With Cloudsmith, cost overruns are predictable and transparent. I can go to procurement and explain exactly what we’re paying for and why. With JFrog, we’d just get a message saying we exceeded capacity, without any detail. Now, if there’s a runaway pipeline, we can see it and fix it. We didn’t realize how much pain we were tolerating until we left [JFrog Cloud].
The supply chain is significantly more secure, with vulnerability scanning and policy enforcement ensuring only verified, compliant artifacts reach production. With Cloudsmith, ConstructConnect now has a mature, modern artifact management platform built for scale - enabling them to support growing development teams, handle increasing artifact volumes, and confidently expand without compromising performance or security.
If a region goes down, our supply chain doesn’t go down with it. That resilience is essential - we never want our supply chain to block a deployment.
If you’re in the same position we were in with JFrog, beware - there are dragons there. Cloudsmith gives you all the supply chain capabilities you want, with superior support and a straightforward migration. Any complexity you experience is far more likely to come from your existing configuration than from Cloudsmith itself.
Font Awesome’s business relies on the distribution of private packages to customers in a timely, reliable fashion. That wasn’t a use case supported by conventional package management platforms, and attempting to build a solution in-house was causing ongoing issues around uptime and performance.
Like any other company making software at scale, the goal for Carta is delivering great software as efficiently as possible. Cloudsmith helps make that happen. Carta uses Cloudsmith to handle all aspects of package management across the business. That means that Carta engineers have access to a single private repository of software assets, no matter where they are or what language or format they are working in.
The New England Center for Children® (NECC®) is a globally recognized autism education center and research institute. NECC’s educational software system, Autism Curriculum Encyclopedia® (ACE®), is designed to support evidence-based learning for individuals with autism. They migrated to Cloudsmith to ensure they had a cloud-native solution that integrated seamlessly into their DevOps pipeline. Read about how they eliminated downtime, scaled effortlessly, and freed up their team to focus on an increased number of micro-services.
From JFrog Cloud to Cloudsmith: How ConstructConnect strengthened security and simplified software delivery.
Discover how the leading consumer and industrial electronics organization is leveraging Cloudsmith’s Enterprise Policy Manager for better package visibility and governance.
Discover how Diligent transformed its software delivery process with Cloudsmith’s universal package management platform. By centralizing security, automating workflows, and enhancing compliance, Diligent achieved significant efficiency gains and scalable operations. With real-time insights and reduced manual tasks, their teams can now focus on innovation
