Sold by: CloudsmithÂ
Cloudsmith is the only cloud-native, global, universal artifact management platform to securely develop and distribute software.
Overview
Cloudsmith is a fully managed artifact management and software supply chain solution, designed to significantly lower infrastructure costs while boosting developer productivity. Whether you're deploying artifacts to your distributed teams, or shipping licensed software to your customers, our architecture is optimized for secure, controlled, lightning-fast delivery.
At the core of our product is a truly universal, cloud-native approach to package management. With support for 30 package formats, organizations of any scale really can create a single source of truth for their teams. Because we're cloud-native, your teams get fast, reliable artifact management. Along with world class support, you get happy developers who can ship without distraction.
Your software artifacts are your intellectual property. That's why Cloudsmith is ISO27001 accredited and built to put you in control. Manage access, ensure compliance and implement security best practices, all in one product.
Highlights
- Cloud-native artifact management. Once your software is compiled, you need to put it where developers can get it quickly. Store your software packages, containers and infrastructure artifacts with Cloudsmith. Because we're cloud-native, your teams get fast, reliable artifact management no matter where they are in the world.
- Dependency firewall. Your team needs to stop pulling packages from open-source repositories. Use Cloudsmith as your dependency firewall. Cache packages from open-source repositories, scan for vulnerabilities and policy complianse, and ship to developers when you know they're safe to use.
- Zero trust security. Shift away from network-level security. Take control of all your valuable software IP by automating zero-trust workflows across services, teams and users - mitigating risks before they happen.
Details
Sold by
Delivery method
Deployed on AWS
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Enterprise subscription | This Enterprise subscription includes 10TB of Bandwidth and 5TB of Artifact Storage. | $150,000.00 |
Vendor refund policy
All Charges payable under the Agreement are non-refundable, except as otherwise provided in the Agreement.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Engineering-led support. From first touch to final resolution, your engineers talk to our engineers on every case - for a shared language and understanding that expedites problem-solving.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Cloudsmith
By Sonatype
Top
10
In Source Control
Top
10
In Centralized Risk Management, Agile Lifecycle Management
Top
10
In Continuous Integration and Continuous Delivery, Application Development, Security
Sentiment is AI generated from actual customer reviews
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Artifact Management
Universal platform supporting 30 package formats for comprehensive software artifact storage and distribution
Dependency Security
Dependency firewall with vulnerability scanning and policy compliance checks for open-source package management
Zero Trust Architecture
Automated zero-trust security workflows across services, teams, and users to mitigate software supply chain risks
Cloud-Native Infrastructure
Globally distributed, cloud-native architecture optimized for fast and reliable artifact delivery
Compliance Certification
ISO27001 accredited platform with robust access management and security control mechanisms
Package Format Support
Supports up to 18 different package formats including Java, npm, NuGet, Docker, PyPI, and RubyGems
Component Intelligence
Advanced evaluation of open source and third-party components for license types, security vulnerabilities, popularity, and age
Enterprise Replication
Provides artifact availability with automatic failover and component replication capabilities
Artifact Management
Centralized repository management for software components, binaries, and build artifacts across development pipelines
Software Supply Chain Security
Comprehensive platform for managing and securing software development lifecycle components and dependencies
Artifact Management
Universal artifact repository supporting 30+ package and file types including machine learning models
Security Scanning
Comprehensive security solution with contextual vulnerability analysis, prioritization, and anti-tampering mechanisms across software development lifecycle
Software Supply Chain Traceability
Massively scalable platform providing end-to-end visibility and control across software development and deployment environments
Vulnerability Detection
Advanced security scanning for real-world risk analysis, exposure discovery, and early blocking of malicious open source packages
Distribution Management
Secure and fast distribution of verified multi-repository release bundles across geo-distributed teams and deployment targets
Standard contract
No
No
No
Customer reviews
0 ratings
0 AWS reviews
|
30 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Ernesto L.
Cost effective and easy to integrate
Reviewed on Jul 08, 2025
Review provided by G2
What do you like best about the product?
We've been using Cloudsmith to host our private Conan recipes and packages and it's been working great. We compared including JFrog but found Cloudsmith to be the most cost-effective for our needs.
It was easy to integrate into our existing workflows and ubiquitious once setup.
We had to reach out to support for an issue that arised from a particular use case we had for Cloudsmith and they were prompt to respond and have been keeping us updated through its resolution.
It was easy to integrate into our existing workflows and ubiquitious once setup.
We had to reach out to support for an issue that arised from a particular use case we had for Cloudsmith and they were prompt to respond and have been keeping us updated through its resolution.
What do you dislike about the product?
We have been using it for about 8 months now and have not had any issues with Cloudsmith that would make us dislike it.
What problems is the product solving and how is that benefiting you?
We've been using Cloudsmith to host our private Conan recipes and packages. We use github actions as part of our internal binary deployment and had the need for a cloudbased repository management to store our private recipes and packages.
Paul M.
Great ease of use, download stats a bit lacking
Reviewed on Jul 08, 2025
Review provided by G2
What do you like best about the product?
Cloudsmith works really well for us as a multi-format repository. We store a mixture of docker images, RPMs, linux binaries in there for distribution to our customers. The customer token provisioning works well enough, and the API is pretty useful
What do you dislike about the product?
The download stats for Docker images aren't the best. They're per layer, and it makes it hard to work out what images customers are pulling. This makes our customer success team work harder than they need to.
What problems is the product solving and how is that benefiting you?
Secure distribution of software artefacts to end users
Retail
Very powerful artifact manager - near perfect enterprise ready solution
Reviewed on Jul 01, 2025
Review provided by G2
What do you like best about the product?
There is a huge amount of details to like, but on top of my list is definitely the extensive API side by side with the Terraform support.
This is closely followed by a documentation which is not only easy to use and has up to date content, but also has live action API integration, so no guesswork is needed to puzzle together curl commands as you can even test it directly from the documentation and will have a fully working query easy to copy and paste into your own scripts as required.
Combined with an easy to use interface and a very approachable support I would recommend it anytime!
This is closely followed by a documentation which is not only easy to use and has up to date content, but also has live action API integration, so no guesswork is needed to puzzle together curl commands as you can even test it directly from the documentation and will have a fully working query easy to copy and paste into your own scripts as required.
Combined with an easy to use interface and a very approachable support I would recommend it anytime!
What do you dislike about the product?
There is one thing missing for perfection: Custom user roles.
If it would be possible to assign users individual rights on specific areas, such as adding upstreams from a curated whitelist, or creating entitlement tokens or even OIDC entries, this would require far less administrative work.
If it would be possible to assign users individual rights on specific areas, such as adding upstreams from a curated whitelist, or creating entitlement tokens or even OIDC entries, this would require far less administrative work.
What problems is the product solving and how is that benefiting you?
Having a central artifact management solution, does mitigate the risk of third party package providers not being available and adds am important additional layer of defense security wise.
Arnstein R.
Cloudsmith is a great alternative for open source projects
Reviewed on Mar 08, 2024
Review provided by G2
What do you like best about the product?
We use Cloudmith to host our open source builds for Vespa.ai. The service has proven reliable and is easy to use for our current purpose. Functional REST api makes it flexible in the way we can choose to integrate with Cloudsmith.
What do you dislike about the product?
I would like to see better machine to machine integration instead of using API tokens.
What problems is the product solving and how is that benefiting you?
Everyone that produce software need some kind of distribution mechanism. There are several vendors in this space that offer such products, but Cloudsmith is one of the most complete ones in terms of package format support. For our open source project at Vespa.ai (https://github.com/vespa-engine/vespa) Cloudsmith was the only one that could offer a free tier and support container registry, Maven repository and RPM repository. For our open source project Cloudsmith generously provides 50GB of storage and 200GB of transfer each month.
Information Technology and Services
Although the webui is not great, the overall product is functional
Reviewed on Dec 11, 2023
Review provided by G2
What do you like best about the product?
We can upload, download and delete packages. I like the way we can easily have different repositories and access them with the same TOKEN. Although, I would've prefered to not include that info in the URL. The webui is really simple.
What do you dislike about the product?
Searching for packages should be really easy to do but at the moment, it's painfuly slow. I thought it could be related to peaks but unfortuntelly I was wrong.
There are 2 different scripts to install CS repos. One for debian and another for redhat alike distros. That, IMO, is confusing. The detecction phase should be done by this single missing script.
There are 2 different scripts to install CS repos. One for debian and another for redhat alike distros. That, IMO, is confusing. The detecction phase should be done by this single missing script.
What problems is the product solving and how is that benefiting you?
We don't need to host all of our repositories on our own and we can manage them with ease