As the "new guy" here at Cloudsmith (I was named CEO in August), I'm learning more every day about how customers use us to protect their software supply chains. We're doing everything we can to give you a single source of truth for every artifact - whether it's an open source package, a Docker container, a Linux image - that enters your software supply chain, and everything that you produce on the other side.

EU law is changing for hardware and software makers. Here's your 2-minute summary of the Cyber Resilience Act.

This week, the European Union (EU) reached an agreement on the EU Cyber Resilience Act (CRA). See if your product must comply, how to comply and what is exempt.

It's a lot easier to get + stay CRA compliant when you have robust SSCS across your pipeline. See how using Cloudsmith helps.

This week, we announced that Cloudsmith has taken an impressive $11M in additional funding, hot on the heels of our $15M Series A two years ago. That's not just serious cash for a startup; it's a game-changer! The natural questions are: why did we take it, and what's our big-picture plan?

Uncover how to reach Level 1 in S2C2F a framework for secure OSS consumption.

Discover the risks and drawbacks of developing and distributing software without the support of a C++ package manager.