Cloudsmith is a cloud-native artifact management and software supply chain security platform designed for enterprise software development teams. The platform provides a centralized repository for storing, managing, and distributing software packages, container images, and machine learning models across more than 30 supported formats including Docker, NPM, Maven, Python, Ruby Gems, and Swift. Core capabilities include: - Supply chain security: continuous vulnerability and malware scanning of packages, policy management using OPA Rego syntax, and automated package quarantine and promotion workflows - Artifact management: universal, multi-format repositories with a container registry that is Docker-compatible and OCI-compliant, upstream proxy and caching for public registries, package signing, and license/dependency metadata extraction - Software distribution: global delivery via 600 points of presence with edge caching, fault tolerance, end-to-end encryption, and configurable read-only entitlement tokens - Observability and governance: full audit trails, client-level logging, analytics, and log export capabilities for integration with third-party tools Access control features include SAML/SSO, SCIM provisioning, OIDC token authentication, role-based access controls, and service accounts with API keys. The platform exposes a comprehensive REST API and a command-line interface for programmatic and pipeline integration. Cloudsmith targets enterprise organizations across industries including banking, fintech, AI/ML, and software development. Customers include PagerDuty, Shopify, Netskope, and Carta. The platform is positioned as an alternative to solutions such as JFrog Artifactory and Sonatype Nexus.