Cloudsmith Reviews & Product Details

We adopted Cloudsmith as a modern, cloud‑native replacement for Artifactory to improve our software supply‑chain posture through mandatory authentication, fine‑grained access control, policy enforcement, and strong CI/CD integration. Our teams really value its broad support for package types (npm, NuGet, Docker, PyPI, raw binaries) and its ability to consolidate ingress mirroring, internal artifacts, and external distribution into a single platform, reducing fragmentation and bespoke solutions. The team at Cloudsmith has also been an incredible partner, working very closely with us on our migration as well as new features needed to meet our use cases. Review collected by and hosted on G2.com.

Moving from Artifactory with its file-system based organization of raw repos to Cloudsmith's label based organization can be tricky. Support for security scanning of AI models is not yet publicly available. Review collected by and hosted on G2.com.

I like that Cloudsmith offers excellent customer support, they are very hands-on, easy to get hold of and respond quickly. Good performance for everyone wherever they are located, which is great. Cloudsmith allows us to effectively manage our security posture, including defining policies for handling malicious packages, open source licensing and more. Review collected by and hosted on G2.com.

The UI refresh is nearing completion not complete quite yet, with some features only available in the older UI. It's just a few minor features that we still rely on, like the recycle bin. Review collected by and hosted on G2.com.

I highly appreciate Cloudsmith for its simplicity and comprehensive support for all artifact types, including Docker, PyPI, npm, and even raw files, which eliminates the need to juggle multiple registries and thereby reduces complexity and increases efficiency. The platform's cloud-native, fully managed nature functions as a centralized hub for securing, controlling, and distributing software assets globally. Moreover, Cloudsmith's built-in security features, such as automatic vulnerability scanning, license checks, and policy enforcement, impressively eliminate the need for additional tools, ensuring robust protection against supply-chain security risks. I am also highly satisfied with the universal format support provided by Cloudsmith, accommodating over 30 different formats, simplifying artifact management, and improving visibility by consolidating scattered artifacts into a single, easy-to-access repository. The CDN-backed delivery network augments this by ensuring speedy and reliable access to artifacts on a global scale. Overall, Cloudsmith addresses fragmented artifact management issues by offering an integrated solution that greatly enhances the modern software delivery and DevOps processes. Review collected by and hosted on G2.com.

I find the pricing model of Cloudsmith problematic. The pricing is based on bandwidth and storage, which can become expensive for teams with large artifacts or frequent downloads. Additionally, there’s a lack of personal experience with setup and usage due to the SaaS model, which may imply a non-intuitive onboarding process or lack of clarity in its native integrations. Review collected by and hosted on G2.com.

We use Cloudsmith for several purposes, including as an artifact repository and as a private Helm Chart repository. Integrating Cloudsmith with our pipelines has been very straightforward, and its Helm Chart repository feature allows us to securely and easily provide our charts to customers. We push and pull our built artifacts to Cloudsmith daily, and so far, we have not experienced any issues or downtime.

Up until today, I have never had to interact with the customer support, because I didn't need to. Review collected by and hosted on G2.com.

Although the web UI is easy to use, I sometimes get the sense that something isn't quite right. I'm not a web designer, so I can't identify exactly what feels off. Review collected by and hosted on G2.com.

We've been using Cloudsmith to host our private Conan recipes and packages and it's been working great. We compared including JFrog but found Cloudsmith to be the most cost-effective for our needs.

It was easy to integrate into our existing workflows and ubiquitious once setup.

We had to reach out to support for an issue that arised from a particular use case we had for Cloudsmith and they were prompt to respond and have been keeping us updated through its resolution. Review collected by and hosted on G2.com.

We have been using it for about 8 months now and have not had any issues with Cloudsmith that would make us dislike it. Review collected by and hosted on G2.com.

What I like best about Cloudsmith is its support for a wide range of package formats like Docker, RPM, DEB, and more — it’s incredibly versatile and saves us time managing multiple repositories. I also really like the new web app; it's clean, modern, and intuitive to use, which makes everyday tasks much easier and more efficient.

On top of that, having a direct Slack channel with the Cloudsmith developers has been incredibly helpful, their responsiveness and willingness to assist make a big difference. Review collected by and hosted on G2.com.

For the way I’ve used Cloudsmith so far, I’ve identified a few areas that could be improved:

• Intermittent CI/CD install failures – our pipelines sometimes fail when adding repositories; a simple re‑run usually succeeds, but the flakiness costs time.

• New web‑app usability – there’s no “select all packages on this page” option, and for DEB / RPM packages the target distribution and architecture aren’t immediately visible (both these were available in the old web-app).

• Bulk deletion via API – it would be much handier to delete packages in groups instead of having to specify each one individually.

• openSUSE repo re‑installation – reinstalling a repository that already exists fails on openSUSE, whereas the same action works on RHEL and Debian/Ubuntu.

• Distinct RPM icons – SLES and RHEL packages use the same logo; separate icons would make them easier to tell apart.

• Multi‑platform Docker copies – when copying a multi‑platform Docker image from one repo to another (via API or UI), only the primary image gets copied; the additional ones are left behind. Review collected by and hosted on G2.com.

Cloudsmith provides a simple UI to configure multiple internal and external repositories for various projects and repository types. We have some configured for our internal development uses and others for distributing artefacts and container images to customers.

We moved to Cloudsmith from Sonatype Nexus repository OSS to gain support and move to a hosted solution. The onboarding was simple, and it was easy to get our CI pipelines integrated with the service.

I particularly liked that Cloudsmith can handle the signing of RPMs, which previously was cumbersome and prone to breaking in our automated pipelines.

The ability to throttle and limit individual entitlement tokens has also been a key tool for us. Review collected by and hosted on G2.com.

When we first started using Cloudsmith, on paper it seemed like it ticked a lot of boxes, with security scanning, audit logging and it would allow us to simplify all our disparate repository services into one. As we are a small ISV, we opted for the Pro plan, as $700 per month to host some artefacts seemed like a silly amount of money. We understood the usage-based limits of our plan; however, we quickly realised that many of the features we liked about Cloudsmith also required the next tier plan. Even things as simple as audit logs to identify excessive bandwidth use.

Unfortunately, looking at the cost of artefact management solutions, it seems that this pricing is the norm. Whilst we like what Cloudsmith offers, the value for money doesn't quite stack up in the way it is currently priced. Review collected by and hosted on G2.com.

We chose it for its strong supply chain security, especially its protection against dependency confusion and package tampering. Our teams appreciate the visibility into package usage, automated policy enforcement, and centralized artifact management, all of which supported internal compliance and developer experience. Review collected by and hosted on G2.com.

There is some toil and operational overhead with Cloudsmith, including:

Manual steps required for initial rollout and configuring coverage across all services and the usage dashboards are not as detailed as we would have liked Review collected by and hosted on G2.com.

Cloudsmith is easy to set up, reliable, and supports multiple package formats in one place. The UI and CLI are both intuitive, and it fits nicely into our CI/CD pipelines Review collected by and hosted on G2.com.

Pricing can become a bit expensive at scale, especially with lots of artifacts, but overall the value is still strong. Review collected by and hosted on G2.com.

There is a huge amount of details to like, but on top of my list is definitely the extensive API side by side with the Terraform support.

This is closely followed by a documentation which is not only easy to use and has up to date content, but also has live action API integration, so no guesswork is needed to puzzle together curl commands as you can even test it directly from the documentation and will have a fully working query easy to copy and paste into your own scripts as required.

Combined with an easy to use interface and a very approachable support I would recommend it anytime! Review collected by and hosted on G2.com.

There is one thing missing for perfection: Custom user roles.

If it would be possible to assign users individual rights on specific areas, such as adding upstreams from a curated whitelist, or creating entitlement tokens or even OIDC entries, this would require far less administrative work. Review collected by and hosted on G2.com.