Cloudsmith launches new suite to enhance software security

Cloudsmith has launched its Advanced Observability Suite aimed at improving visibility into software artifact usage, security vulnerabilities, and compliance risks.

The release of this suite comes as organisations across Europe are being pressed to strengthen the security of their software supply chains, following new standards set by the EU's Cyber Resilience Act and the UK's Secure by Design framework.

Cloudsmith, known for its capability to manage over 30 different artifact types, has expanded its platform to provide actionable insights, assisting teams in addressing risks effectively without sacrificing the speed of development.

Paul May, Senior Director of Product and Design at Cloudsmith, said: "We're excited to introduce our refreshed web application alongside Cloudsmith's Advanced Observability suite, a positive step forward in addressing modern developer challenges. With these tools, teams can monitor usage, track consumption patterns over time, and gain actionable insights all within our platform. These enhancements mean less time spent managing artifact repositories and more time focused on building and innovating."

The observability suite offers comprehensive insights by identifying policy violations, tracking quarantined software, and monitoring the general health and compliance of repositories. It allows teams to understand artifact consumption patterns, determine underutilised artifacts, and realign resources to support business objectives.

All artifact data is centralised within the Cloudsmith platform, enhancing management and transparency of the software supply chain. The suite is part of a larger web application update that includes seamless automation through robust platform APIs and an interface tailored for enterprise-scale operations.

Regulatory bodies like the U.S. Cybersecurity and Infrastructure Security Agency and the FBI have emphasised secure-by-design practices in recent mandates. Cloudsmith's observability suite helps organisations to meet these compliance demands by offering the visibility needed to identify and mitigate software supply chain vulnerabilities.

Security and development teams often face challenges in aligning their priorities. Cloudsmith's solution addresses this by empowering Security Information and Event Management (CISOs) to gain insight into artifact usage and security risks, facilitating proactive and collaborative security management without diminishing development speed.

Paul May further stated: "The launch reflects our ongoing commitment to modern artifact management and ensuring that developers have the best user experience possible, now and into the future. And by surfacing actionable information through our Observability Suite, including the number of policy violations and the status of quarantined artifacts, teams can proactively mitigate security risks and optimise resource allocation."

The suite's features include detailed usage analytics, security and compliance insights, and monitoring alerts. These tools provide users with information on artifact consumption patterns and alert them to critical activity, ensuring timely action can be taken.

Regarding the utility of Cloudsmith's suite, Dave Bresci, Senior Manager and Site Reliability Engineer at PagerDuty, commented: "Cloudsmith's analytics and alerts are instrumental in helping us manage our usage more effectively and plan for increases in demand for software artifacts. We can catch unexpected spikes in artifact consumption, improving our security posture and avoid usage surprises at the end of the month."