Package vulnerability scanning is a key step in securing your software delivery pipeline and reducing the risk of releasing insecure software into production. Cloudsmith makes it easy for your team to introduce vulnerability scanning by automatically scanning every supported package format pushed to a Cloudsmith repository or fetched from a cachin…

This week, the Cloudsmith team made the following improvements: Update support for Chocolatey/NuGet/PowerShell packages so that leading zeros in the package version metadata are retained Allow service accounts access to the list entitlements endpoint in an org with 2fa active

We've updated the Cloudsmith application landing page to include tabbed navigation to make it easier for users to complete critical tasks, such as user and team management, accessing audit logs, and more. Now, when a user signs into the Cloudsmith application, they will get an overview of their primary organization's repositories, with tabbed navi…

This week, the Cloudsmith team made the following improvements: Improve UX of filter toggles on entitlements page Fixed bug when pressing enter on 2FA deletion form Fix an error in the docker api. User with an entitlement token received a http 500 response when they should have received a http 403. Fixed issue where token creation or deletion a…

This week, the Cloudsmith team made the following improvements: The NPM format now uses semantic versioning to determine the latest package, in line with most other formats on the service Terraform backend updated to support semantic versioning pre-releases and build metadata. Fixed an issue where organization invites emails could sometimes cont…

Good news! We've updated Cloudsmith's SAML Single Sign-On capabilities to include SAML Group Sync. This new functionality streamlines team management and reduces onboarding time for new team members. SAML Group Sync maps an attribute from your Identity Provider to a team in your Cloudsmith Organization. This allows you to add or remove users from…