---
title: "Software Supply Chain Security"
description: "A complete list of software supply chain security features offered by Cloudsmith"
canonical_url: "https://cloudsmith.com/platform-features/software-supply-chain-security"
last_updated: "2026-05-26T09:05:11Z"
---
# Software Supply Chain Security

## Platform Features

### Policy Management

Policy management gives you centralized control over your entire software supply chain - every package, dependency, format, and team - before software reaches developers, pipelines, or production.

[Learn more](/product/enterprise-policy-manager)

### Enterprise Link

Protect every artifact with automated policy controls that scale with your business. Cloudsmith makes it easy to enforce security, compliance, and governance across every stage of your software supply chain.

[Learn more](/product/enterprise-link)

## Security and Compliance Features

Features to safeguard your teams, customers, and reputation. Cloudsmith is a central checkpoint for software integrity.


### Policy management, policy-as-code

Take control over the software flowing to your teams and pipelines with detailed policies written in OPA Rego syntax. 

### Cooldown policies

Apply rules governing the use of newly-published packages in your Workspace.

### Continuous package enrichment

Continuous monitoring of packages to match newly disclosed vulnerabilities and malware threats to your repository. 

### Malware scanning

Block malicious packages from getting to teams with automatic malware checks.

### Package quarantine

Prevent packages from being distributed to teams and pipelines when they fail policy checks.

### Generate SBOMs for containers

We generate and check a complete software bill of materials for every container added to Cloudsmith.

### Host SBOMs

Drive consistency across your software builds by hosting and distributing SBOMs on Cloudsmith. 

### Geographic location / IP restrictions

Ensure your software doesn't flow to problematic territories or specific IP ranges.

### Licence compliance

Gain visibility of the software licenses in use across your workspace, and develop policies to reject unacceptable licenses.

### Custom storage regions

Remain in compliance with your corporate standards by specifying storage regions for your software artifacts.

### Custom signing keys

Ensure packages have not been tampered with by signing with own custom encryption keys.

### Sigstore cosign support

Automatically verify your packages as part of your build pipeline using Sigstore. 

## Access Control Features

Features to control who can access the packages, containers, models and data managed in your Cloudsmith workspace. 

### Single sign-on via social auth

Use your existing social sign-on provider to authenticate against Cloudsmith. 

### Teams (team-based controls)

Assign privileges and permissions to groups of users organized in teams.

### Service accounts

Allow bots and services to interact with your Cloudsmith resources using dedicated service accounts.

### Log exports

Take your log data away for further analysis with automated log exports.

### OpenID Connect

Use ephemeral OIDC tokens to connect Cloudsmith with third-party services, without long-lasting credentials.

### Single sign-on via SAML

Use your existing ID provider like Okta to authenticate Cloudsmith users.

### SAML groups

Model your org's teams and permissions in your ID provider, and automatically map to Cloudsmith.

### SCIM

Automatically reflect changes to your real-world org in your Cloudsmith teams and users.

### API key policies

Mitigate against security breaches by ensuring keys are updated regularly and automatically invalidated.

## Documentation and Support

[Read our supply chain security doc](https://docs.cloudsmith.com/supply-chain-security)

[Read our repository privileges doc](https://docs.cloudsmith.com/repositories/repository-privileges)

[Read our continuous security doc](https://docs.cloudsmith.com/supply-chain-security/continuous-security)

[Watch our product tour](/product-tour)

Speak with one of our experts to see Cloudsmith’s feature set in action and get tailored advice to fit your use case

[Book a demo](/book-a-demo)
