Integrations/Zapier

Connect Zapier to Cloudsmith webhook events

Cloudsmith fires webhooks on every package event - upload, sync, scan, failure. Pair that with Zapier and your entire tool stack reacts automatically, with no custom integration code required.

How we support Zapier

Cloudsmith emits webhooks for every meaningful repository event. Zapier turns those signals into automated actions across thousands of apps, giving your team real-time visibility and hands-free workflows.
    Rich repository event triggers
    Cloudsmith fires webhook events when packages are uploaded, synchronising, synchronised, or failed. Subscribe to any subset of events and route them to Zapier to kick off downstream workflows.
    Vulnerability scan notifications
    Every time Cloudsmith completes a security scan, it dispatches a vulnerability webhook carrying the scan result and severity summary. Use Zapier to open a Jira ticket, ping Slack, or escalate based on severity.
    CI/CD pipeline triggers
    When a package syncs to your production repository, Cloudsmith can fire a webhook that Zapier forwards to your deployment tool - giving you event-driven promotion without polling or manual steps.
    Filtered event delivery
    Attach a package search query to any webhook so only matching packages trigger it. Filter by name, tag, format, or any supported search field to keep downstream noise to a minimum.
    Handlebars payload templating
    Shape your webhook payload using Handlebars templates before it reaches Zapier. Build Slack-compatible JSON, custom fields, or any structure your downstream app expects - no middleware required.

Why teams integrate Cloudsmith with Zapier

Without an event-driven connection between your artifact registry and your toolchain, teams rely on polling, manual checks, and brittle scripts. Cloudsmith webhooks and Zapier replace all of that.
Without CloudsmithTeams poll repositories or check dashboards manually to find out whether a package has synced. Deployments wait on human confirmation before proceeding.
With CloudsmithA Cloudsmith webhook fires the moment a package synchronises. Zapier forwards the event to your CI/CD tool or messaging app and the next stage starts automatically.
Without CloudsmithVulnerability scan results sit in the Cloudsmith UI until someone notices. High-severity findings can go unactioned for hours while developers work on other things.
With CloudsmithEvery completed scan dispatches a webhook. Zapier routes it to Jira, PagerDuty, Slack, or any app in your stack so your security team is alerted the moment results are available.
Without CloudsmithConnecting your artifact registry to the rest of your toolchain requires custom webhook consumers, dedicated infrastructure, and ongoing maintenance from your engineering team.
With CloudsmithPoint Cloudsmith webhooks at a Zapier catch URL. Zapier handles routing, retries, and delivery to thousands of apps with no code and no infrastructure to maintain.

Frequently asked questions

  1. Cloudsmith supports repository-level package events including: package uploaded, package synchronising, package synchronised, and package failed. It also fires vulnerability webhooks each time a security scan completes, carrying the scanned package identity and a severity summary.

  2. Create a Zap using the Webhooks by Zapier trigger, set the trigger type to Catch Hook, and copy the generated URL. Paste that URL as the endpoint when creating a webhook in your Cloudsmith repository. Cloudsmith will then POST event payloads directly to Zapier whenever the subscribed event fires.

  3. Yes. When creating a webhook in Cloudsmith you can attach a package search query. Only packages matching the query will fire the webhook. You can filter by name, tag, format, and other supported search fields, keeping downstream Zapier workflows focused on the events that matter.

  4. Cloudsmith supports two authentication approaches: HMAC-based signature verification, where each payload is signed and the receiver can validate it, and a configurable secret header and value pair that is sent with every request. Use either to confirm that incoming payloads genuinely originate from Cloudsmith.

  5. Anything Zapier supports. Common patterns include opening Jira tickets on vulnerability findings, posting package sync notifications to Slack or Microsoft Teams, triggering CircleCI or GitHub Actions runs on package promotion, and logging package events to Sheets or a data warehouse for audit purposes.

Integrations

Discover more Cloudsmith Integrations