Formats/SBT

Manage Your SBT Repositories on Cloudsmith

Cloudsmith gives your Scala and Java teams a secure, fully-managed home for sbt artifacts. Push, pull, and govern your dependencies with zero infrastructure overhead, backed by cloud-native performance and 600+ edge points of presence.

Universal format support

One platform for sbt and every other format your teams rely on.

  • Use sbt + 30 other formats in one place
  • Manage Scala and Java artifacts alongside containers, raw binaries, and OS packages
  • Centralise your entire software supply chain in a single, governed artifact store

How we support SBT

Cloudsmith gives Scala and Java teams a fully-managed, cloud-native home for sbt artifacts, with the controls your organisation actually needs.
    Native sbt publishing and resolution
    sbt 1.x uses Maven-style publishing with no additional plugins required. Point your build.sbt resolver at your Cloudsmith repository and start pushing artifacts immediately.
    Upstream proxying and caching
    Configure upstream sources such as Maven Central and cache resolved packages for faster, more reliable builds. Keep your teams productive even when external registries are slow or unavailable.
    Governance policies and quarantine
    Create and enforce policies governing which modules are permitted in your repositories. Block specific versions, require specific metadata fields, or quarantine packages that do not meet your criteria before any team member installs them.
    Granular access control
    Create public or private repositories with fine-grained team and user permissions. Issue scoped entitlement tokens to control exactly who can pull or publish, without exposing credentials in configuration files.
    Cloud-native, zero-ops infrastructure
    Cloudsmith is fully managed - no Nexus or Artifactory instances to patch, tune, or babysit. Get elastic scale, high availability, and 600+ edge PoPs out of the box.

Why teams choose Cloudsmith for SBT

Dependency resolution problems and brittle self-hosted infrastructure slow Scala teams down. Cloudsmith replaces that friction with a managed, policy-driven platform built for production.
Without CloudsmithDependency resolution fails in CI because network latency to Maven Central is unpredictable and external registries go down without warning, stalling builds across the team.
With CloudsmithCloudsmith proxies and caches upstream Maven and sbt repositories at the edge, so builds resolve from a fast, local mirror and keep running even when external sources are unavailable.
Without CloudsmithPlain-text credentials stored in .credentials and settings files get committed accidentally, exposing your private repository access to anyone who reads the repo history.
With CloudsmithCloudsmith supports encrypted credentials and environment variable interpolation, keeping secrets out of config files entirely. Scoped entitlement tokens further limit blast radius per team or pipeline.
Without CloudsmithSelf-hosted Nexus or Artifactory servers require constant maintenance, version upgrades, and capacity planning - work that distracts engineering teams from shipping product.
With CloudsmithCloudsmith is fully managed with no servers to provision or patch. High availability, global delivery, and automatic scaling are included, so your team focuses on Scala, not infrastructure.

Signs you're ready to switch to Cloudsmith for SBT

If your current sbt setup involves manual credential management, flaky upstream resolution, or self-hosted servers that require babysitting, Cloudsmith is the upgrade your team needs.
    Unreliable upstream resolution
    Network timeouts to Maven Central or other remote repositories cause intermittent CI failures. Cloudsmith proxies and caches upstream sources so your builds are insulated from external outages.
    No governance over incoming dependencies
    Your team pulls from public registries with no checks in place. Cloudsmith lets you enforce policies on which modules and versions are permitted, and quarantine non-compliant packages before they reach developers.
    Credential exposure risk
    Plain-text passwords in .credentials files are a recurring security incident waiting to happen. Cloudsmith supports encrypted credentials and token-based access that keeps secrets out of source control.
    Infrastructure overhead from self-hosted servers
    Nexus or Artifactory instances need patching, tuning, and capacity planning your engineers shouldn't be doing. Cloudsmith is fully managed, highly available, and scales automatically.
    Fragmented tooling across formats
    Separate registries for sbt, Docker, Python, and other formats create sprawl and operational complexity. Cloudsmith consolidates all 30+ formats into one platform with unified access controls and audit logs.

Get started with SBT on Cloudsmith

Frequently asked questions

  1. Yes. sbt 1.x uses Maven-style publishing by default, so no additional plugins are required to push artifacts to Cloudsmith. For sbt 0.x, you can use the Maven Wagon integration approach, with full setup instructions available in your repository's integrations tab.

  2. Add your Cloudsmith repository as a resolver in your build.sbt file using the Maven-compatible endpoint. You can then add your credentials to the ~/.sbt/.credentials file or use environment variable interpolation to keep secrets out of your configuration files.

  3. Yes. Cloudsmith supports upstream proxying for remote repositories such as Maven Central. You can also enable caching so that resolved packages are stored in your Cloudsmith repository for faster and more reliable future resolution, even when the upstream source is slow or unavailable.

  4. You can configure sbt to block incoming packages from any repository outside your Cloudsmith repository by setting Dsbt.override.build.repos to true in your sbtopts file and pointing the repository config at your Cloudsmith resolver. This gives you full control over which sources your team pulls from.

  5. Cloudsmith supports multiple authentication approaches. You can use encrypted credentials via the underlying Maven toolchain, or interpolate credentials from environment variables so they are never stored in configuration files. Cloudsmith also supports scoped entitlement tokens for fine-grained, per-team or per-pipeline access.

  6. Yes. Cloudsmith lets you create and enforce policies governing which modules and versions are permitted in your repositories. You can block specific versions, require specific metadata fields, or quarantine packages that do not meet your criteria before any team member installs them.

  7. Yes. All Cloudsmith repositories are multi-format. You can store sbt artifacts alongside Docker images, Python packages, Debian binaries, and any of the 30+ other supported formats within the same logical repository, with unified access controls and audit logs across all of them.

  8. Cloudsmith provides a fully managed platform that accepts Maven-compatible artifact uploads, so migrating existing sbt artifacts is straightforward. You can push packages using standard sbt publish commands and reconfigure your resolvers to point at Cloudsmith. Our team is available to support migrations of any scale.

  9. Cloudsmith supports SAML SSO, SCIM for automated user provisioning, OIDC for CI/CD pipeline authentication, and fine-grained team and entitlement token management. This covers the full range of enterprise identity requirements without requiring manual credential rotation.

  10. Cloudsmith is a fully managed, cloud-native platform with built-in high availability and no single points of failure. Artifact delivery is backed by 600+ edge points of presence globally, ensuring fast resolution times for distributed teams regardless of where they are located.

Formats

There’s more than just SBT on Cloudsmith