The world's best cloud native, enterprise-grade artifact management platform

We’re the 100% cloud, SaaS replacement for legacy artifact management solutions like JFrog Artifactory and Sonatype Nexus. Talk to us today about switching to Cloudsmith.

PagerDuty
Shopify
Font Awesome
American Airlines
ExpressVPN
Thrivent
PagerDuty
Shopify
Font Awesome
American Airlines
ExpressVPN
Thrivent

Control

Get control of your software supply chain with a single, observable home for every package and container

Secure

Protect your teams and mitigate compliance issues with scanning tools and our advanced policy engine

Distribute

Boost productivity and serve your customers with global artifact distribution and powerful analytics

Package scanned
Policies evaluated
Package cached
0%
Uptime
Proxy and cache
Package delivery
10 GB

Control

A single source of truth for every artifact and container

Cloudsmith is the only truly cloud-native, enterprise-grade artifact management solution.

Universal Support for Every Artifact

With 30+ formats supported, along with raw files of any type, Cloudsmith is the single source of truth for all your software.
SwiftRuby GemsPythonNPMMavenDockerBitbucket CI/CDBuildkiteGitHub ActionsTerraform ProviderTerraform ProviderGitHub ActionsBuildkiteBitbucket CI/CDDockerMavenNPMPythonRuby GemsSwift

Secure, Cloud-Native Container Registry

Cloudsmith’s container registry is fully Docker compatible and OCI compliant, making it a great place to store images close to other software assets
file:3d9897cfe027ecc7cbdb16e74a676ed143725ea2d08dbb0dde…/bin/sh -c set -eux; groupadd -r -g 999 redis; useradd…/bin/sh -c set -eux; apt-get update; apt-get install -…file:3d9897cfe027ecc7cbdb16e74a676ed143725ea2d08dbb0dde…file:3d9897cfe027ecc7cbdb16e74a676ed143725ea2d08dbb0dde…

Multi-format repositories

Store your software in a way that works for your teams with flexible, multi-format repositories.
tensorflow/tensorflowjunit-jupiter-api@5.11.4tf-training-data.zipnumpy@2.2.2lodash@4.17.21opencv@0.5.0Production5Packages123MB

Proxy and cache public upstreams

Isolate your teams from risks while improving uptime and observability with upstream proxies.

Analytics, usage monitoring

See what’s going on in your software supply chain using our monitoring and log features.
0MB100MB200MB300MB400MB500MB

Native package tools

Use language-native and OS-native tools to push and pull packages with zero friction

Package insights

Extract license, dependency and quality metadata from packages to drive policies

Best in class web app

Manage teams and artifacts via one data-driven, streamlined interface.

Log exports

Get down to the nitty gritty and feed your analysis projects with log file exports

Package promotion workflows

Move or copy packages between repositories in line with your own rules.

Command-line interface

Use our command line interface to get super hands-on with your workspace

Package signing

Sign your software artifacts to ensure they are what they say they are

Thorough documentation

Complete, developer-first documentation to help you get the most from Cloudsmith

Loved by teams around the world

Secure

Powerful tools to secure your software supply chain

Cloudsmith secures your enterprise by identifying threat signals, applying policies, and running your automations.

Scanning & Package Analysis

Scan packages for malware and vulnerabilities and feed scan results into our advanced policy management engine.
Scanning...Vulnerabilities found

Enterprise Policy Management

Build policies in OPA Rego syntax to control what packages get to your teams and pipelines, and what packages are blocked.
ConditionsActionsPackagesQuarantineVulnerabitiyCVE Severity - Critical1234567891011121314 policy
 rego.v1
max_cvss := cve_allowlist :=   match := match  target  input.v0.security_scan
packageimportdefaultfalseifsomesomein# maximum allowed CVSS score# array containing IDs of CVEs that have been explicitly allowed6}{[]"CVE-2023-32681"

Package quarantine, Package promotion

Quarantine packages for inspection and move approved packages forward to production.
ProductionStaging

SAML/SSO, SCIM Provisioning

Authenticate using SAML/SSO and use SCIM to automatically reflect org changes.
Jerôme Rodrigues@laffertyishJack Grenouille@jgrenouille

Full Audit Trail & Logging

Interrogate logs in the browser, query via our API, or export raw log files for detailed analysis.
pipeline.serviceGETSYSTEMCLEANUP_UPSTREAM_CACHESadmin.userDELETEpipeline.servicePATCHpipeline.serviceGETpipeline.serviceGETUSEREVENT

OIDC tokens

Authenticate against other services using ephemeral tokens, not stored secrets

Service accounts

Use service accounts and API keys to enable and monitor your pipelines

Team and users, permissions

Build teams and control user privileges to control who has access to your software

API-first

Use our comprehensive API to build your own customized Cloudsmith experience

Distribute

Software distribution built for global enterprises

Boost productivity and get software to customers fast using our global package distribution network

Global Scale, Zero Hassle

Respond to global demand effortlessly. We auto-scale, and serve packages from 600 points of presence worldwide.
LondonUKSao PaoloBrazilOhioUSAMumbaiIndiaTokyoJapanNorthern VirginiaUSAFrankfurtGermanyCaliforniaUSASingaporeSingaporeSydneyAustraliaOregonUSADublinIreland

High Availability

Downtime means unhappy teams and lost revenue. Cloudsmith is architected for high availability, with SLAs available for Ultra customers.
0%90-DAY UPTIME

Read-only distribution tokens

Grant read-only access to your software using our configurable Entitlement Tokens.
a9f3d7e2b6c1g8h5i4j0k2m7n9p3q6 READ ONLYmN7pQ5rT3vW1xZ9bC4F6H8J0K2LXYMREAD ONLYeyJhbGciOiJIUzI1NiIsInR5cCI6IkREAD ONLYSflKxwRJSMeKKF2QT4fwpMeJf36POk6READ ONLY

Broadcasts

Publish your software on the web via a customizable interface using Broadcasts.
Platform SDKPublic760190KBROADCAST

Happy distributed teams

Global teams love us; we’re fast, friendly, and value thorough documentation!
DocumentationGuidesAPI ReferenceCommunityGetting startedMigration to CloudsmithSupported FormatsIntegrationsTroubleshooting

600 global points of presence

Your packages are served via hundreds of POPS, positioned to minimize latency

Edge caching

Intelligent edge caching means packages are served from nearest location

Fault tolerance

If network issues occur, traffic is routed to the nearest available region

End-to-end encryption

Packages are encrypted at rest and in transit to ensure your IP is protected
G2 Logo
Cloudsmith is rated 4.7 stars
G2 high performer winter 2025G2 best results winter 2025G2 best usability winter 2025G2 high performer winter 2025G2 high performer small business winter 2025
Get started with Cloudsmith