Cloudsmith has always performed signature and checksum validation at the core of the service - and today, we're introducing three awesome new ways to surface this information!
The package information page now includes a link to retrieve the raw GPG signature for a package, using all of the same authentication schemes we support for packages.
The package resource in the Cloudsmith API now provides a URL to retrieve the raw signature for a package and package file via the attribute signature_url.
Last (but by no means least) - our raw format has been updated to provide signature URLs on both our HTML and JSON indexes (where enabled within your repository). You can also append .asc to any raw file URL to retrieve the package signature directly.
These changes (and more upcoming) aim to give more visibility into the provenance of your software.
We are very pleased to announce that Cloudsmith now supports a 'Package Downloaded' webhook at request from our users. This new webhook will be triggered upon each package file fetch across all the formats that Cloudsmith supports; and provides data on the entitlement token, location, and user who accessed a package file. Some great use cases for…
Good news! Three major improvements for Docker support at Cloudsmith have been released. Assuming that you've been assigning semantic version tags to your Docker images, which is highly recommended, you can now sort Docker images by version. We'll also "elevate" the version tag to display as the main version for the Docker image, rather than just…
For a long time, we've supported the "main" types of artifacts for Maven (or Gradle, Leiningen, Sbt, etc.) packages: A POM file, the main package file, along with sources, javadocs and tests files; plus full support for "fatjars" (all-in-one packages with dependencies). This hasn't always been flexible when you've needed to attach additional files,…
In keeping with our focus on security, we are pleased to announce that you can now run on-demand vulnerability scans against supported package types, and also get the results of these scans via our API. This builds upon our existing package scanning functionality, which scans supported packages types upon upload. Now you can surface any new vulner…
Cloudsmith can help with our self-service approach to managing and defining storage and bandwidth limits to keep costs under control while allowing you to scale when needed. After all, no one wants to be caught between an unexpected bill for overages or any interruption to their business, no matter how minor. Now you can automate a solution that wo…
Following in the footsteps of Debian and Maven, we're very pleased to announce that RPM is the latest package format to support upstream caching and proxying. With Upstream Proxying, Cloudsmith will allow RPM clients configured to use your repository to see and download your existing repository packages, as well as all those defined in any connect…
By submitting this form, you agree to our privacy policy
