Access your packages via a white-labelled domain specified by you. If your company brand and trust is important to you and your customers, whitelabelling will allow you to present your own company's domain as the endpoint for storage and configuration such as GPG keys, install scripts, etc.
Security is paramount at Cloudsmith, and we take pride in taking every precaution to secure the service. All communication and storage is encrypted in-transit and at-rest (with 256-bit or hardware-based encryption). Checksums and GPG signatures are provided to detect tampering. For increased trust you can also provide your own GPG key for signing.
Malware scanning on every package at the point of upload helps to ensure that your ecosystem is free from malware and other potentially unsafe constructs. Watch this space for additional vulnerability management.