---
title: "Raw and Generic Artifact Repository | Cloudsmith"
description: "Store, secure, and distribute any binary or file type alongside your packages and containers. Cloudsmith is the single source of truth for all software artifacts."
canonical_url: "https://cloudsmith.com/product/formats/raw-repository"
last_updated: "2026-05-06T18:35:52Z"
---
# Raw and Generic Artifact Repository | Cloudsmith

## One repository for **every artifact**, not just packages

Cloudsmith provides a single control point for your entire software supply chain. While we support more than 30 native formats, modern pipelines often rely on assets that fall outside standard ecosystems, like vendor installers, release binaries, or custom scripts.

Cloudsmith is the single home for all of these assets, bringing them under the same security and visibility as the rest of your software.


## Create A Private Repository for Any Software Asset

Any file, any extension. Cloudsmith supports storage and distribution of any software asset or file useful in your workflow. Use our Raw file support for machine learning models, datasets, images or whatever. You get all the benefits of a Cloudsmith repository - affordable, cloud-native, high performance

Universal artifact support

## **Every artifact type, one platform.** Cloudsmith stores packages, containers, binaries, and raw files — including assets that fall outside standard ecosystems.

- Use Raw Artifacts + 30 other package formats
- Store ML models, datasets, and raw files alongside language packages
- Distribute vendor binaries, custom installers, and release assets with full access control

## How we support **Raw and Generic Artifacts**

Modern pipelines rely on assets that fall outside standard ecosystems. Cloudsmith gives every team a single home for those assets, with the same security and visibility as the rest of your software.

[Read our Raw Artifacts documentation](https://docs.cloudsmith.com/formats/raw-repository)

### Store any file, any extension

Raw repositories accept any file type with no format restrictions. Upload vendor installers, firmware images, ML model weights, datasets, custom scripts, or release bundles and serve them through a private, versioned endpoint.

### Proxy and cache external HTTP sources

Generic repositories let Cloudsmith fetch and cache artifacts from external HTTP or HTTPS sources. Your pipelines always pull from a stable internal endpoint, even when upstream content changes or disappears.

### Consistent security across every asset

Apply the same access controls, OIDC authentication, OPA Rego policies, and audit logs to raw files as you do to NPM packages or Docker images. No second-class assets.

### Multi-format repositories

Store raw files and package formats in the same repository. Organise by team, project, or environment without spinning up separate tooling for non-standard assets.

### CDN-backed global distribution

Cloudsmith serves all artifacts, including large raw files, through 600+ edge points of presence. Teams anywhere in the world download from the nearest location automatically.

## Why teams choose Cloudsmith for **Raw and Generic Artifacts**

Vendor installers, release binaries, and custom scripts don't fit neatly into standard package ecosystems. Without a proper home, they end up scattered across S3 buckets, shared drives, and ad-hoc storage. Cloudsmith consolidates everything.

| Without Cloudsmith | With Cloudsmith |

| --- | --- |

| Raw files live in S3 buckets or shared drives with no versioning, no audit trail, and inconsistent access controls. Engineers have no idea what version of a binary is in production. | Every raw file is versioned, audited, and served from a private endpoint with the same RBAC and token-based auth you use for all other formats. Full traceability, no guesswork. |

| Pipelines pull directly from external HTTP sources, GitHub releases, or vendor CDNs. When upstream content moves or disappears, builds break and teams scramble. | Generic repositories proxy and cache external sources inside Cloudsmith. Your pipelines always pull from a stable internal URL, with no exposure to upstream outages or changes. |

| Compliance teams have no visibility into custom binaries, vendor installers, or proprietary assets. Security scanning and policy enforcement only cover package-format artifacts. | Raw and Generic repositories are first-class citizens in Cloudsmith. Vulnerability scanning, OPA Rego policies, and client logs cover every file type, keeping compliance teams confident. |

## Signs you're ready to switch to Cloudsmith for **Raw and Generic Artifacts**

If assets that fall outside standard ecosystems live in a different system from your packages, you don't have a single source of truth. Cloudsmith is the single home for all your software assets.

[Book a demo with one of our experts](/book-a-demo)

### Your binaries live outside your artifact manager

If raw files, firmware images, or ML model weights are sitting in S3 or a shared drive, they lack the access controls and audit trails your security team requires. Cloudsmith brings them under the same governance as your packages.

### Upstream outages break your builds

Pulling vendor binaries or GitHub releases directly into CI makes your pipeline fragile. Cloudsmith's Generic repositories cache those assets internally so upstream changes never reach your build.

### Security policies don't cover non-package assets

OPA Rego policies and vulnerability scanning should apply to every artifact, not just NPM or Maven packages. Cloudsmith enforces consistent policy across raw files and generic artifacts too.

### Distributing to partners is manual and fragile

Emailing installers or sharing S3 pre-signed URLs doesn't scale. Cloudsmith gives partners a versioned, authenticated endpoint with EULA gating and download tracking built in.

### You're running separate tools for each asset type

A dedicated registry for packages, another for containers, and ad-hoc storage for everything else creates operational overhead and visibility gaps. Cloudsmith consolidates all formats, including raw files, in one platform.

## Get started with **Raw Artifacts** on Cloudsmith

[Book a demo](/book-a-demo)

[View pricing](/pricing)

## Frequently asked questions

### What file types can I store in a Raw repository?

Any file type, with no restrictions on extension or format. Raw repositories are designed for arbitrary binary assets, including firmware images, vendor installers, ML model weights, datasets, custom scripts, compiled executables, and more.

### What is the difference between a Raw repository and a Generic repository?

Raw repositories are for direct upload and distribution of files you own and manage. Generic repositories are for proxying and caching artifacts from external HTTP or HTTPS sources, such as GitHub releases or vendor download pages, bringing them into your controlled Cloudsmith environment.

### Can I store raw files alongside language packages in the same repository?

Yes. Cloudsmith supports multi-format repositories, so you can store NPM packages, Docker images, Python wheels, and raw binary files all within the same repository. This is central to Cloudsmith's role as a single source of truth for all software artifacts.

### How do I authenticate when pushing or pulling raw files?

Cloudsmith supports API key authentication, OIDC-based keyless auth for CI/CD pipelines, and entitlement tokens for downstream distribution. The same authentication mechanisms that apply to package formats also apply to raw and generic artifacts.

### Do security scanning and policy enforcement apply to raw artifacts?

Yes. OPA Rego policies can be applied to any artifact type in Cloudsmith, including raw files. While file-level vulnerability scanning requires format-specific metadata, access policies, quarantine rules, and audit logging all apply consistently to raw and generic artifacts.

### Can I use Generic repositories to replace direct pulls from GitHub releases or vendor CDNs?

Yes. Generic repositories act as a caching proxy for external HTTP or HTTPS sources. Once configured, your pipelines pull from a stable Cloudsmith endpoint rather than the upstream source. If the upstream changes or goes down, your pipelines continue to work.

### How does Cloudsmith handle versioning for raw files?

Every file uploaded to a Raw repository is stored with version metadata. You can query specific versions via the API or CLI, and all uploads are tracked in the audit log so you know exactly who uploaded what, and when.

### Can I distribute raw artifacts to external partners or customers?

Yes. Cloudsmith supports entitlement tokens and EULA gating for downstream distribution. You can issue scoped tokens to partners or customers with read-only access, require EULA acceptance before download, and track all download activity through client logs.

### How does Cloudsmith compare to storing binaries in S3 or a shared drive?

S3 and shared drives provide storage but lack versioning, fine-grained access control, audit logging, and policy enforcement that artifact management demands. Cloudsmith wraps the same underlying durability with a purpose-built artifact management layer, including RBAC, token auth, OPA Rego policies, and a full audit trail.

### How do I get started with Raw or Generic repositories on Cloudsmith?

You can create a Raw or Generic repository directly from the Cloudsmith dashboard or via the API. Full setup guides, CLI instructions, and configuration examples are available in the Cloudsmith documentation at docs.cloudsmith.com.
