Belfast, N. Ireland
  |  By Glenn Weinstein
Sharing what i've learned as Cloudsmith's CEO, and how our customers use cloud-native artifact management to build with confidence.
  |  By Alan Carson
Add these must-haves to your selection matrix to find an artifact management tool that will transform your DevOps and software delivery.
  |  By Ciara Carey
Level up supply chain security and package management for your organizations Erlang and Elixir teams with Cloudsmith's Private Hex Repositories.
  |  By Ronan O'Dulaing
Digital threats are part of the development landscape, so how should you audit your software supply chain security to ensure you protect your pipeline? This blog will take you through the threats that are lurking and the steps you can follow to guard against them.
  |  By Paul May
Cloudsmith Navigator: a free tool designed to help software engineering teams select the best OSS packages for their projects.
  |  By Ciara Carey
Glimpse the golden insights Cloudsmith’s logs offer and see how easy it is to pull and analyze them like a pro.
  |  By Nick Peacock
One of our core motivations in building Cloudsmith is to make software developers' lives easier. We want Cloudsmith to be one of those great products that feels intuitive and automates everything. As we’re picking up more and larger customers, we’re seeing an increased need for migration tools. We want to make it as easy as possible for teams who are stuck using JFrog Artifactory, or Sonatype Nexus, or other legacy tools to move over to the joy of SaaS artifact management using Cloudsmith.
  |  By Alison Sickelka
Cloudsmith announces expanded support for System for Cross-domain Identity Management (SCIM) for user management and enhanced software supply chain security.
  |  By Glenn Weinstein
As the "new guy" here at Cloudsmith (I was named CEO in August), I'm learning more every day about how customers use us to protect their software supply chains. We're doing everything we can to give you a single source of truth for every artifact - whether it's an open source package, a Docker container, a Linux image - that enters your software supply chain, and everything that you produce on the other side.
  |  By Ciara Carey
EU law is changing for hardware and software makers. Here's your 2-minute summary of the Cyber Resilience Act.
  |  By Cloudsmith
Cloudsmith Navigator helps engineers select the highest quality OSS packages for their projects. Navigator integrates and analyses data on NPM, PyPi, RubyGems and Maven packages, and assigns each one a score based on security, maintenance and documentation.
  |  By Cloudsmith
See how we've saved PagerDuty from pipeline disruption, support bottlenecks and more with first-class performance and service.
  |  By Cloudsmith
Today we are going to take a lookback on trends in the DevOps and supply chain security space in 2023 What kind of year has 2023 been for DevOps? Are people generating SBOMs? Were there any mad vulnerabilities? Are we all using AI in our workflows? We have 3 wonderful panellists: Glenn Weinstein Cloudsmith CEO Josh Bressers VP of Security at Anchore, Podcaster, Blogger Luca Lanziani Head of DevOps and Platform Engineering @NearForm and Blogger.
  |  By Cloudsmith
Tune in to learn about how to consume open source securely using an OpenSSF framework donated by Microsoft.
  |  By Cloudsmith
A Node.js module with nearly two million downloads a week was compromised after the library was injected with malicious code programmed to steal bitcoins in wallet apps. Join us as we delve into a real-world zero-day supply chain attack. Understand the response that followed, and how attacks like this can be mitigated. Learn from David Gonzalez, Principal Engineer at Cloudsmith and Member of the Node.js security working group, as he walks us through the incident.
  |  By Cloudsmith
The rise and popularity of containers and Kubernetes have revolutionised the IT industry but also introduced a lot of complexity including a huge number of vulnerabilities coming from different container image layers. To master those vulnerabilities both DevOps and Security teams are struggling to prioritise and address them, often without sufficient clarity or accountable insights.
  |  By Cloudsmith
Software Bill of Materials (SBOM) are new and exciting, but what do they actually do and do you REALLY need one? If you read any security news lately, it seems like everyone is talking about how an SBOM can solve whatever problem they have, and they are years into their SBOM journey. But many of us don’t even know what they are.
  |  By Cloudsmith
“Overcoming Complexity and Cost” will delve into the challenges faced by software developers in managing complexity and reducing costs during the software development lifecycle. We will bring together industry experts to explore strategies, best practices, and emerging technologies that can empower developers to tackle these complex problems. Featuring: Mel Kaulfuss, Staff Developer Advocate, Buildkite Shanea Leven, Founder & CEO, CodeSee Tamara Miner, Principal Strategy Consultant, Pragma Moderated by Dan McKinney, Technical Account Manager, Cloudsmith.
  |  By Cloudsmith
While "secure software supply chain" can feel like a buzzword, the past 18 months have shown companies, open-source communities, and vendors making significant progress toward making it a reality. In this panel discussion, real-world practitioners will share their insights and experiences in securing the software supply chain. The panelists will cover a range of topics, from best practices in vulnerability management, risk assessment of open-source dependencies, and generating authenticated provenance, to the challenges of integrating security into the DevOps workflow. They will provide actionable strategies for improving security while maintaining development speed, and share real-world examples of how their organizations have successfully secured their software supply chains.
  |  By Cloudsmith
Any organization that has taken on the daunting task of securing their software supply chain knows the challenges, pitfalls and caveats that come with implementing security best practices. SLSA 1.0, a community-backed framework that provides a comprehensive checklist of security controls and standards, is here! So what does it mean for you and your organization? This session gathers SLSA experts from across the industry to discuss the practical uses of the framework.

Cloudsmith, your friendly neighbourhood Package Management startup, is a fully managed 24/7 Software-as-a-Service (SaaS) for securely storing and sharing assets, packages and containers. We have distributed millions of packages for innovative companies around the world and specifically help with: development, for internal build pipelines and dependencies; deployment, for delivery pipelines to servers; and distribution, for sharing software to entitled users worldwide.

Our main office is in Belfast, UK, but our approach to software development and the Cloud allows people to contribute from all over the world.

Built for Engineers, by Engineers:

  • For Dev: Control the dependencies for your build/development pipelines. Share libraries privately with your teams, and develop your software securely.
  • For Ops: Deploy the artefacts for your delivery pipelines. Promote through delivery stages, and ignore unstable upstreams that will break you.
  • For Vendors: Distribute licensed software to customers, anywhere in the world. Define private access via entitlements, to ensure only entitled users get it.

The new standard in Package Management and Software Distribution.