---
title: "Cloudsmith Product Tour: Master Artifact Management"
description: "Explore demo videos on Cloudsmith—covering artifact management, CI/CD setup, security, compliance, and API automation for your software supply chain."
canonical_url: "https://cloudsmith.com/product-tour"
last_updated: "2026-06-19T11:08:14Z"
---
# Cloudsmith Product Tour: Master Artifact Management

## Product tour

1. Introduction and overview

## Start with this short introduction to Cloudsmith

- First video of nine led by Dan and Ciara to guide you though the platform
- Introduction to Cloudsmith and artifact management
- Quick tour of the web application
- First look at repositories, upstreams, and security options

2. configure organizations and teams

## Set up your organization and add your teams

- Create a workspace for your organization
- Secure authentication, automated access, and robust policies
- Configure service accounts for third-party integrations
- Manage repository access using teams and SAML group sync
- Explore how policies control artifact flow through your pipeline

3. Repositories, packages, and projects

## Explore repository setup and configuration

- Create multi-format repositories to support multiple package types
- Control access with teams, roles, and service accounts
- Advanced settings like retention rules, GeoIP restrictions, and webhooks
- Connect upstream sources for dependency resolution
- Publish packages and view metadata, signatures, and dependencies

4. Tracking packages and users

## Use logs to track actions and downloads

- Access fine-grained logs at workspace and repository level
- Track package downloads, user actions, and configuration changes
- Filter logs by time, format, actor, or repository
- Export logs to Datadog, Elasticsearch, AWS Athena, or access them via API

5. Upstreams, security and policies

## CI integration, artifact flow, and security

- Set up a CI workflow with GitHub Actions
- Pull dependencies from Cloudsmith with upstream caching
- Authenticate securely using OIDC and service accounts
- Push built artifacts to Cloudsmith
- Enforce supply chain security with Enterprise Policy Management

6. enforcing compliance standards

## Compliance in artifact management

- The current state of compliance in the software supply chain
- Risk reduction by tackling vulnerabilities, license issues, and unverified code
- How standards like PCI DSS and ISO 27001 define best practices
- Cloudsmith support for policy enforcement, tracking, and managing SBOMs

7. Package signing for secure package transfer

## Signing to verify authenticity and integrity

- Automatic use of cryptographic signatures
- Adding your own signing keys
- Native signing with Docker, Swift, and NuGet
- Verifying a signed Docker image with Cosign
- Checking the signature for trust and integrity

8. Distribution and public access

## Distributing your artifacts to users

- Cloudsmith provides global distribution via fully managed infrastructure
- Entitlement tokens control private access with visibility and usage restrictions
- Public broadcasts let you share packages through branded, customizable portals

9. Integrating tooling using the API

## Integrate tools using the Cloudsmith API

- Automate any action using the Cloudsmith API
- Test endpoints like package listings and audit logs in the API docs
- Use Terraform to provision repositories and access controls
- Set retention rules and define upstreams as code
- Version and track infrastructure changes in your pipeline

Policy Management

## Streamline workflows and build continuously using policy exemptions

- An end-to-end GitOps workflow for managing policy exemptions
- Demonstrates packages being quarantined via a policy
- Packages aded to an exemption list via GitHub and released

Policy Management

## Protect against supply chain attacks using cooldown policies

- Learn how supply chain attacks like shai-hulud, Axios, and Light LLM unfold
- Mitigate attacks by holding new, unvetted packages for a set period before they become available in builds
- Build strong controls over packages pre-ingestion, and continuously evaluate new threats

Let's Chat

[Book a demo](https://cloudsmith.com/book-a-demo)
