Operations | Monitoring | ITSM | DevOps | Cloud

Cloudsmith’s Enterprise Policy Management (EPM) now supports the Exploit Prediction Scoring System (EPSS), a data-driven metric designed to estimate the probability of a software vulnerability being exploited in the wild. Using EPM in Cloudsmith, you can now use a package’s EPSS score to inform your package workflows, including those around Package Promotion and Package Quarantine.

Breaches in software artifact integrity can have severe consequences. Bad actors poison artifacts by injecting malicious code into software packages, libraries, or container images, tricking developers and users into downloading compromised artifacts. These attacks can lead to data breaches, system takeovers, and widespread supply chain disruptions. Continued artifact poisoning incidents highlight the increasing risk to software supply chains.

Today we announced Cloudsmith is officially a Series B company. This $23M fundraising round was led by TCV, with participation from Insight Partners, as well as most of our existing investors. What a vote of confidence in our team, our vision, and our market!

Enterprises should prioritize securing their software artifacts to protect intellectual property (IP), maintain compliance, and mitigate supply chain risks. A strong security posture requires a deep understanding of access management, distribution controls, compliance enforcement, and software lifecycle governance.

Continuous Integration and Continuous Deployment (CI/CD) pipelines power modern DevOps. They enable teams to deliver software faster, with greater reliability and confidence. However, as development accelerates, ensuring security, compliance, and quality becomes increasingly complex. Automated policy checks streamline CI/CD pipelines by addressing these challenges directly.

Managing software artifacts across distributed teams and complex infrastructures securely demands proactive measures. Robust policy management is the best way to ensure compliance in your software supply chain. Cloudsmith, the leading cloud-native package management platform, can streamline policy management and strengthen security. Let’s explore why policy management matters and how we can simplify it for you.

2024 was a year of incredible stories. At Cloudsmith, we had the privilege of being part of our customers' journeys as they reached significant milestones, driving growth, innovation, and strengthened trust across the globe. Our customers led the way, leveraging Cloudsmith’s capabilities to enhance their workflows, scale their operations, and secure their software supply chains. Let’s explore the amazing progress our community made together and the stories behind these achievements.

What a year it’s been at Cloudsmith. As we look back on 2024, it’s hard not to feel a sense of pride - and even a little awe - at how far we’ve come. From a scrappy startup to a trusted partner for some of the biggest names in the world, this year has been a turning point, both for our company and the people who make it special. In this video, our CEO, Glenn Weinstein, reflects on the highs, the challenges, and the moments that defined this year for us.

Last month, Datadog announced an interesting and useful new feature they call the Supply-Chain Firewall (SCFW). It offers a real-time scanning approach that identifies vulnerabilities as developers pull packages from public registries like npmjs. It highlights the broader challenge organizations face when securing their software supply chain: managing risk consistently and efficiently at scale.

Migrating from JFrog Artifactory to a new artifact management platform like Cloudsmith can feel like a daunting task. We promise, it’s actually easier and more straightforward than you think! Our experience with other customers has shown that even if you have a complex setup with hundreds of teams and lots of binary artifacts, you can make the move to Cloudsmith fairly quickly. We can help arm you with a clear plan and best practices, so the transition can be seamless.