Package repositories were never something I thought about as a developer unless something didn’t work. For example, if it was slow, wouldn’t connect, wouldn’t install, or was overly complicated to configure. Mostly I wanted something I barely noticed. Something simple and easy to use.
Continuous Packaging (CP) is a term that we use a lot at Cloudsmith, and it is one that we think will become a cornerstone in a secure software development process.
At Cloudsmith, using Multi-tenant repositories, we provide a simple and flexible solution to deploy and distribute your software artifacts. Multi-tenant repositories allow you to store artifacts of different formats in the same place. Organize your packages by environment, project, package type, or whatever way you see fit- we are not opinionated about how you organize your packages or containers.
At Cloudsmith, using Multi-format repositories, we provide a simple and flexible solution to deploy and distribute your software artifacts. Multi-format repositories allow you to store artifacts of different formats in the same place. Organize your packages by environment, project, package type, or whatever way you see fit- we are not opinionated about how you organize your packages or containers.
Security scanning provides an opportunity to target, track, and trace vulnerabilities introduced to your packages as soon as Cloudsmith has received a complete package upload. However what happens when you want to intercept the results of a scan immediately. An early warning can make a difference when distributing vulnerable packages to hundreds, thousands, or even millions of developers, devices, or systems globally.
The movement away from on-premise and towards the Cloud is unstoppable. Even the US government is on board with their plans to “accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).” On-prem software is deployed, hosted, and maintained by your organization.
In early 2020, threat actors breached the build systems of Solarwinds and used this access to add malicious code into one of SolarWinds products. The product, called “Orion”, is very widely used and deployed by tens of thousands of companies, including many Fortune 500 companies.
It’s official: regulations by the US and UK governments are coming down the track to secure the software supply chain.
At Cloudsmith, we believe that packaging should be at the centre of any modern build and deployment process. In fact, we think that Continuous Packaging is the glue that ties Continuous Integration and Continuous Deployment or Delivery together. So with that in mind, in this blog, we will take a walk through how easy it is to integrate Cloudsmith with a Semaphore CI workflow and push the artifacts and packages that you build to a private repository. TL:DR – It’s super easy.
Today, almost every service now is offered in a “Cloud” variant. But what does that really mean? Are all clouds services equal? It’s easy to see why so many vendors rush to add a Cloud edition/variant of established software they sell. Undoubtedly, there has been a move to Cloud services across the industry, as more and more organizations seek to take advantage of the higher reliability and lower total cost of ownership that Cloud platforms promise.
