We’re thrilled to inform you that Package Deny Policies are now generally available.🥳
Package Deny Policies are a new policy type in Cloudsmith that lets you go beyond blocking packages based on specifically identified vulnerabilities or licensing issues. With Package Deny Policies, you use Cloudsmith’s powerful search capabilities 💪 to block packages based on arbitrary metadata and attributes of the package itself. You can create a denylist of disallowed packages, allowing you to define what an “unsafe package” ❌ is for your organization or project, and ensure they aren’t used.
Improved security posture 🛡️: When you identify a package or set of packages that don’t meet your custom security requirements, you can immediately block the unsafe packages from use within your organization.
Risk mitigation: Identifying and blocking potentially harmful packages preemptively minimizes the risk of exploitation, safeguarding🦸 your sensitive information and intellectual property.
Flexibility to create granular rules: Package Deny Policies take advantage of our advanced search capabilities so that any searchable package attribute - such as package name, package version, metadata tags, and more - is available when constructing your package deny policy rules.
Package Deny Policies can be configured in the Cloudsmith web app 🖥️ or via the Cloudsmith API. As soon as you configure your policy, these policies are enforced automatically when any user or service attempts to download a package.
In addition to Package Deny Policies, you can still create vulnerability and license policies as usual. If you're concerned about zero-day vulnerabilities, licensing issues, or outdated dependencies, these policies offer a proactive approach to enhancing your project's security posture.
Policy management is available to Cloudsmith customers on the Ultra plan. Policies can be set to quarantine packages, blocking them from download requests; or just to report violations, without blocking downloads. If you’d like some help determining what policies are right for your organization and goals, please contact our Customer Support team and we’d be glad to talk it through.
We would love your feedback on Cloudsmith’s policy management capabilities. We’re committed to helping organizations ship secure software, and Package Deny Policies are a big step towards a more secure software supply chain.
Happy packaging! 🎈