Cloudsmith loves open-source software (OSS). There, I said it.
Our co-founders, Alan Carson and Lee Skillen, recognized from the beginning that smart reuse is a core value of the software community. Companies that make developer tools have a special obligation to support OSS, which in the case of Cloudsmith means our membership in the Open Source Security Foundation (OpenSSF). It also means giving back to the community by hosting OSS repositories, and providing distribution capabilities.
In fact, OSS hosting is one of our earliest and most popular features. Any Cloudsmith user - even those on our free Core plan - can create OSS repositories, which we track separately from your public or private repos. OSS repos get 50GB of storage and 200GB of monthly bandwidth for free, as long as you attribute Cloudsmith in your readme. (There are a few other caveats, but that’s the main idea.)
We recently added some premium features - specifically, client logging and geo/IP controls - to every OSS repo hosted by Cloudsmith. We recognized that OSS maintainers need these controls, especially as their libraries gain popularity.
The recent xz Utils scare is a wake-up call for software companies. Most commercial software products are built on top of mountains of OSS; and by some estimates, up to 90% of all deployed production code is sourced from an OSS library. There are legitimate questions being asked today about whether commercial entities are doing enough to support the development and maintenance of the OSS that we all rely upon, and ultimately need to trust.
Cloudsmith is a foundational tool in protecting and securing the software supply chain. Organizations large and small use Cloudsmith to ensure they can have a single source of truth, and control the flow of every software ingredient that ultimately lands on their production servers and client devices. The explosion in OSS has demonstrated the need for security-oriented tools like Cloudsmith. While we help customers protect against vulnerabilities that can sneak into OSS, we also believe it’s part of our mission to support healthy development and distribution of OSS.
Like the headline on this blog says - Cloudsmith ♥ OSS.