Integrations/Roadie

Surface Cloudsmith artifact data inside your Roadie developer portal

Roadie is a managed internal developer portal built on Backstage. The official Cloudsmith plugin for Roadie brings your artifact repository data directly into the portal your engineers already use every day, giving teams instant visibility into package stats, quota usage, audit logs, and security scan results without leaving the catalog.

How we support Roadie

Cloudsmith gives your Roadie portal a live view of every artifact repository your teams depend on. From package inventory to security scan results, the data your engineers need is right where they work.
    Repository stats at a glance
    The CloudsmithStatsCard displays key metrics for any Cloudsmith repository directly on your Roadie homepage, giving service owners an instant read on the packages their component depends on.
    Quota and usage monitoring
    The CloudsmithQuotaCard shows current bandwidth and storage consumption against your plan limits, so teams can act before they hit a ceiling rather than after.
    Audit log visibility
    The CloudsmithRepositoryAuditLogCard surfaces recent activity from a repository, giving platform and compliance teams a traceable record of changes without switching tools.
    Security scan results
    The CloudsmithRepositorySecurityCard highlights packages with known vulnerabilities directly in the portal, so teams can identify and remediate risks from the same view they use for everything else.
    Full package list per repository
    The CloudsmithPackageListCard lists every package in a configured repository, giving service owners a complete inventory alongside their catalog entry with no manual lookups required.

Why teams integrate Cloudsmith with Roadie

Scattered tooling forces engineers to context-switch just to check package health. Bringing Cloudsmith data into Roadie closes that gap and keeps your teams focused.
Without CloudsmithEngineers leave the Roadie portal and open the Cloudsmith UI separately to check package stats, quota consumption, or recent audit events. Every lookup is a context switch that slows teams down.
With CloudsmithRepository stats, quota usage, audit logs, and package lists are surfaced as cards on the Roadie homepage. Engineers get the full picture without ever leaving the portal.
Without CloudsmithVulnerable packages sit undetected until a separate security review catches them or a pipeline failure forces action. By then the blast radius is often wider than it needed to be.
With CloudsmithThe Cloudsmith security card in Roadie highlights packages with known vulnerabilities alongside the service that owns them. Teams spot issues early and remediate in the same workflow.
Without CloudsmithBandwidth and storage limits are invisible until they are breached. Teams discover overages reactively, often during a build or release, causing unexpected delays.
With CloudsmithQuota consumption is visible on the Roadie dashboard at all times. Teams can see how close they are to limits and plan ahead, keeping pipelines flowing without surprises.

Frequently asked questions

  1. The plugin adds five cards to your Roadie homepage: repository stats, quota and usage, audit logs, security scan results, and a full package list. Each card pulls live data from your Cloudsmith repositories via a backend proxy, so the information is always current.

  2. You provide a Cloudsmith API key as an environment variable on the Roadie backend. Roadie then uses a backend proxy to forward requests to the Cloudsmith API on behalf of the frontend cards. No credentials are ever exposed to the browser.

  3. Yes. The Cloudsmith Backstage plugin is an official Roadie plugin, maintained by the Roadie team in the roadie-backstage-plugins repository and listed in the Roadie plugin catalog. It is available directly from Roadie without additional configuration beyond installing the package.

  4. Yes. The plugin is distributed as the npm package @roadiehq/backstage-plugin-cloudsmith and works with both self-hosted Backstage instances and the managed Roadie platform. Installation steps differ slightly between the two, so follow the documentation that matches your setup.

  5. You can connect any Cloudsmith repository by providing the owner name and repository slug when rendering each card. Multiple cards can point to different repositories on the same Roadie homepage, giving teams visibility across all the artifact stores their services rely on.

  6. Yes. The CloudsmithRepositorySecurityCard displays packages with known vulnerabilities sourced from Cloudsmith's built-in security scanning. Teams see affected packages alongside their severity directly in the Roadie portal, enabling faster remediation without switching to the Cloudsmith UI.

  7. All API calls are made server-side through the Backstage proxy. The Cloudsmith API key is injected as a request header on the backend, meaning it is never sent to or stored in the browser. You set the key once as an environment variable and the plugin handles the rest.

  8. The CloudsmithQuotaCard in Roadie shows current bandwidth and storage usage alongside your plan limits. When consumption approaches the ceiling, the card makes it visible to any engineer looking at the homepage, giving your team time to act before a limit breach disrupts builds or deployments.

  9. Cloudsmith supports over 30 package formats including Docker, Helm, npm, Maven, PyPI, NuGet, Debian, RPM, and more. Regardless of the language or runtime your services use, Cloudsmith can store and serve the artifacts they depend on, and the Roadie plugin gives you visibility across all of them.

  10. The full setup guide is available at docs.cloudsmith.com under the Roadie integration page. It covers API key configuration, proxy setup, card installation, and how to wire cards to specific repositories. Roadie's own documentation at roadie.io also has a step-by-step guide for configuring the plugin on the managed platform.

Integrations

Discover more Cloudsmith Integrations