Product tour

1. Introduction and overview

Start with this short introduction to Cloudsmith

  • First video of nine led by Dan and Ciara to guide you though the platform
  • Introduction to Cloudsmith and artifact management
  • Quick tour of the web application
  • First look at repositories, upstreams, and security options

2. configure organizations and teams

Set up your organization and add your teams

  • Create a workspace for your organization
  • Secure authentication, automated access, and robust policies
  • Configure service accounts for third-party integrations
  • Manage repository access using teams and SAML group sync
  • Explore how policies control artifact flow through your pipeline

3. Repositories, packages, and projects

Explore repository setup and configuration

  • Create multi-format repositories to support multiple package types
  • Control access with teams, roles, and service accounts
  • Advanced settings like retention rules, GeoIP restrictions, and webhooks
  • Connect upstream sources for dependency resolution
  • Publish packages and view metadata, signatures, and dependencies

4. Tracking packages and users

Use logs to track actions and downloads

  • Access fine-grained logs at workspace and repository level
  • Track package downloads, user actions, and configuration changes
  • Filter logs by time, format, actor, or repository
  • Export logs to Datadog, Elasticsearch, AWS Athena, or access them via API

5. Upstreams, security and policies

CI integration, artifact flow, and security

  • Set up a CI workflow with GitHub Actions
  • Pull dependencies from Cloudsmith with upstream caching
  • Authenticate securely using OIDC and service accounts
  • Push built artifacts to Cloudsmith
  • Enforce supply chain security with Enterprise Policy Management

6. enforcing compliance standards

Compliance in artifact management

  • The current state of compliance in the software supply chain
  • Risk reduction by tackling vulnerabilities, license issues, and unverified code
  • How standards like PCI DSS and ISO 27001 define best practices
  • Cloudsmith support for policy enforcement, tracking, and managing SBOMs

7. Package signing for secure package transfer

Signing to verify authenticity and integrity

  • Automatic use of cryptographic signatures
  • Adding your own signing keys
  • Native signing with Docker, Swift, and NuGet
  • Verifying a signed Docker image with Cosign
  • Checking the signature for trust and integrity

8. Distribution and public access

Distributing your artifacts to users

  • Cloudsmith provides global distribution via fully managed infrastructure
  • Entitlement tokens control private access with visibility and usage restrictions
  • Public broadcasts let you share packages through branded, customizable portals

9. Integrating tooling using the API

Managing artifacts with the Cloudsmith API

  • Automate any action using the Cloudsmith API
  • Test endpoints like package listings and audit logs in the API docs
  • Use Terraform to provision repositories and access controls
  • Set retention rules and define upstreams as code
  • Version and track infrastructure changes in your pipeline
Let's Chat
See a more personalized demo, tailored to your specific needs