Cloudsmith, a hosted package management service, is extending its support for vulnerability scanning to include Docker, Ruby, Python, Composer, Maven, NuGet, Golang, Cargo, and npm. This feature automatically scans supported package types for Common Vulnerabilities and Exposures (CVEs) when packages are pushed or fetched from public repositories. Cloudsmith also offers symbiotic features such as webhooks, quarantining, and upstreaming to create workflows and drive actions. These features enable teams to integrate vulnerability scanning with other tools in their build pipelines, block downloads of vulnerable packages, and trigger rescans on demand. Additionally, Cloudsmith is working to integrate its security scanner with emerging standards like the Vulnerability-Exploitability eXchange (VEX) and Software Bill of Materials (SBOMs).