---
title: "Cloudsmith for Roadie: Artifact Visibility in Your Developer Portal"
description: "Surface Cloudsmith package stats, quota usage, audit logs, and security scan results directly inside your Roadie developer portal. Zero context switching for your engineering teams."
canonical_url: "https://cloudsmith.com/product/integrations/roadie"
last_updated: "2026-05-07T09:36:07Z"
---
# Cloudsmith for Roadie: Artifact Visibility in Your Developer Portal

## Surface Cloudsmith artifact data inside your **Roadie** developer portal

Roadie is a managed internal developer portal built on Backstage. The official Cloudsmith plugin for Roadie brings your artifact repository data directly into the portal your engineers already use every day, giving teams instant visibility into package stats, quota usage, audit logs, and security scan results without leaving the catalog.

Product / Integrations

## Integrate Cloudsmith with Roadie

Roadie is a service catalog platform that allows users to integrate a number of different APIs into one dashboard for ease of tracking key metrics in one place. Roadie works with Cloudsmith, meaning you can 

## How we support **Roadie**

Cloudsmith gives your Roadie portal a live view of every artifact repository your teams depend on. From package inventory to security scan results, the data your engineers need is right where they work.

[Read our Roadie documentation](https://docs.cloudsmith.com/integrations/roadie)

### Repository stats at a glance

The **CloudsmithStatsCard** displays key metrics for any Cloudsmith repository directly on your Roadie homepage, giving service owners an instant read on the packages their component depends on.

### Quota and usage monitoring

The **CloudsmithQuotaCard** shows current bandwidth and storage consumption against your plan limits, so teams can act before they hit a ceiling rather than after.

### Audit log visibility

The **CloudsmithRepositoryAuditLogCard** surfaces recent activity from a repository, giving platform and compliance teams a traceable record of changes without switching tools.

### Security scan results

The **CloudsmithRepositorySecurityCard** highlights packages with known vulnerabilities directly in the portal, so teams can identify and remediate risks from the same view they use for everything else.

### Full package list per repository

The **CloudsmithPackageListCard** lists every package in a configured repository, giving service owners a complete inventory alongside their catalog entry with no manual lookups required.

## Why teams integrate Cloudsmith with **Roadie**

Scattered tooling forces engineers to context-switch just to check package health. Bringing Cloudsmith data into Roadie closes that gap and keeps your teams focused.

| Without Cloudsmith | With Cloudsmith |

| --- | --- |

| Engineers leave the Roadie portal and open the Cloudsmith UI separately to check package stats, quota consumption, or recent audit events. Every lookup is a context switch that slows teams down. | Repository stats, quota usage, audit logs, and package lists are surfaced as cards on the Roadie homepage. Engineers get the full picture without ever leaving the portal. |

| Vulnerable packages sit undetected until a separate security review catches them or a pipeline failure forces action. By then the blast radius is often wider than it needed to be. | The Cloudsmith security card in Roadie highlights packages with known vulnerabilities alongside the service that owns them. Teams spot issues early and remediate in the same workflow. |

| Bandwidth and storage limits are invisible until they are breached. Teams discover overages reactively, often during a build or release, causing unexpected delays. | Quota consumption is visible on the Roadie dashboard at all times. Teams can see how close they are to limits and plan ahead, keeping pipelines flowing without surprises. |

## Frequently asked questions

### What does the Cloudsmith plugin for Roadie actually show?

The plugin adds five cards to your Roadie homepage: repository stats, quota and usage, audit logs, security scan results, and a full package list. Each card pulls live data from your Cloudsmith repositories via a backend proxy, so the information is always current.

### How do I authenticate Cloudsmith in Roadie?

You provide a Cloudsmith API key as an environment variable on the Roadie backend. Roadie then uses a backend proxy to forward requests to the Cloudsmith API on behalf of the frontend cards. No credentials are ever exposed to the browser.

### Is the Cloudsmith plugin an official Roadie plugin?

Yes. The Cloudsmith Backstage plugin is an official Roadie plugin, maintained by the Roadie team in the roadie-backstage-plugins repository and listed in the Roadie plugin catalog. It is available directly from Roadie without additional configuration beyond installing the package.

### Can I use the plugin with self-hosted Backstage as well as Roadie?

Yes. The plugin is distributed as the npm package @roadiehq/backstage-plugin-cloudsmith and works with both self-hosted Backstage instances and the managed Roadie platform. Installation steps differ slightly between the two, so follow the documentation that matches your setup.

### Which Cloudsmith repositories can I connect to Roadie?

You can connect any Cloudsmith repository by providing the owner name and repository slug when rendering each card. Multiple cards can point to different repositories on the same Roadie homepage, giving teams visibility across all the artifact stores their services rely on.

### Does the integration support Cloudsmith's security scanning features?

Yes. The CloudsmithRepositorySecurityCard displays packages with known vulnerabilities sourced from Cloudsmith's built-in security scanning. Teams see affected packages alongside their severity directly in the Roadie portal, enabling faster remediation without switching to the Cloudsmith UI.

### How does Cloudsmith handle authentication for the API calls made by Roadie?

All API calls are made server-side through the Backstage proxy. The Cloudsmith API key is injected as a request header on the backend, meaning it is never sent to or stored in the browser. You set the key once as an environment variable and the plugin handles the rest.

### What happens if my Cloudsmith quota is close to its limit?

The CloudsmithQuotaCard in Roadie shows current bandwidth and storage usage alongside your plan limits. When consumption approaches the ceiling, the card makes it visible to any engineer looking at the homepage, giving your team time to act before a limit breach disrupts builds or deployments.

### Does Cloudsmith support the formats my Roadie-connected services use?

Cloudsmith supports over 30 package formats including Docker, Helm, npm, Maven, PyPI, NuGet, Debian, RPM, and more. Regardless of the language or runtime your services use, Cloudsmith can store and serve the artifacts they depend on, and the Roadie plugin gives you visibility across all of them.

### Where can I find the full setup documentation for this integration?

The full setup guide is available at docs.cloudsmith.com under the Roadie integration page. It covers API key configuration, proxy setup, card installation, and how to wire cards to specific repositories. Roadie's own documentation at roadie.io also has a step-by-step guide for configuring the plugin on the managed platform.
