Cloudsmith is a cloud-native artifact management and software supply chain security platform designed for enterprise use. It provides a centralized repository for storing, managing, and distributing software packages, container images, and ML models across an organization's development pipelines. Core capabilities span four main areas: Supply Chain Security: - Continuous scanning of packages for vulnerabilities and malware - Policy management using OPA Rego syntax to control package access and block threats - Package quarantine and promotion workflows for staged approval processes - OIDC token-based authentication to avoid storing long-lived secrets - SAML/SSO and SCIM provisioning for identity management - Role-based access controls (RBAC) for team and user privilege management - Full audit trail and logging with API-based log export Artifact Management: - Universal repository supporting 30+ package formats (Docker, Maven, NPM, Python, Ruby Gems, Swift, and more) - OCI-compliant container registry with Docker compatibility - Multi-format repository support - Proxy and caching of public upstream package registries - Package signing for artifact integrity verification - Package insights including license, dependency, and quality metadata extraction - Command-line interface (CLI) for workspace management Software Distribution: - Global distribution via 600+ points of presence (PoPs) - Edge caching and fault-tolerant routing - End-to-end encryption for packages at rest and in transit - Read-only entitlement tokens for controlled distribution - Broadcasts feature for web-based software publishing Observability and Governance: - Analytics and usage monitoring across the supply chain - Audit trail tracking configuration changes and package modifications - License compliance controls for software dependencies - Log export and third-party integration via Logs API