Belfast, N. Ireland
  |  By Ciara Carey
On January 4, 2023, CircleCI warned its customers to rotate “any and all secrets” after a compromise by an unauthorized third party.
  |  By Glenn Weinstein
CEO Glenn Weinstein highlights Cloudsmith's support of the open source community.
  |  By Ciara Carey
Ciara Carey reflects on her experience at the KubeCon event in Paris including her top 10 talks and current industry trends.
  |  By Karen Gardner
The wins just keep coming! Today we celebrate fresh evidence of the mark we're making in the industry.
  |  By Jack Gibson
Cloudsmith now supports upstream proxying and caching for CRAN's R packages. That means simpler, more reliable integration of third-party packages into your organization's development process. Better software, faster!
  |  By Victor Suarez
Learn about Cloudsmith's recent ISO 27001:2013 recertification, highlighting the team's unwavering commitment to security excellence and customer trust.
  |  By Glenn Weinstein
Sharing what i've learned as Cloudsmith's CEO, and how our customers use cloud-native artifact management to build with confidence.
  |  By Alan Carson
Add these must-haves to your selection matrix to find an artifact management tool that will transform your DevOps and software delivery.
  |  By Ciara Carey
Level up supply chain security and package management for your organizations Erlang and Elixir teams with Cloudsmith's Private Hex Repositories.
  |  By Ronan O'Dulaing
Digital threats are part of the development landscape, so how should you audit your software supply chain security to ensure you protect your pipeline? This blog will take you through the threats that are lurking and the steps you can follow to guard against them.
  |  By Cloudsmith
Optimized for distributed teams working at any scale, Cloudsmith is your single source of truth for software assets.
  |  By Cloudsmith
Open Source Software (OSS) presents boundless opportunities, and organizations face challenges in securely leveraging OSS Join Cloudsmith and Chainguard as we talk about the easy way to securely consume OSS. Discover S2C2F best practices for securely consuming OSS and understand how Cloudsmith's Cloud Native Artifact Management aligns with these standards. Learn about Chainguard zero CVE images drastically reduce vulnerabilities and image attack surface.
  |  By Cloudsmith
Worried about supply chain attacks and hidden vulnerabilities compromising your organization's software integrity? Join Alison Sickelka, VP Product, and Ciara Carey, Developer Relations, as they lead our webinar, 'Practical Workflows for Managing Vulnerabilities using Cloudsmith.' Discover how Cloudsmith serves as your organization's central source of truth for builds, mitigating risks, optimizing workflows, and ensuring global distribution.
  |  By Cloudsmith
Join us for a demo and Q&A on Cloudsmith's cloud native, global, universal artifact management platform! Learn how Cloudsmith can help you distribute software globally, secure your software supply chain, optimize your workflow and reduce infrastructure costs!
  |  By Cloudsmith
Listen to Rust expert Carol Nichols discuss how adopting a memory-safe language like Rust can significantly reduce vulnerabilities.
  |  By Cloudsmith
Cloudsmith Navigator helps engineers select the highest quality OSS packages for their projects. Navigator integrates and analyses data on NPM, PyPi, RubyGems and Maven packages, and assigns each one a score based on security, maintenance and documentation.
  |  By Cloudsmith
See how we've saved PagerDuty from pipeline disruption, support bottlenecks and more with first-class performance and service.
  |  By Cloudsmith
Today we are going to take a lookback on trends in the DevOps and supply chain security space in 2023 What kind of year has 2023 been for DevOps? Are people generating SBOMs? Were there any mad vulnerabilities? Are we all using AI in our workflows? We have 3 wonderful panellists: Glenn Weinstein Cloudsmith CEO Josh Bressers VP of Security at Anchore, Podcaster, Blogger Luca Lanziani Head of DevOps and Platform Engineering @NearForm and Blogger.
  |  By Cloudsmith
Tune in to learn about how to consume open source securely using an OpenSSF framework donated by Microsoft.
  |  By Cloudsmith
A Node.js module with nearly two million downloads a week was compromised after the library was injected with malicious code programmed to steal bitcoins in wallet apps. Join us as we delve into a real-world zero-day supply chain attack. Understand the response that followed, and how attacks like this can be mitigated. Learn from David Gonzalez, Principal Engineer at Cloudsmith and Member of the Node.js security working group, as he walks us through the incident.

Cloudsmith, your friendly neighbourhood Package Management startup, is a fully managed 24/7 Software-as-a-Service (SaaS) for securely storing and sharing assets, packages and containers. We have distributed millions of packages for innovative companies around the world and specifically help with: development, for internal build pipelines and dependencies; deployment, for delivery pipelines to servers; and distribution, for sharing software to entitled users worldwide.

Our main office is in Belfast, UK, but our approach to software development and the Cloud allows people to contribute from all over the world.

Built for Engineers, by Engineers:

  • For Dev: Control the dependencies for your build/development pipelines. Share libraries privately with your teams, and develop your software securely.
  • For Ops: Deploy the artefacts for your delivery pipelines. Promote through delivery stages, and ignore unstable upstreams that will break you.
  • For Vendors: Distribute licensed software to customers, anywhere in the world. Define private access via entitlements, to ensure only entitled users get it.

The new standard in Package Management and Software Distribution.