Scan every container before it ships with Aikido

Cloudsmith gives you a single, secure home for every container image your teams ship, and the Aikido integration layers continuous vulnerability scanning on top without adding another registry to manage. Link scanned images back to their source repositories in Aikido to cut false positives and get clear, actionable severity findings instead of alert noise. Start on Aikido's free-forever plan and scale to advanced policy and reporting as your security program matures.

How we support Aikido

Cloudsmith stores every container image your teams build, and the Aikido integration turns that registry into a continuously monitored security checkpoint.
    Continuous container scanning
    Aikido scans container images stored in your Cloudsmith repositories for known vulnerabilities, so nothing you distribute goes unchecked.
    Scoped, secure authentication
    Connect Cloudsmith to Aikido with an API key or entitlement token scoped to only the permissions needed for scanning and access.
    Fewer false positives
    Link container images to their source code repositories in Aikido to deduplicate findings and cut through noisy, low-value alerts.
    Clear remediation guidance
    Every finding comes with severity levels and remediation steps, so your team knows exactly what to fix first and how to fix it.
    Free to start, built to scale
    Get going on Aikido's free-forever plan, then move to paid tiers as your scanning and reporting needs grow.

Why security teams pair Cloudsmith with Aikido

Disconnected scanners and manual triage leave security teams drowning in noise. Scanning containers where they already live closes the gap between storage and risk.
Without CloudsmithContainer vulnerabilities pile up as alert noise across disconnected scanners, leaving teams to manually triage thousands of findings.
With CloudsmithAikido scans containers directly in Cloudsmith and applies AI-driven triage, so your team only sees the vulnerabilities that actually matter.
Without CloudsmithSecurity teams have no visibility into what is actually stored and distributed from the artifact repository, creating blind spots between build and runtime.
With CloudsmithEvery container in Cloudsmith is continuously scanned by Aikido, closing the gap between where artifacts live and where risk is found.
Without CloudsmithDeduplicating findings across container images and source repositories takes manual correlation work that slows remediation down.
With CloudsmithLinking Cloudsmith container images to their code repositories in Aikido automatically deduplicates findings and speeds up fixes.

Frequently asked questions

  1. It connects your Cloudsmith container registry to Aikido so every image you push can be automatically scanned for known vulnerabilities, with results surfaced in Aikido's dashboard.

  2. In Aikido, search for the Cloudsmith integration, then authenticate using your Cloudsmith username, API key or entitlement token, and namespace before selecting the repositories to scan.

  3. Aikido requires your Cloudsmith username, an API key or entitlement token, and your namespace. Cloudsmith recommends scoping these credentials to only the permissions needed for scanning.

  4. Yes. After authenticating, you select the specific Cloudsmith container repositories you want Aikido to monitor, rather than scanning your entire account by default.

  5. Yes. Linking each container image to its relevant code repository in Aikido improves deduplication and analysis accuracy, cutting down on duplicate or irrelevant findings.

  6. Yes. Aikido offers a free-forever plan that includes container vulnerability scanning for Cloudsmith users, with paid plans available for more advanced features.

  7. Cloudsmith recommends scheduling regular scans in Aikido for continuous monitoring, and Aikido re-scans your selected repositories on an ongoing basis once connected.

  8. Aikido reports detailed findings for each container image, including severity levels and remediation steps, so your team knows exactly what to fix and how.

  9. No separate scanner is needed. Aikido scans images stored in Cloudsmith directly, so you get vulnerability coverage without standing up or maintaining another tool.

  10. Security and platform teams that store container images in Cloudsmith and want continuous vulnerability visibility without adding a heavyweight scanning stack are the best fit.

Integrations

Discover more Cloudsmith Integrations