Integrations/GitHub

GitHub Integration

GitHub powers your builds. Cloudsmith manages what those builds produce. Cloudsmith connects directly into your GitHub workflows to handle packages and dependencies throughout your CI/CD process. Teams can access dependencies through Cloudsmith via upstream caching, build and test with GitHub Actions, and then push completed artifacts back to Cloudsmith for storage, scanning, and distribution. Together, GitHub and Cloudsmith give development teams a consistent, secure path from source to delivery.

01/05

One workflow, complete coverage

Access dependencies, build in GitHub, and push finished artifacts back to Cloudsmith, all in one continuous process.

Security built in

Every artifact is scanned, governed, and authenticated through Cloudsmith policies and OIDC.

Developer-first design

Work entirely within familiar GitHub tools: Actions, CLI, and Dependabot. Cloudsmith stays out of the way until you need it.

Zero-trust ready

Short-lived credentials reduce risk without adding steps to your pipeline.

Built for scale

A cloud-native platform that grows with your projects, teams, and regions.

Cloudsmith GitHub Actions

Publish, promote, and automate packages directly from GitHub

Cloudsmith offers two GitHub Actions that bring artifact management into your CI/CD pipelines: Cloudsmith CLI Setup and Push. These Actions are designed to make artifact delivery simple and secure. They let teams move code from build to release with automation, consistency, and governance.
    Integrated publishing
    Push packages and containers to Cloudsmith repositories straight from GitHub.
    Repeatable automation
    Install and authenticate the Cloudsmith CLI in any workflow.
    Built-in checks
    Enforce policy rules and security scans automatically during release.
    Less friction
    Move from build to deployment without manual steps or extra tools.

Dependabot Integration

Keep dependencies up-to-date and trusted

Dependabot can pull directly from Cloudsmith repositories to track updates and vulnerabilities in the packages your projects use. By storing Cloudsmith credentials as GitHub secrets, Dependabot can raise pull requests when new or safer versions are available.
    Consistent insight
    Stay informed about dependency updates and security issues.
    Automated maintenance
    Let Dependabot handle version updates as part of your workflow.
    Verified sources
    Dependabot fetches from Cloudsmith, where every package is scanned and governed.
    Reduced Risk
    Spot potential vulnerabilities, early, before they make it into production.

OIDC Authentication

Authenticate securely, without managing credentials

Long-lived credentials create risk and extra maintenance. Cloudsmith supports OpenID Connect (OIDC) authentication for GitHub Actions, so workflows can request short-lived tokens instead of relying on static API keys. This keeps automation secure and simple to manage.
    Zero trust approach
    Every workflow uses short-lived, verified tokens.
    Simpler management
    No keys to store or rotate manually.
    Granular control
    Limit access to trusted repositories or organizations.

Integrations

Discover more Cloudsmith Integrations