For a long time, we've supported the "main" types of artifacts for Maven (or Gradle, Leiningen, Sbt, etc.) packages: A POM file, the main package file, along with sources, javadocs and tests files; plus full support for "fatjars" (all-in-one packages with dependencies). This hasn't always been flexible when you've needed to attach additional files, such as "shaded" packages, or just other assets. That has been fixed, as of version 0.56:
Starting with support via the Maven endpoint (https://maven.cloudsmith.io), you can now publish any additional classifiers that you need for files. That means you can push files natively using Maven (via mvn deploy), Gradle (via gradle publish), Leiningen (via lein deploy), and SBT (via sbt publish), etc. Just tag your assets with your chosen classifiers, and then deploy! We'll take care of the rest for you.
What's next? We'll be adding support for multiple files to our Cloudsmith API, so that you will be able to upload the extended classifier files via our API or CLI too. This will make it easier to universally upload files using the same tooling, no matter what the format. So stay tuned for that!
In keeping with our focus on security, we are pleased to announce that you can now run on-demand vulnerability scans against supported package types, and also get the results of these scans via our API.
This builds upon our existing package scanning functionality, which scans supported packages types upon upload. Now you can surface any new vulnerabilities that may be discovered over time.
Gain more visibility and control over your scans, and stay ahead of issues as they arise
Cloudsmith can help with our self-service approach to managing and defining storage and bandwidth limits to keep costs under control while allowing you to scale when needed. After all, no one wants to be caught between an unexpected bill for overages or any interruption to their business, no matter how minor. Now you can automate a solution that works for you using either our API or CLI to always stay on top of your storage and bandwidth limits.
Check out our blog on how to track your bandwidth and storage with our Quota API.
Following in the footsteps of Debian and Maven, we're very pleased to announce that RPM is the latest package format to support upstream caching and proxying.
With Upstream Proxying, Cloudsmith will allow RPM clients configured to use your repository to see and download your existing repository packages, as well as all those defined in any connected upstream repositories.
When upstream caching is turned on, fetches made for packages resolved to an upstream can be cached and synchronised to your Cloudsmith repository - helping to protect your software dependencies from outages, improve visibility, and apply fine-grained access controls for your teams, customers and users.
Check out more our blog, where Dan goes into depth on how to configure and use an RPM upstream.
Now you can go beyond measuring your bandwidth usage and regain control via Cloudsmith's new bandwidth controls for Entitlement tokens. You can craft tokens with individual usage limits using the UI, API, and CLI, allowing you to decide the exact level of usage for each token.
Combining the new and existing limits for entitlement tokens, allowances are configurable to provide fine-grained control for any combination of properties. For example, the total amount of bandwidth, number of unique clients using a token, or the maximum number of downloads a token can perform on an individual token basis. Also, you can also scope your tokens by restrictions for advanced control of tokens.
Check out our blog on how to get restore authority with Token Bandwidth Controls.
With the introduction of the Package Activity API and accompanying CLI command, you can now quickly and easily check your entire repository for packages' activity status or even take a detailed approach and view packages individually (per day/per package).
You can save on your storage costs by eliminating inactive packages and retaining only the packages you or your users derive value from storing and distributing via Cloudsmith.
Check out our blog on how to get started with monitoring your package activity.
Thanks for subscribing!
Check your inbox to verify your email