Enterprises should prioritize securing their software artifacts to protect intellectual property (IP), maintain compliance, and mitigate supply chain risks. A strong security posture requires a deep understanding of access management, distribution controls, compliance enforcement, and software lifecycle governance.

Continuous Integration and Continuous Deployment (CI/CD) pipelines power modern DevOps. They enable teams to deliver software faster, with greater reliability and confidence. However, as development accelerates, ensuring security, compliance, and quality becomes increasingly complex. Automated policy checks streamline CI/CD pipelines by addressing these challenges directly.

Managing software artifacts across distributed teams and complex infrastructures securely demands proactive measures. Robust policy management is the best way to ensure compliance in your software supply chain. Cloudsmith, the leading cloud-native package management platform, can streamline policy management and strengthen security. Let’s explore why policy management matters and how we can simplify it for you.

2024 was a year of incredible stories. At Cloudsmith, we had the privilege of being part of our customers' journeys as they reached significant milestones, driving growth, innovation, and strengthened trust across the globe. Our customers led the way, leveraging Cloudsmith’s capabilities to enhance their workflows, scale their operations, and secure their software supply chains. Let’s explore the amazing progress our community made together and the stories behind these achievements.

What a year it’s been at Cloudsmith. As we look back on 2024, it’s hard not to feel a sense of pride - and even a little awe - at how far we’ve come. From a scrappy startup to a trusted partner for some of the biggest names in the world, this year has been a turning point, both for our company and the people who make it special. In this video, our CEO, Glenn Weinstein, reflects on the highs, the challenges, and the moments that defined this year for us.

Last month, Datadog announced an interesting and useful new feature they call the Supply-Chain Firewall (SCFW). It offers a real-time scanning approach that identifies vulnerabilities as developers pull packages from public registries like npmjs. It highlights the broader challenge organizations face when securing their software supply chain: managing risk consistently and efficiently at scale.

Migrating from JFrog Artifactory to a new artifact management platform like Cloudsmith can feel like a daunting task. We promise, it’s actually easier and more straightforward than you think! Our experience with other customers has shown that even if you have a complex setup with hundreds of teams and lots of binary artifacts, you can make the move to Cloudsmith fairly quickly. We can help arm you with a clear plan and best practices, so the transition can be seamless.

After a focused period of design and development, the new Cloudsmith web app is now available to all customers at app.cloudsmith.com. The new web app replaces the existing cloudsmith.io, which will be fully decommissioned in June 2025.

In a rapidly evolving digital environment, organizations across various sectors—including technology firms, financial services, and manufacturing—rely on effective management of software artifacts to secure their software supply chains The risk of supply chain attacks has intensified, revealing vulnerabilities at every stage of artifact management. Compliance breaches, data leaks, and unvetted code present serious threats, and Cloudsmith aimed to tackle these challenges head-on.