A research initiative by JFrog critically evaluates Cloudsmith's software supply chain security solution, highlighting significant deficiencies in its approach to application security. The study finds that Cloudsmith relies heavily on Trivy, an open-source software composition analysis (SCA) tool from Aqua Security, without acknowledging this dependency, raising concerns about security expertise and the robustness of their offering. This reliance results in several blind spots, such as failing to detect well-known vulnerabilities and generating excessive false positives, thereby creating noise in security workflows. Furthermore, Cloudsmith lacks critical security features, including static application security testing (SAST), runtime protection, and secrets detection, which are essential for comprehensive software supply chain security. In contrast, JFrog emphasizes its internally developed, advanced security solutions that include tailored SCA, SAST, and runtime protection, supported by proprietary threat intelligence and a dedicated security research team, aiming to offer more precise and actionable security measures.