Cloudsmith tackles artifact complexity with observability suite
Nov 28, 2024
Cloudsmith is launching an observability suite that promises to improve artifact management by offering detailed insights into usage, security, and compliance.
In today’s software development environment, dependencies are vast and intersecting—spanning open-source libraries, third-party packages, and proprietary code. With open-source components comprising over 90% of modern applications and codebases typically featuring around 500 direct and indirect dependencies, managing such complexity is vital to effectively address security and compliance challenges.
Paul May, Senior Director of Product & Design at Cloudsmith, said: “We’re excited to introduce our refreshed web application alongside Cloudsmith’s Advanced Observability suite, a positive step forward in addressing modern developer challenges.
“With these tools, teams can monitor usage, track consumption patterns over time, and gain actionable insights all within our platform. These enhancements mean less time spent managing artifact repositories and more time focused on building and innovating.”
Cloudsmith’s suite aims to provide vital artifact insights through the identification of policy violations, tracking of quarantined software packages, and constant monitoring of repository health and compliance.
Beyond addressing security risks, the suite enables users to gain clarity on artifact usage, identify underutilised resources, and determine potential reallocation opportunities. This, in turn, aids teams in aligning artifact management with broader business objectives.
Rising to compliance and security challenges
The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have mandated that software manufacturers adopt secure-by-design practices by January 2026. The suite empowers organisations with the visibility needed to meet evolving compliance demands, ensuring that vulnerabilities within software supply chains can be identified and addressed.
A long-standing challenge across technology sectors has been the discord between security and DevOps teams. While CISOs often push for rigorous security measures, development teams typically prioritise speed. Cloudsmith’s observability tools aim to reconcile these differing priorities. By providing insights into artifact usage and identifying risks, the suite facilitates collaborative security management without compromising development speed.
“The launch reflects our ongoing commitment to modern artifact management and ensuring that developers have the best user experience possible, now and into the future,” explains May.
“And by surfacing actionable information through our Observability Suite, including the number of policy violations and the status of quarantined artifacts, teams can proactively mitigate security risks and optimise resource allocation.”
Core features of the observability suite include:
- Usage analytics: Users can gain a clear understanding of artifact consumption patterns over time, presented through comprehensive dashboards and tailored reports.
- Security and compliance insights: By consolidating policy violations, vulnerability and license data, and package security scanning results, organisations receive a clear and actionable overview of their risk posture.
- Monitoring alerts: Users receive notifications for usage activities and policy violations, ensuring vital information is delivered to the relevant individuals promptly.
Dave Bresci, Senior Manager and Site Reliability Engineer at PagerDuty, commented: “Cloudsmith’s analytics and alerts are instrumental in helping us manage our usage more effectively and plan for increases in demand for software artifacts.
“We can catch unexpected spikes in artifact consumption, improving our security posture and avoid usage surprises at the end of the month.”
(Photo by Agence Olloweb)
See also: Python package ‘fabrice’ steals AWS credentials
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
Tags: artifacts, cloudsmith, coding, cyber security, cybersecurity, devops, observability, open source, open-source, programming, security, supply chain, tools