Writing software and seeing it come to life are often the most gratifying aspects of work as a software developer. Conversely, the badge of honor for the most challenging aspect of software development goes to (drum roll please) … package management!
We have come a long way from having to write code from scratch or simply settling for the native libraries that accompany a given language. Software developers experience a huge sense of relief when they can leverage pre-existing software packages. Want the most commonly used ML algorithms on Spark? There is MLLib for that. Want the Python code for N-dimensional arrays? There is the NumPy package for that.
If you are a developer, finding a package is no guarantee that you will or should use it.
- Does the package have a valid license?
- Is it from a trustworthy source?
- Is it possible that the package has been tampered with (remember Solarwinds)?
There is an innumerable number of such irksome questions that an enterprise has to answer before letting a developer download packages and eventually ship them.
With managing great complexity comes an incredible amount of risk, both from the mechanics of relying on code that you didn’t write and from having to rely on sources you don’t control.
And the bigger your software supply chain, including other software supply chains that contribute to yours, the bigger the risk surface. It results in less visibility, less control, and ultimately more risk.
While on-premise package repositories solve the security problems (to some extent), there is a non-trivial amount of management overhead and demands top-notch performance from 24×7 globally distributed teams.
Whether for security, legal, IP, or performance reasons, modern organizations need control and freedom–control of where their software assets are stored, how and to whom it is distributed, and the freedom to do so without managing the underlying infrastructure.
There’s an incredible amount of information that contributes to this – more than any single person can possibly fathom, let alone fully understand. Maximizing the velocity of delivery shouldn’t be done by sacrificing safety and quality, so teams need to slow down in order to accelerate delivering quality software at speed while still being safe: less haste, more speed.
After all, no one becomes a software developer to simply manage their package solution full-time. It should be as continuous and automated as the rest of their cloud-based tech stack.
Cloudsmith is a cloud-native package management solution built from the ground up for modern software development teams that want top-notch productivity without compromising on security.
The company’s Continuous Packaging (CP) complements the juxtaposition between CI/CD, providing a single source of truth, a unified process, and a data/control plane that stretches from source through to delivery; removing the ad-hoc.
Customers ranging from Carta to Font Awesome use Cloudsmith so that they can stop worrying about package management. By using Cloudsmith, they have pulled all the stops in delivering top-notch performance for distributed teams while also securing software development pipelines down to their very last mile.
What Alan Carson and Lee Skillen have built isn’t just a fast-growing startup; In just five years, they’ve built a customer base that loves the product and continues to grow alongside it. Having started the company to solve a problem they personally faced within the legacy package management ecosystem, they knew exactly what their customers wanted from their cloud-native packaging solution.
We are thrilled to partner with Alan, Lee, and the Cloudsmith team in what will be an enriching journey.