artiFACTS is your monthly roundup of new Cloudsmith product releases, industry news, and helpful resources. Thanks as always for checking out what's new in Cloudsmith and see you in 2026 with our next update! 

NEW

Timeline to sunset the classic web app extended to the second half of 2026

We’ve extended the timeline for sunsetting the classic Cloudsmith.io web app into the second half of 2026. Our primary focus is to ensure the new Cloudsmith web app - our primary platform - delivers a seamless experience that supports your core workflows. We are taking this extra time to close remaining feature gaps and refine the platform based on your feedback.

We encourage you to continue using the new web app and sharing your feedback; your input is directly shaping these final improvements.

PRODUCT UPDATES 

What's new in Cloudsmith?

❓ Troubleshoot failed download requests with client error logs

Client Logs now include error events alongside successful requests, giving platform teams clearer visibility into build and download failures. This centralized view makes it easier to spot patterns, identify root causes, and resolve issues faster.

⬇️ Download SBOMs directly from the web app

You can now download auto-generated SBOMs for Docker and OCI images directly from the Cloudsmith web app. Instead of scripting API calls, teams can export CycloneDX files with a single click - making it easier to share supply chain data for audits, analysis tools, and release documentation.

✨ CLI GitHub Action v2.0.0

The Cloudsmith CLI GitHub Action is now at v2.0.0, migrating to the Node.js 24 runtime and updating OIDC audience defaults for improved security. Core CLI functionality remains unchanged, but pipelines now benefit from modern runtime support, stronger OIDC claims, and long-term compatibility - simplifying CI workflows and future-proofing your automation.

🌏 Accelerating delivery in APAC: Cloudsmith Tokyo is now live

Cloudsmith is now live in Tokyo, expanding our Package Delivery Network with optimized edge infrastructure. APAC teams benefit from lower latency, faster builds, edge-based authentication, and optional localized storage for compliant, reliable artifact delivery.

✨ CLI v1.10.1: Policy deny rules and usability improvements

CLI v1.10.1 adds full lifecycle management for Policy Deny Rules and standardizes pagination with --page-all and enhanced --page-size. Core dependencies are upgraded, Python 3.9 issues fixed, and entitlement and block commands improved - making policy enforcement and automation simpler and more reliable.

📦 Secure ML workflows with Cloudsmith and Amazon SageMaker

Cloudsmith now offers a reference implementation for SageMaker, centralizing Hugging Face models, Docker images, and Python packages. Secure access, unified dependencies, and seamless workflow integration help teams manage ML artifacts in a private, governed environment.

INDUSTRY ROUND UP 

Resources we think you'll love

🎡 Event | Container Days London 2026 | Feb 11-12, 2026
Container Days London returns in 2026 with deep technical sessions focused on Kubernetes, cloud-native infrastructure, platform engineering, and modern DevOps practices. It’s a strong signal of where container tooling and operational patterns are heading for teams running production-scale platforms.

⭐ Event | KubeCon & CloudNativeCon Europe 2026 | March 23-26, 2026
KubeCon Europe 2026 brings together the global cloud-native community to share what’s next for Kubernetes, security, observability, and platform engineering. Expect hands-on sessions, maintainer insights, and real-world lessons from teams building and securing modern distributed systems at scale.

One of the best ways to support the Cloudsmith community is by sharing your experience. A quick G2 review helps future users evaluate their options, and if you send us a screenshot of your post, we’ll send you a $50 Amazon gift card as a thank-you.

🤗 Blog | Extend EPM policies to Hugging Face artifacts
Cloudsmith now supports extending Enterprise Policy Management (EPM) controls to Hugging Face artifacts. This allows teams to apply the same security, provenance, and governance policies used for traditional software dependencies to ML models and datasets - helping you reduce risk as AI assets become a first-class part of your supply chain.