ConstructConnect

ConstructConnect is a leader in construction technology, providing software solutions that simplify the preconstruction process for thousands of firms across the U.S. and Canada. They provide data and software that helps contractors and manufacturers find, bid, and win the right projects. With a portfolio that includes On Center, PlanSwift, QuoteSoft, SmartBid, and iSqFt, the company supports one of the largest networks of contractors and manufacturers. Everything they do is designed to make preconstruction easier and more connected.

With a development team of over 100 engineers, and support needed for multiple artifact formats: npm, Helm, Maven, Python, NuGet and Docker - the company needed a modern, robust platform to manage its software delivery pipelines, enforce supply‑chain security and support future growth across the broader Roper Technologies group.

ConstructConnect initially adopted JFrog Cloud because it promised a cloud-hosted solution that could replace the complexity of on-premises artifact management. The team was looking for easier infrastructure management, CI/CD integration, and faster software delivery without maintaining legacy servers.

Initially, JFrog Cloud delivered on this promise, but ultimately the ConstructConnect team ran into challenges that required maintenance and overhead. These challenges compounded, restricting velocity, security, and scalability for ConstructConnect.

With JFrog Cloud, ConstructConnect experienced slow, inconsistent support resources that created a critical challenge for their team. Critical tickets took days to resolve, generating unexpected costs - one incident alone resulted in $48,000 in additional charges due to unanticipated data transfers. Hidden fees and unpredictable costs limited budget transparency and left the team frustrated. Disconnected platform experiences also made it difficult to implement comprehensive vulnerability scanning, enforce policy compliance, or integrate smoothly with other systems in ConstructConnect’s growing ecosystem.

The InfoSec group demanded stronger software supply chain security, adding even more pressure to the situation. Developers struggled to manage technical debt, legacy tooling, and complex artifact pipelines, while spending significant time on workarounds instead of delivering features. Artifact organization was fragmented, data usage and storage constraints were challenging to manage, and the JFrog platform lacked visibility, leading to limited overall control and security assurance. With their contract set to expire in July 2025, it became clear that staying on JFrog would continue to restrict velocity, security, and scalability.

ConstructConnect selected Cloudsmith for its fully managed, truly cloud-native platform offering transparent pricing, robust security, and seamless integration with existing DevOps workflows. Migration followed a “golden path” methodology: artifacts were initially consolidated into a monolithic repository in Cloudsmith before being reorganized into application-specific repositories. This approach enabled a smooth transition while minimizing disruption to active development. Cloudsmith quickly became more than just a platform - it became a partner.

By integrating directly with GitLab CI/CD and Terraform, ConstructConnect’s teams can now automate builds, deployments, and infrastructure management without friction. Developers spend less time managing pipeline bottlenecks and more time delivering features, while security and compliance policies are enforced automatically within the workflow. The fully cloud-native architecture supports high-concurrency pipelines, ensuring faster, more reliable builds and smoother releases across the organization.

By implementing vulnerability scanning, EPM-driven policy enforcement, license scanning, package signing, and SBOM generation, ConstructConnect significantly strengthened its security posture. By combining these capabilities, Cloudsmith provided actionable insights that reduced noise from irrelevant alerts. Teams can now focus on the vulnerabilities that actually posed a risk to production systems. Enterprise Policy Manager allows automation of quarantined and blocking of non-compliant or vulnerable packages, ensuring that only artifacts that had been scanned for malware and CVE’s moved through the supply chain.

ConstructConnect can now manage all their artifacts - npm, Helm, Maven, Python, NuGet, and Docker - within multi-format repositories. Developers spend less time juggling fragmented repositories or troubleshooting inconsistencies, while Docker image management is simpler and more reliable. By consolidating multiple formats into one secure system, teams can move faster, reduce errors, and maintain a consistent, compliant software supply chain across all projects.

While Cloudsmith's platform was one of the main reasons Construct Connect decided to migrate, the partnership is defined by more than technology alone. Cloudsmith’s transparent pricing model eliminated hidden fees, freeing ConstructConnect from constantly monitoring usage to avoid costly overages. With predictable costs and no surprise data transfer charges, the team can now focus on building rather than budgeting. Even though ConstructConnect had chosen JFrog Cloud - not an on-premise setup, they still struggled with slow, inconsistent support that left them waiting days for responses and often incurring extra costs in the meantime. With Cloudsmith, proactive and reliable support gives them direct access to engineers who understand their environment. Combined with an intuitive, modern interface, robust logging, fine-grained access controls, and better asset organization, developers can focus on delivering features instead of firefighting infrastructure and cost issues.

By moving to Cloudsmith, ConstructConnect has secured their software supply chain with security features that are built into workflows, while also enabling faster, more efficient software delivery. Builds are more reliable, deployments are smoother, and developers now work within a modern, intuitive environment that allows them to focus on shipping value rather than maintaining outdated systems.

ConstructConnect has regained control over its costs. Transparent pricing and the removal of hidden data transfer fees brought clarity and predictability to their operations. Cloudsmith supports their high-volume, multi-format operations securely and reliably.

The supply chain is significantly more secure, with vulnerability scanning and policy enforcement ensuring only verified, compliant artifacts reach production. With Cloudsmith, ConstructConnect now has a mature, modern artifact management platform built for scale - enabling them to support growing development teams, handle increasing artifact volumes, and confidently expand without compromising performance or security.

The migration from JFrog Cloud to Cloudsmith marks a pivotal shift: from a platform that initially promised cloud convenience but fell short on consistent performance and dependable support, to a fully managed, scalable, and secure system that enables faster, safer software delivery at enterprise scale with true cloud-native capabilities.