---
title: "Jenkins Integration with Cloudsmith"
description: "Connect Jenkins pipelines to Cloudsmith for secure, cloud-native artifact management. Push and pull packages across 30+ formats with OIDC authentication and full audit trails."
canonical_url: "https://cloudsmith.com/product/integrations/jenkins"
last_updated: "2026-05-07T10:42:40Z"
---
# Jenkins Integration with Cloudsmith

## Reliable artifact management for your **Jenkins** pipelines

Jenkins is one of the most widely used open-source automation servers in the world. Connect it to Cloudsmith to give every pipeline a secure, centralized artifact registry - supporting push, pull, and promotion across all your build formats without managing your own storage infrastructure.

Product / Integrations

## Jenkins Integration

Jenkins is an open-source automation server and build tool that allows developers to continuously integrate and deliver their software projects. Jenkins can be integrated with many other tools to enable complex pipelines and automations; including Cloudsmith.

## How we support **Jenkins**

Cloudsmith integrates with Jenkins via the CLI, REST API, and OIDC to give your pipelines a fully managed artifact registry with no infrastructure to run.

[Read our Jenkins documentation](https://docs.cloudsmith.com/integrations/integrating-with-jenkins)

### Push and pull across all build formats

Publish and consume packages in Maven, npm, Docker, Python, NuGet, Helm, and 25+ other formats directly from your Jenkinsfile using the Cloudsmith CLI or native format tooling.

### Keyless OIDC authentication

Authenticate Jenkins jobs to Cloudsmith without storing long-lived credentials. Configure Jenkins as an OIDC provider and exchange short-lived tokens for scoped Cloudsmith access on every build.

### Policy-gated artifact promotion

Mirror your pipeline stages in Cloudsmith repositories and move artifacts from dev to staging to production without re-uploading, while policy rules enforce quality and security gates at each stage.

### Vulnerability scanning on every publish

Every package pushed from a Jenkins job is automatically scanned for known CVEs. Quarantine rules can block vulnerable artifacts before they reach downstream consumers.

### Audit trail and full observability

Every push, pull, and promotion triggered by Jenkins is recorded in Cloudsmith's client and audit logs, giving you a complete provenance trail across all pipelines and environments.

## Why teams integrate Cloudsmith with **Jenkins**

Jenkins pipelines without a dedicated artifact registry lead to fragile builds, ad-hoc storage, and no visibility into what ships to production. Cloudsmith removes all of that.

| Without Cloudsmith | With Cloudsmith |

| --- | --- |

| Build artifacts pile up on the Jenkins controller or get shunted to ad-hoc S3 buckets with no version control, no access policy, and no single source of truth across teams. | Every artifact published from a Jenkins job lands in a versioned Cloudsmith repository with consistent naming, retention rules, and fine-grained access control from day one. |

| API keys for artifact registries are embedded in Jenkinsfiles or stored as plain-text environment variables, creating credential sprawl and a security risk on every compromised agent. | Jenkins authenticates to Cloudsmith via OIDC using short-lived tokens. No long-lived secrets stored anywhere - each build gets a scoped token that expires immediately after use. |

| There is no structured promotion path between environments. Teams re-download artifacts from staging and re-upload to production, wasting bandwidth and breaking the integrity chain. | Cloudsmith lets you promote artifacts between repositories without re-uploading. Provenance is preserved end to end, and every move is logged against the originating Jenkins build. |

## Frequently asked questions

### How do I connect Jenkins to Cloudsmith?

You can connect Jenkins to Cloudsmith using the Cloudsmith CLI or native package manager tooling inside your Jenkinsfile. Configure your Cloudsmith API key (or an OIDC token) as a Jenkins credential, then reference it in your pipeline to push or pull packages.

### Does Cloudsmith support OIDC authentication with Jenkins?

Yes. Cloudsmith supports OIDC-based authentication with Jenkins. You install the OpenID Connect Provider plugin in Jenkins, configure a service account and OIDC provider in Cloudsmith, and Jenkins jobs then exchange short-lived OIDC tokens for Cloudsmith JWT tokens - no stored API keys required.

### Which package formats can I push from a Jenkins pipeline?

Cloudsmith supports over 30 package formats including Maven, npm, Docker, Python (PyPI), NuGet, Helm, Debian, RPM, Go, Rust (Cargo), and more. You can publish any of these from a Jenkins build step using the Cloudsmith CLI or the native tooling for each format.

### How do I securely store Cloudsmith credentials in Jenkins?

Store your Cloudsmith API key as a Jenkins Secret Text credential and inject it into your pipeline with the Credentials Binding plugin. For higher security, use OIDC to eliminate static credentials entirely - each Jenkins job receives a scoped, short-lived token at runtime.

### Can I promote artifacts between environments from a Jenkins pipeline?

Yes. Cloudsmith lets you move artifacts between repositories representing different pipeline stages (dev, staging, production) without re-uploading. You can trigger promotions from Jenkins using the Cloudsmith API or CLI, and the full provenance trail is preserved.

### Does Cloudsmith scan artifacts pushed from Jenkins for vulnerabilities?

Yes. Every package pushed to Cloudsmith - including those from Jenkins builds - is automatically scanned for known CVEs. You can configure policies to quarantine or block vulnerable packages before they are consumed by other jobs or deployed downstream.

### Can I see which Jenkins build published a particular package?

Cloudsmith's client and audit logs record every upload event, including the credentials used. If you tag uploads with build metadata via the CLI, you get a direct link between each artifact version and the Jenkins build that produced it.

### Is there an example Jenkins pipeline I can use to get started?

Yes. Cloudsmith provides a reference Jenkins pipeline that demonstrates OIDC authentication and package publishing. You can find it linked from the Cloudsmith docs for Jenkins at docs.cloudsmith.com/integrations/integrating-with-jenkins.

### How does Cloudsmith compare to storing artifacts directly in Jenkins?

Jenkins is a build orchestrator, not an artifact store. Artifacts saved to the Jenkins controller get buried across hundreds of builds and are hard to share. Cloudsmith gives you a dedicated, versioned, access-controlled registry that persists independently of your Jenkins instance.

### Can multiple Jenkins pipelines share the same Cloudsmith repository?

Yes. Multiple Jenkins jobs and pipelines can push to and pull from the same Cloudsmith repository. You control access at the repository and team level, so different pipelines can share artifacts while maintaining the principle of least privilege.
