Cloudsmith

Belfast, N. Ireland
2016
  |  By Maia Livingstone
In a rapidly evolving digital environment, organizations across various sectors—including technology firms, financial services, and manufacturing—rely on effective management of software artifacts to secure their software supply chains The risk of supply chain attacks has intensified, revealing vulnerabilities at every stage of artifact management. Compliance breaches, data leaks, and unvetted code present serious threats, and Cloudsmith aimed to tackle these challenges head-on.
  |  By Maia Livingstone
As software complexity advances, understanding what’s happening across every part of your software supply chain becomes crucial. You need to see where artifacts are used, how secure they are, and whether they meet compliance standards. The ability to capture this is known as observability. Observability goes beyond data collection to provide essential insights that help teams understand, troubleshoot, and enhance complex systems.
  |  By Maia Livingstone
As containerized environments evolve, effective artifact management is crucial for any organization using Kubernetes or similar ecosystems. Cloudsmith’s container registry now fully complies with the Open Container Initiative (OCI) distribution specification, allowing customers to store, secure, and distribute images and artifacts with greater efficiency.
  |  By Maia Livingstone
For organizations, distributing software artifacts effectively is crucial to building strong developer relationships and delivering a seamless experience. Yet, managing and personalizing the distribution of software packages—like SDKs or container images—can be challenging. Cloudsmith, a leader in cloud-native artifact management, has introduced Broadcasts to address these needs.
  |  By Ian Duffy
Explore how to use OpenID Connect (OIDC) to enable Kubernetes to pull Docker images from Cloudsmith without relying on long-lived credentials. This approach significantly enhances security and simplifies credential management.
  |  By Ciara Carey
This guide will walk you through configuring GitHub Dependabot to authenticate with Cloudsmith using OIDC.
  |  By Ciara Carey
Integrating Cloudsmith, a cloud-native artifact management platform, with Codefresh enhances your CI/CD workflows in several significant ways. Read this blog to learn more about this powerful combination, and its automation of artifact handling and simplification of deployments!
  |  By Dan McKinney
Packages in Cloudsmith repository are so much more than just “bits on disk”, and treating them as such is really doing them a disservice!
  |  By Dan McKinney
The difference between "Cloud Native" and "Cloud Hosted" products lies in their architecture, design philosophy, and how they leverage cloud infrastructure. Let’s break down the key distinctions.
  |  By Ciara Carey
Package promotion workflows are a great way to isolate and protect production repositories away from public upstreams, so they only receive clear and vetted packages.
  |  By Cloudsmith
During this pre-KubeCon online event, we will tackle the big questions that should be at the center of conversation at this year's event. If over 90% of software deployed is open-source; It's time for engineering leaders to make their IDP tooling bets. KubeCon is the opportunity to answer these big questions and share ideas. Don’t miss this opportunity to learn from the leading minds in the software supply chain management about the most pressing questions in the industry today ahead of the only event that matters.
  |  By Cloudsmith
Discover how Diligent transformed its software delivery process with Cloudsmith’s universal package management platform. By centralizing security, automating workflows, and enhancing compliance, Diligent achieved significant efficiency gains and scalable operations. With real-time insights and reduced manual tasks, their teams can now focus on innovation.
  |  By Cloudsmith
The European Parliament (EP) adopted a provisional version of the final text of the EU Cyber Resilience Act (CRA) on March 12, 2024, with the final version expected to be signed and published in October. The EU's CyberResilienceAct (CRA) proposes stringent cybersecurity requirements for digital products, aiming to bolster security against cyberattacks. While it promises safer hardware and software, it also raises questions for Open Source contributors and organizations.
  |  By Cloudsmith
In this session we will explore why prioritizing artifact management is essential in advancing to self-service IDPs and how adoption of Cloudsmith offers solutions to common challenges such as high infrastructure costs, managing security vulnerabilities, and maintaining productivity. Attendees will gain insights into best practices of implementing an artifact repository at the center of their CI/CD pipeline.
  |  By Cloudsmith
The second session of our three-part summer series will help you assess and enhance your DevOps team's capabilities in preparation for transitioning to platform engineering using Omdia’s DevOps Maturity Checklist as our guide.
  |  By Cloudsmith
As organizations continue to navigate the complexities of modern IT environments, the evolution from “DevOps” to “platform engineering” has emerged as a crucial next step in maximizing operational efficiency. By reimagining DevOps as platform engineering, organizations can create a more cohesive and streamlined approach to IT operations and development, breaking down the silos that often impede progress. In this webinar, the Cloudsmith team will explore Omdia’s latest Market Disruptors Report and discuss which critical success factors you need to consider before making the transition to platform engineering.
  |  By Cloudsmith
Optimized for distributed teams working at any scale, Cloudsmith is your single source of truth for software assets. Start your free trial today!
  |  By Cloudsmith
The Cloudsmith team is excited to announce our newly released support for Swift! Discover how Cloudsmith's new capabilities can revolutionize the way Swift developers manage dependencies.
  |  By Cloudsmith
Check out how to reduce the risk of data breaches by removing long-lived credentials from your CI/CD build pipelines using OpenID Connect (OIDC) authentication.
  |  By Cloudsmith
In our first instalment of DevOps Debriefs, join Cloudsmith and special guest Rob Godfrey, Senior Technical Architect at the Financial Times (FT) for a discussion on the crucial role of authentication and credential management in ensuring software pipeline security. We’ll discuss: Innovative strategies that empowered the Financial Times team to overcome software supply chain risks in their pipelines. How the team responded to the fallout of the CircleCI breach by using OIDC with CircleCI and Cloudsmith.

Cloudsmith, your friendly neighbourhood Package Management startup, is a fully managed 24/7 Software-as-a-Service (SaaS) for securely storing and sharing assets, packages and containers. We have distributed millions of packages for innovative companies around the world and specifically help with: development, for internal build pipelines and dependencies; deployment, for delivery pipelines to servers; and distribution, for sharing software to entitled users worldwide.

Our main office is in Belfast, UK, but our approach to software development and the Cloud allows people to contribute from all over the world.

Built for Engineers, by Engineers:

  • For Dev: Control the dependencies for your build/development pipelines. Share libraries privately with your teams, and develop your software securely.
  • For Ops: Deploy the artefacts for your delivery pipelines. Promote through delivery stages, and ignore unstable upstreams that will break you.
  • For Vendors: Distribute licensed software to customers, anywhere in the world. Define private access via entitlements, to ensure only entitled users get it.

The new standard in Package Management and Software Distribution.