Continuous Integration and Continuous Deployment (CI/CD) pipelines power modern DevOps. They enable teams to deliver software faster, with greater reliability and confidence. However, as development accelerates, ensuring security, compliance, and quality becomes increasingly complex. Automated policy checks streamline CI/CD pipelines by addressing these challenges directly.

Managing software artifacts across distributed teams and complex infrastructures securely demands proactive measures. Robust policy management is the best way to ensure compliance in your software supply chain. Cloudsmith, the leading cloud-native package management platform, can streamline policy management and strengthen security. Let’s explore why policy management matters and how we can simplify it for you.

2024 was a year of incredible stories. At Cloudsmith, we had the privilege of being part of our customers' journeys as they reached significant milestones, driving growth, innovation, and strengthened trust across the globe. Our customers led the way, leveraging Cloudsmith’s capabilities to enhance their workflows, scale their operations, and secure their software supply chains. Let’s explore the amazing progress our community made together and the stories behind these achievements.

What a year it’s been at Cloudsmith. As we look back on 2024, it’s hard not to feel a sense of pride - and even a little awe - at how far we’ve come. From a scrappy startup to a trusted partner for some of the biggest names in the world, this year has been a turning point, both for our company and the people who make it special. In this video, our CEO, Glenn Weinstein, reflects on the highs, the challenges, and the moments that defined this year for us.

Last month, Datadog announced an interesting and useful new feature they call the Supply-Chain Firewall (SCFW). It offers a real-time scanning approach that identifies vulnerabilities as developers pull packages from public registries like npmjs. It highlights the broader challenge organizations face when securing their software supply chain: managing risk consistently and efficiently at scale.

Migrating from JFrog Artifactory to a new artifact management platform like Cloudsmith can feel like a daunting task. We promise, it’s actually easier and more straightforward than you think! Our experience with other customers has shown that even if you have a complex setup with hundreds of teams and lots of binary artifacts, you can make the move to Cloudsmith fairly quickly. We can help arm you with a clear plan and best practices, so the transition can be seamless.

After a focused period of design and development, the new Cloudsmith web app is now available to all customers at app.cloudsmith.com. The new web app replaces the existing cloudsmith.io, which will be fully decommissioned in June 2025.

As software complexity advances, understanding what’s happening across every part of your software supply chain becomes crucial. You need to see where artifacts are used, how secure they are, and whether they meet compliance standards. The ability to capture this is known as observability. Observability goes beyond data collection to provide essential insights that help teams understand, troubleshoot, and enhance complex systems.

As containerized environments evolve, effective artifact management is crucial for any organization using Kubernetes or similar ecosystems. Cloudsmith’s container registry now fully complies with the Open Container Initiative (OCI) distribution specification, allowing customers to store, secure, and distribute images and artifacts with greater efficiency.

For organizations, distributing software artifacts effectively is crucial to building strong developer relationships and delivering a seamless experience. Yet, managing and personalizing the distribution of software packages—like SDKs or container images—can be challenging. Cloudsmith, a leader in cloud-native artifact management, has introduced Broadcasts to address these needs.