Product tour
1. Introduction and overview
Start with this short introduction to Cloudsmith
- First video of nine led by Dan and Ciara to guide you though the platform
- Introduction to Cloudsmith and artifact management
- Quick tour of the web application
- First look at repositories, upstreams, and security options
2. configure organizations and teams
Set up your organization and add your teams
- Create a workspace for your organization
- Secure authentication, automated access, and robust policies
- Configure service accounts for third-party integrations
- Manage repository access using teams and SAML group sync
- Explore how policies control artifact flow through your pipeline
3. Repositories, packages, and projects
Explore repository setup and configuration
- Create multi-format repositories to support multiple package types
- Control access with teams, roles, and service accounts
- Advanced settings like retention rules, GeoIP restrictions, and webhooks
- Connect upstream sources for dependency resolution
- Publish packages and view metadata, signatures, and dependencies
4. Tracking packages and users
Use logs to track actions and downloads
- Access fine-grained logs at workspace and repository level
- Track package downloads, user actions, and configuration changes
- Filter logs by time, format, actor, or repository
- Export logs to Datadog, Elasticsearch, AWS Athena, or access them via API
5. Upstreams, security and policies
CI integration, artifact flow, and security
- Set up a CI workflow with GitHub Actions
- Pull dependencies from Cloudsmith with upstream caching
- Authenticate securely using OIDC and service accounts
- Push built artifacts to Cloudsmith
- Enforce supply chain security with Enterprise Policy Management
6. enforcing compliance standards
Compliance in artifact management
- The current state of compliance in the software supply chain
- Risk reduction by tackling vulnerabilities, license issues, and unverified code
- How standards like PCI DSS and ISO 27001 define best practices
- Cloudsmith support for policy enforcement, tracking, and managing SBOMs
7. Package signing for secure package transfer
Signing to verify authenticity and integrity
- Automatic use of cryptographic signatures
- Adding your own signing keys
- Native signing with Docker, Swift, and NuGet
- Verifying a signed Docker image with Cosign
- Checking the signature for trust and integrity
8. Distribution and public access
Distributing your artifacts to users
- Cloudsmith provides global distribution via fully managed infrastructure
- Entitlement tokens control private access with visibility and usage restrictions
- Public broadcasts let you share packages through branded, customizable portals
9. Integrating tooling using the API
Managing artifacts with the Cloudsmith API
- Automate any action using the Cloudsmith API
- Test endpoints like package listings and audit logs in the API docs
- Use Terraform to provision repositories and access controls
- Set retention rules and define upstreams as code
- Version and track infrastructure changes in your pipeline