DataHub, the leading open source metadata platform, faced significant hurdles in distributing its software to a global user base. Utilizing a legacy distribution system resulted in prohibitive costs, rigid access controls, and a fragmented user experience. By migrating to Cloudsmith, DataHub successfully streamlined its software delivery through a unified, fully managed artifact management platform. The implementation of entitlement tokens provided granular control over software access and helped eliminate deployment friction. This transition reduced operational overhead and strengthened the company's security posture through automated image scanning.

For an early-stage startup like DataHub, software distribution is a critical business function that directly impacts customer adoption and retention. The company needed to distribute its “Remote Executor” agent, a component that collects metadata locally within a customer's infrastructure, to many enterprise customers.

However, the incumbent software distribution system, Docker Hub, presented a significant financial and operational burden. High per-seat pricing meant that projected growth would eventually make the distribution model unsustainable. To remain fiscally responsible while maintaining a “best in breed” experience, DataHub required a solution that facilitated seamless software updates without cost-prohibitive barriers.

DataHub originally relied on Docker Hub for software image distribution, but the platform lacked the sophisticated features required for enterprise-grade delivery. The team encountered several technical limitations:

• Lack of access control: The system lacked entitlement tokens, preventing DataHub from managing specific customer access levels effectively.
• Insufficient analytics: DataHub could not adequately track usage by software version or individual customer, leaving them with limited visibility into how users consumed their software.
• Poor user experience: The interface was often confusing for end-users, leading to increased support inquiries and friction during the distribution of the Remote Executor agent.

Facing these obstacles, the engineering team realized they had to either build a custom distribution platform from scratch, which was a massive undertaking, or find a specialized alternative.

DataHub chose Cloudsmith for its ability to handle complex, global distribution needs through a cloud-native SaaS architecture. The transition focused on several key technical areas:

• Entitlement tokens: This feature served as the primary differentiator, allowing DataHub to issue unique tokens for granular, per-customer access control to its Remote Executor images.
• Automated security and SBOMs: The Cloudsmith platform integrated Software Bill of Materials (SBOM) access and automated vulnerability scanning, ensuring that all distributed images were signed and verified.
• Multi-format support: While DataHub started with containers, Cloudsmith’s support for over 30 package formats provided a future-proof foundation for other software components as DataHub’s distribution needs evolve and grow.

The adoption of Cloudsmith transformed DataHub’s distribution workflow from a point of friction into a strategic advantage.

• Eliminated deployment friction: Since moving to branded hostnames and Cloudsmith’s global infrastructure, the team received almost no support questions regarding image downloads.
• Enhanced visibility and control: Entitlement tokens now feed detailed user data back to DataHub, allowing them to track exactly who is using which software version.
• Strengthened security posture: DataHub now assembles software with a well-understood vulnerability surface. Scanning internal artifacts ensures they do not introduce new attack vectors during the delivery process.
• Operational efficiency: By choosing a fully managed SaaS solution, DataHub avoided the costs and engineering hours associated with building and maintaining an in-house distribution platform.

Following the success of the Remote Executor distribution, DataHub plans to further optimize the distribution experience with private broadcasts and a custom portal. Having branded distribution endpoints using its own domain name, will provide a professional and recognizable experience for customers.

DataHub also plans to expand its use of Cloudsmith to manage Chainguard hardened images and libraries internally. Additionally, the team intends to implement automated lifecycle and cleanup policies to manage software versioning in relation to distribution. These controls will allow DataHub to define and enforce formal end-of-life (EOL) guidance, ensuring customers always have access to the most secure and performant versions of the platform.