Cloudsmith is excited to announce that Policy Management is in early access for customers. With Policy Management, you can automatically quarantine packages based on insights about your software artifacts, ensuring compliance and reducing software supply chain risk.
Currently, customers can set license policies and vulnerability policies.
License policies enable you to meet organizational compliance on what licenses can or cannot be included within your software supply chain.
With license policies, you can define a set of licenses not allowed for use within your Cloudsmith organization. When a package contains one of those licenses, the package will be automatically quarantined and unavailable for download. You can also automatically quarantine any package with an unknown license.
Read the documentation for License Policy
You can reduce your software supply chain risk by implementing vulnerability policies for your artifacts.
With vulnerability policies, you can set a vulnerability threshold for what is allowable within your Cloudsmith organization and the action you want to automate when a package exceeds that threshold.
For example, you could define a vulnerability policy where any package with a critical vulnerability will be automatically quarantined and unavailable for download. Or you could set up a vulnerability policy where any package with a medium vulnerability gets flagged and reported. Or, you could combine the two policies and quarantine packages with critical vulnerabilities but only flag packages with medium and high vulnerabilities.
Read the documentation for Vulnerability Policy
If you are interested in Policy Management, please contact us, and we'd be happy to enable access.
A quick note to let you know we are unaffected by the recent Silicon Valley Bank collapse. Rest assured, we are well capitalized, with our holdings diversified, and have supportive investors and knowledgeable advisors, and we are proactively monitoring the situation. If we can be of any assistance to our customers, please get in touch with us thro…
With the Rust team's announcement of the 1.68.0 version of Rust, Cloudsmith is happy to announce our support for the new "sparse" registry protocol, which has been stabilized as part of version 1.68.0. Cargo is the package manager for Rust, a programming language empowering everyone to build reliable and efficient software. Cloudsmith customers wh…
It's easier than ever to automate provisioning and updating Cloudsmith resources with the latest version of Cloudsmith's Terraform Provider. With the latest version, customers can now: Create and manage repositories, including updating repository settings Create and manage entitlement tokens, granting read-only access to end users Create and man…
Power users of the Cloudsmith API and CLI have long enjoyed search functionality of repository entitlement tokens. Today we're delighted to announce that our UI-using friends are now also covered! Entitlement token search uses the same query syntax as our other search fields and provides a simple way to perform searches based on name, kind, or ass…
Great news! We've just released an integration with Roadie, a start-up that provides SaaS for Backstage, a service catalog open-sourced by Spotify that automatically tracks your microservices. Organizations use Roadie to build a software catalog and developer portal for internal systems, centralizing information in one convenient location. We kno…
Great news! Based on customer feedback, we've made improvements to how you manage access and permissions for Service Accounts, improving their usability and extending the capabilities of what a Service Account can do. What's changed? With this release, there are two key feature improvements. First, Service Accounts can now be assigned a manager…
By submitting this form, you agree to our privacy policy
