Customer stories

ConstructConnect

From JFrog Cloud to Cloudsmith: How ConstructConnect strengthened security and simplified software delivery. ConstructConnect is a leader in construction technology, providing software solutions that simplify the preconstruction process for thousands of firms across the U.S. and Canada.

Profile

    • Founded 2014
    • Cloudsmith customers since 2025
    • Leading provider of construction information and technology solutions

Industry

    • Construction Software

Cloudsmith Solution

    • Secure software supply chain
    • Truly SaaS
    • Scalable infrastructure

Results

    • Secure software delivery
    • Global distribution
    • Cost transparency

ConstructConnect is a leader in construction technology, providing software solutions that simplify the preconstruction process for thousands of firms across the U.S. and Canada. They provide data and software that helps contractors and manufacturers find, bid, and win the right projects. With a portfolio that includes On Center, PlanSwift, QuoteSoft, SmartBid, and iSqFt, the company supports one of the largest networks of contractors and manufacturers. Everything they do is designed to make preconstruction easier and more connected.

With a development team of over 100 engineers, and support needed for multiple artifact formats: npm, Helm, Maven, Python, NuGet and Docker - the company needed a modern, robust platform to manage its software delivery pipelines, enforce supply‑chain security and support future growth across the broader Roper Technologies group.

The Challenge

ConstructConnect initially adopted JFrog Cloud because it promised a cloud-hosted solution that could replace the complexity of on-premises artifact management. The team was looking for easier infrastructure management, CI/CD integration, and faster software delivery without maintaining legacy servers.

Initially, JFrog Cloud delivered on this promise, but ultimately the ConstructConnect team ran into challenges that required maintenance and overhead. These challenges compounded, restricting velocity, security, and scalability for ConstructConnect.

The [JFrog Cloud] migration was pretty painful. We recognized the issues with them relatively quickly. Much of the problem came when we went asking for help - most calls turned into a sales pitch instead of solving the problem. It took months to turn off our original [JFrog] cloud instance, and almost a year to resolve the billing issues.

Rich Dammkoehler

VP Architecture & Governance @ ConstructConnect

Unexpected expenses and slow vendor response

With JFrog Cloud, ConstructConnect experienced slow, inconsistent support resources that created a critical challenge for their team. Critical tickets took days to resolve, generating unexpected costs - one incident alone resulted in $48,000 in additional charges due to unanticipated data transfers. Hidden fees and unpredictable costs limited budget transparency and left the team frustrated. Disconnected platform experiences also made it difficult to implement comprehensive vulnerability scanning, enforce policy compliance, or integrate smoothly with other systems in ConstructConnect’s growing ecosystem.

In the first twelve hours, it was about $7,500. By the time we got it turned off, we had spent $48,000. We couldn’t stop the plugin once it was initiated. We had to reach tier-three support to bounce the server. That was the final nail in the coffin. Procurement was completely exhausted. My team was frustrated, and we didn’t have a path to resolution.

Rich Dammkoehler

VP Architecture & Governance @ ConstructConnect

Complex security features and compliance challenges

The InfoSec group demanded stronger software supply chain security, adding even more pressure to the situation. Developers struggled to manage technical debt, legacy tooling, and complex artifact pipelines, while spending significant time on workarounds instead of delivering features. Artifact organization was fragmented, data usage and storage constraints were challenging to manage, and the JFrog platform lacked visibility, leading to limited overall control and security assurance. With their contract set to expire in July 2025, it became clear that staying on JFrog would continue to restrict velocity, security, and scalability.

The Solution

A fully managed, truly cloud-native platform

ConstructConnect selected Cloudsmith for its fully managed, truly cloud-native platform offering transparent pricing, robust security, and seamless integration with existing DevOps workflows. Migration followed a “golden path” methodology: artifacts were initially consolidated into a monolithic repository in Cloudsmith before being reorganized into application-specific repositories. This approach enabled a smooth transition while minimizing disruption to active development. Cloudsmith quickly became more than just a platform - it became a partner.

We were focused on something that was truly cloud-native, not just something migrated into the cloud. We set up rubrics of pros and cons and did a rapid proof of concept across security, governance, and usability. Cloudsmith checked all the boxes for us - pricing, capability, and overall philosophy.

Rich Dammkoehler

VP Architecture & Governance @ ConstructConnect

Streamlined CI/CD and infrastructure automation

By integrating directly with GitLab CI/CD and Terraform, ConstructConnect’s teams can now automate builds, deployments, and infrastructure management without friction. Developers spend less time managing pipeline bottlenecks and more time delivering features, while security and compliance policies are enforced automatically within the workflow. The fully cloud-native architecture supports high-concurrency pipelines, ensuring faster, more reliable builds and smoother releases across the organization.

With Cloudsmith, we sign in once, get our resources, and move along. That immediately simplified our CI/CD pipelines.

Rich Dammkoehler

VP Architecture & Governance @ ConstructConnect

Intelligent vulnerability and policy enforcement

By implementing vulnerability scanning, EPM-driven policy enforcement, license scanning, package signing, and SBOM generation, ConstructConnect significantly strengthened its security posture. By combining these capabilities, Cloudsmith provided actionable insights that reduced noise from irrelevant alerts. Teams can now focus on the vulnerabilities that actually posed a risk to production systems. Enterprise Policy Manager allows automation of quarantined and blocking of non-compliant or vulnerable packages, ensuring that only artifacts that had been scanned for malware and CVE’s moved through the supply chain.

The most important capability for us is the ability to quarantine and block vulnerable artifacts. Ease of access to vulnerability information - and the ability to act on it - has been the biggest change for us. Our internal governance scores continue to improve, and Cloudsmith has been a major contributor to that. We’re a stone’s throw away from having zero high or critical vulnerabilities in our supply chain.

Rich Dammkoehler

VP Architecture & Governance @ ConstructConnect

Multi-format support

ConstructConnect can now manage all their artifacts - npm, Helm, Maven, Python, NuGet, and Docker - within multi-format repositories. Developers spend less time juggling fragmented repositories or troubleshooting inconsistencies, while Docker image management is simpler and more reliable. By consolidating multiple formats into one secure system, teams can move faster, reduce errors, and maintain a consistent, compliant software supply chain across all projects.

With JFrog, we were curating individual repositories and having to create virtuals for each one - there was a lot of complexity. With Cloudsmith, it’s an application with a multi-format repository, which has reduced the management burden on my team.

Rich Dammkoehler

VP Architecture & Governance @ ConstructConnect

Predictable costs and proactive support

While Cloudsmith's platform was one of the main reasons Construct Connect decided to migrate, the partnership is defined by more than technology alone. Cloudsmith’s transparent pricing model eliminated hidden fees, freeing ConstructConnect from constantly monitoring usage to avoid costly overages. With predictable costs and no surprise data transfer charges, the team can now focus on building rather than budgeting. Even though ConstructConnect had chosen JFrog Cloud - not an on-premise setup, they still struggled with slow, inconsistent support that left them waiting days for responses and often incurring extra costs in the meantime. With Cloudsmith, proactive and reliable support gives them direct access to engineers who understand their environment. Combined with an intuitive, modern interface, robust logging, fine-grained access controls, and better asset organization, developers can focus on delivering features instead of firefighting infrastructure and cost issues.

Cloudsmith support responded to us before we even asked the question. They didn’t just give us an answer — they monitored the impact and optimized it for us. It felt like they were part of my team. That level of engagement blew my mind. Support here is better than the support I have on any system I’m responsible for. Not just better than JFrog - better than all of them.

Rich Dammkoehler

VP Architecture & Governance @ ConstructConnect

The Results

Faster, reliable software delivery

By moving to Cloudsmith, ConstructConnect has secured their software supply chain with security features that are built into workflows, while also enabling faster, more efficient software delivery. Builds are more reliable, deployments are smoother, and developers now work within a modern, intuitive environment that allows them to focus on shipping value rather than maintaining outdated systems.

With JFrog, once something was running, you couldn’t stop it. With Cloudsmith, there’s a control panel - I can stop things immediately. I don’t have to SSH into a box. That’s what cloud-native really means to us.

Rich Dammkoehler

VP Architecture & Governance @ ConstructConnect

Clear, controllable budgets

ConstructConnect has regained control over its costs. Transparent pricing and the removal of hidden data transfer fees brought clarity and predictability to their operations. Cloudsmith supports their high-volume, multi-format operations securely and reliably.

With Cloudsmith, cost overruns are predictable and transparent. I can go to procurement and explain exactly what we’re paying for and why. With JFrog, we’d just get a message saying we exceeded capacity, without any detail. Now, if there’s a runaway pipeline, we can see it and fix it. We didn’t realize how much pain we were tolerating until we left [JFrog Cloud].

Rich Dammkoehler

VP Architecture & Governance @ ConstructConnect

Trusted and compliant artifact distribution

The supply chain is significantly more secure, with vulnerability scanning and policy enforcement ensuring only verified, compliant artifacts reach production. With Cloudsmith, ConstructConnect now has a mature, modern artifact management platform built for scale - enabling them to support growing development teams, handle increasing artifact volumes, and confidently expand without compromising performance or security.

If a region goes down, our supply chain doesn’t go down with it. That resilience is essential - we never want our supply chain to block a deployment.

Rich Dammkoehler

VP Architecture & Governance @ ConstructConnect

The migration from JFrog Cloud to Cloudsmith marks a pivotal shift: from a platform that initially promised cloud convenience but fell short on consistent performance and dependable support, to a fully managed, scalable, and secure system that enables faster, safer software delivery at enterprise scale with true cloud-native capabilities.
If you’re in the same position we were in with JFrog, beware - there are dragons there. Cloudsmith gives you all the supply chain capabilities you want, with superior support and a straightforward migration. Any complexity you experience is far more likely to come from your existing configuration than from Cloudsmith itself.

Rich Dammkoehler

VP Architecture & Governance @ ConstructConnect

More Customer Stories

Book a demo with our team today

Learn more about Cloudsmith and get advice tailored to your needs