Cloudsmith launches Enterprise Policy Manager for software supply chain

Nov. 13, 2024
Enterprise Policy Manager is designed as a control plane for the software supply chain, centralizing governance and providing comprehensive visibility.

Cloudsmith today announced the launch of its Enterprise Policy Manager, a policy-as-code engine that uses artifact management as the central control plane for governing software supply chains. By integrating comprehensive policy management at the artifact level, Cloudsmith helps enterprise organizations with observability, auditable policies, control, and flexibility, ultimately enabling them to scale their software supply chains without compromising development speed or security.

Enterprise Policy Manager will debut at KubeCon North America in Salt Lake City, taking place between November 12th and 15th.

Cloudsmith’s Enterprise Policy Manager is designed as a control plane for the software supply chain, centralizing governance and providing comprehensive visibility over every component from development to production. It mitigates risks by ingesting and enriching metadata from various sources (e.g., vulnerability databases and quality metrics), informing policy decisions. It also ensures all dependencies meet security and compliance requirements before they enter development pipelines by screening and quarantining risky or outdated components. 

The platform’s emphasis on observability and auditable policies allows enterprises to maintain full traceability, demonstrating compliance and reducing risks associated with third-party software.

Security and DevOps teams have also long struggled to balance their competing priorities: CISOs impose strict security policies to protect organizational assets, while security has traditionally been incorporated later in the development cycle, making it challenging to meet security and regulatory standards without impacting speed. Cloudsmith’s Enterprise Policy Manager bridges this gap by embedding security checks seamlessly into development, allowing companies to shift security “left” and catch vulnerabilities earlier without delays.

“We’re building a solution that anticipates future security and compliance requirements,” said Glenn Weinstein, CEO of Cloudsmith. "Enterprises will face increasing security and regulatory pressures on their software supply chains. Cloudsmith is an essential infrastructure for secure, efficient, and compliant software delivery, and we’ll be adding predictive risk analytics, AI-driven security recommendations, and full lifecycle compliance management to serve as the backbone of global software supply chains.

“Our goal is to empower companies to ship secure software at scale, with confidence and speed, redefining what it means to be secure,” Weinstein added. 

Key Features of Cloudsmith's Enterprise Policy Manager

Cloudsmith’s artifact repositories are the central control point for governing the flow of all software components, particularly third-party artifacts like open-source packages. This centralization ensures that all dependencies are vetted, monitored, and compliant before they reach developers or production systems.

Cloudsmith enriches software artifacts with extensive metadata, including vulnerability scores, dependency risk indicators, and third-party quality metrics. This data helps both security and development teams make informed decisions, preventing the integration of untrusted or vulnerable packages.

  • Customizable, Data-Driven Policies for CISO peace of mind: With policy-as-code capabilities, companies can create and enforce policies tailored to their unique compliance and security needs. This enables CISOs to maintain strict security standards while allowing developers to innovate without constant security interruptions. 
  • Policy as code. Quickly create observable, verifiable, and repeatable policies across your organization, automated through Cloudsmith’s API, and store them as code.
  • Developer-Friendly Policy Creation: The visual policy builder offers an intuitive interface that allows both technical and non-technical users to create policies easily. For complex needs, the platform supports Open Policy Agent (OPA) and Rego, enabling developers and security teams to work within familiar frameworks. This flexibility allows for seamless collaboration between security and development without sacrificing productivity.
  • Observable, Auditable Security: Each policy decision is logged and auditable, enabling full traceability and compliance for regulated industries. Cloudsmith’s transparent decision logs help enterprises demonstrate regulatory compliance, reducing the risks and potential costs associated with third-party software. 

To find out more information about Cloudsmith’s offerings, visit: https://cloudsmith.com