Sold by: CloudsmithÂ
Cloudsmith is the only cloud-native, global, universal artifact management platform to securely develop and distribute software.
Overview
Cloudsmith is a fully managed artifact management and software supply chain solution, designed to significantly lower infrastructure costs while boosting developer productivity. Whether you're deploying artifacts to your distributed teams, or shipping licensed software to your customers, our architecture is optimized for secure, controlled, lightning-fast delivery.
At the core of our product is a truly universal, cloud-native approach to package management. With support for 30 package formats, organizations of any scale really can create a single source of truth for their teams. Because we're cloud-native, your teams get fast, reliable artifact management. Along with world class support, you get happy developers who can ship without distraction.
Your software artifacts are your intellectual property. That's why Cloudsmith is ISO27001 accredited and built to put you in control. Manage access, ensure compliance and implement security best practices, all in one product.
Highlights
- Cloud-native artifact management. Once your software is compiled, you need to put it where developers can get it quickly. Store your software packages, containers and infrastructure artifacts with Cloudsmith. Because we're cloud-native, your teams get fast, reliable artifact management no matter where they are in the world.
- Dependency firewall. Your team needs to stop pulling packages from open-source repositories. Use Cloudsmith as your dependency firewall. Cache packages from open-source repositories, scan for vulnerabilities and policy complianse, and ship to developers when you know they're safe to use.
- Zero trust security. Shift away from network-level security. Take control of all your valuable software IP by automating zero-trust workflows across services, teams and users - mitigating risks before they happen.
Details
Sold by
Delivery method
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Enterprise subscription | This Enterprise subscription includes 10TB of Bandwidth and 5TB of Artifact Storage. | $150,000.00 |
Vendor refund policy
All Charges payable under the Agreement are non-refundable, except as otherwise provided in the Agreement.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Engineering-led support. From first touch to final resolution, your engineers talk to our engineers on every case - for a shared language and understanding that expedites problem-solving.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Cloudsmith
By Sonatype
Top
10
In Source Control
Top
10
In Centralized Risk Management, Agile Lifecycle Management
Top
10
In Continuous Integration and Continuous Delivery, Application Development, Security
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Artifact Management
Universal platform supporting 30 package formats for comprehensive software artifact storage and distribution
Dependency Security
Dependency firewall with vulnerability scanning and policy compliance checks for open-source package management
Zero Trust Architecture
Automated zero-trust security workflows across services, teams, and users to mitigate software supply chain risks
Cloud-Native Infrastructure
Globally distributed, cloud-native architecture optimized for fast and reliable artifact delivery
Compliance Certification
ISO27001 accredited platform with robust access management and security control mechanisms
Package Format Support
Supports up to 18 different package formats including Java, npm, NuGet, Docker, PyPI, and RubyGems
Component Intelligence
Advanced evaluation of open source and third-party components for license types, security vulnerabilities, popularity, and age
Enterprise Replication
Provides artifact availability with automatic failover and component replication capabilities
Artifact Management
Centralized repository management for software components, binaries, and build artifacts across development pipelines
Software Supply Chain Security
Comprehensive platform for managing and securing software development lifecycle components and dependencies
Artifact Management
Universal artifact repository supporting 40+ package and file types including machine learning models
Security Scanning
Comprehensive security solution with contextual vulnerability analysis, prioritization, and anti-tampering mechanisms across software development lifecycle
Software Supply Chain Traceability
Massively scalable platform providing end-to-end visibility and control across software development and deployment environments
Vulnerability Detection
Advanced security scanning for real-world risk analysis, exposure discovery, and early blocking of malicious open source packages
DevSecOps Integration
Hybrid platform integrated with multiple software package technologies and tools for consolidated enterprise development workflows
Standard contract
No
No
No
Customer reviews
0 ratings
0 AWS reviews
|
37 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Computer Software
Easy to use artifact storage
Reviewed on Jul 16, 2025
Review provided by G2
What do you like best about the product?
What I like best about Cloudsmith is its support for a wide range of package formats like Docker, RPM, DEB, and more — it’s incredibly versatile and saves us time managing multiple repositories. I also really like the new web app; it's clean, modern, and intuitive to use, which makes everyday tasks much easier and more efficient.
On top of that, having a direct Slack channel with the Cloudsmith developers has been incredibly helpful, their responsiveness and willingness to assist make a big difference.
On top of that, having a direct Slack channel with the Cloudsmith developers has been incredibly helpful, their responsiveness and willingness to assist make a big difference.
What do you dislike about the product?
For the way I’ve used Cloudsmith so far, I’ve identified a few areas that could be improved:
• Intermittent CI/CD install failures – our pipelines sometimes fail when adding repositories; a simple re‑run usually succeeds, but the flakiness costs time.
• New web‑app usability – there’s no “select all packages on this page” option, and for DEB / RPM packages the target distribution and architecture aren’t immediately visible (both these were available in the old web-app).
• Bulk deletion via API – it would be much handier to delete packages in groups instead of having to specify each one individually.
• openSUSE repo re‑installation – reinstalling a repository that already exists fails on openSUSE, whereas the same action works on RHEL and Debian/Ubuntu.
• Distinct RPM icons – SLES and RHEL packages use the same logo; separate icons would make them easier to tell apart.
• Multi‑platform Docker copies – when copying a multi‑platform Docker image from one repo to another (via API or UI), only the primary image gets copied; the additional ones are left behind.
• Intermittent CI/CD install failures – our pipelines sometimes fail when adding repositories; a simple re‑run usually succeeds, but the flakiness costs time.
• New web‑app usability – there’s no “select all packages on this page” option, and for DEB / RPM packages the target distribution and architecture aren’t immediately visible (both these were available in the old web-app).
• Bulk deletion via API – it would be much handier to delete packages in groups instead of having to specify each one individually.
• openSUSE repo re‑installation – reinstalling a repository that already exists fails on openSUSE, whereas the same action works on RHEL and Debian/Ubuntu.
• Distinct RPM icons – SLES and RHEL packages use the same logo; separate icons would make them easier to tell apart.
• Multi‑platform Docker copies – when copying a multi‑platform Docker image from one repo to another (via API or UI), only the primary image gets copied; the additional ones are left behind.
What problems is the product solving and how is that benefiting you?
Cloudsmith helps us solve the challenge of managing multiple types of artifacts in one place. We use it primarily as a repository manager and Docker registry, which allows us to centralize and secure our packages, streamline our CI/CD pipelines, and simplify customer access.
Computer Software
Reliable
Reviewed on Jul 13, 2025
Review provided by G2
What do you like best about the product?
Doesn't have frequent outages, pulls images as and when necessary
What do you dislike about the product?
nothing particular, it's pretty convenient to use
What problems is the product solving and how is that benefiting you?
We store binaries for our repositories
Ryan L.
Best of the bunch
Reviewed on Jul 10, 2025
Review provided by G2
What do you like best about the product?
Cloudsmith provides a simple UI to configure multiple internal and external repositories for various projects and repository types. We have some configured for our internal development uses and others for distributing artefacts and container images to customers.
We moved to Cloudsmith from Sonatype Nexus repository OSS to gain support and move to a hosted solution. The onboarding was simple, and it was easy to get our CI pipelines integrated with the service.
I particularly liked that Cloudsmith can handle the signing of RPMs, which previously was cumbersome and prone to breaking in our automated pipelines.
The ability to throttle and limit individual entitlement tokens has also been a key tool for us.
We moved to Cloudsmith from Sonatype Nexus repository OSS to gain support and move to a hosted solution. The onboarding was simple, and it was easy to get our CI pipelines integrated with the service.
I particularly liked that Cloudsmith can handle the signing of RPMs, which previously was cumbersome and prone to breaking in our automated pipelines.
The ability to throttle and limit individual entitlement tokens has also been a key tool for us.
What do you dislike about the product?
When we first started using Cloudsmith, on paper it seemed like it ticked a lot of boxes, with security scanning, audit logging and it would allow us to simplify all our disparate repository services into one. As we are a small ISV, we opted for the Pro plan, as $700 per month to host some artefacts seemed like a silly amount of money. We understood the usage-based limits of our plan; however, we quickly realised that many of the features we liked about Cloudsmith also required the next tier plan. Even things as simple as audit logs to identify excessive bandwidth use.
Unfortunately, looking at the cost of artefact management solutions, it seems that this pricing is the norm. Whilst we like what Cloudsmith offers, the value for money doesn't quite stack up in the way it is currently priced.
Unfortunately, looking at the cost of artefact management solutions, it seems that this pricing is the norm. Whilst we like what Cloudsmith offers, the value for money doesn't quite stack up in the way it is currently priced.
What problems is the product solving and how is that benefiting you?
Consolidating multiple disprate repositories. Hosting artifacts and containers for customers and developers.
Saima H.
Ease of use
Reviewed on Jul 08, 2025
Review provided by G2
What do you like best about the product?
We chose it for its strong supply chain security, especially its protection against dependency confusion and package tampering. Our teams appreciate the visibility into package usage, automated policy enforcement, and centralized artifact management, all of which supported internal compliance and developer experience.
What do you dislike about the product?
There is some toil and operational overhead with Cloudsmith, including:
Manual steps required for initial rollout and configuring coverage across all services and the usage dashboards are not as detailed as we would have liked
Manual steps required for initial rollout and configuring coverage across all services and the usage dashboards are not as detailed as we would have liked
What problems is the product solving and how is that benefiting you?
It has helped to simplify our internal compliance through license checks/policy enforcement & has improved developer velocity by giving teams a single, managed registry for both internal and third-party packages. This reduces friction in our CI/CD workflows and makes it easier to control what goes into our prod environment.
Greg T.
Simple, Reliable Package Management
Reviewed on Jul 08, 2025
Review provided by G2
What do you like best about the product?
Cloudsmith is easy to set up, reliable, and supports multiple package formats in one place. The UI and CLI are both intuitive, and it fits nicely into our CI/CD pipelines
What do you dislike about the product?
Pricing can become a bit expensive at scale, especially with lots of artifacts, but overall the value is still strong.
What problems is the product solving and how is that benefiting you?
It replaced the need to host and manage our own Maven repository. Cloudsmith gave us a reliable, secure way to publish and distribute Java packages without the operational hassle.