Scan every container before it ships with Aikido
Cloudsmith gives you a single, secure home for every container image your teams ship, and the Aikido integration layers continuous vulnerability scanning on top without adding another registry to manage. Link scanned images back to their source repositories in Aikido to cut false positives and get clear, actionable severity findings instead of alert noise. Start on Aikido's free-forever plan and scale to advanced policy and reporting as your security program matures.
How we support Aikido
Why security teams pair Cloudsmith with Aikido
Frequently asked questions
It connects your Cloudsmith container registry to Aikido so every image you push can be automatically scanned for known vulnerabilities, with results surfaced in Aikido's dashboard.
In Aikido, search for the Cloudsmith integration, then authenticate using your Cloudsmith username, API key or entitlement token, and namespace before selecting the repositories to scan.
Aikido requires your Cloudsmith username, an API key or entitlement token, and your namespace. Cloudsmith recommends scoping these credentials to only the permissions needed for scanning.
Yes. After authenticating, you select the specific Cloudsmith container repositories you want Aikido to monitor, rather than scanning your entire account by default.
Yes. Linking each container image to its relevant code repository in Aikido improves deduplication and analysis accuracy, cutting down on duplicate or irrelevant findings.
Yes. Aikido offers a free-forever plan that includes container vulnerability scanning for Cloudsmith users, with paid plans available for more advanced features.
Cloudsmith recommends scheduling regular scans in Aikido for continuous monitoring, and Aikido re-scans your selected repositories on an ongoing basis once connected.
Aikido reports detailed findings for each container image, including severity levels and remediation steps, so your team knows exactly what to fix and how.
No separate scanner is needed. Aikido scans images stored in Cloudsmith directly, so you get vulnerability coverage without standing up or maintaining another tool.
Security and platform teams that store container images in Cloudsmith and want continuous vulnerability visibility without adding a heavyweight scanning stack are the best fit.