Renovate
How to integrate Mend Renovate with Cloudsmith

Renovate is a popular open-source dependency update automation tool. It can help you by automating the process of looking for references to dependencies (both public and private) and updating them if newer versions are available. Renovate supports a wide range of package ecosystems (Docker, npm, PyPI, Maven, NuGet, etc.) and works across multiple version control systems (GitHub, GitLab, Azure DevOps, Bitbucket).
Example with Docker
This guide shows how to configure Renovate to work with a private Cloudsmith Docker repository, using the Renovate GitHub App (hosted by Mend) as its primary example.
However, the same approach applies to other package types supported by Cloudsmith, including npm, PyPI, Maven, NuGet, and more..
Why use Renovate with Cloudsmith?
- Keep your dependencies secure and up-to-date.
- Automate the process of consuming new builds published to your Cloudsmith repositories.
- Works with all major package types supported by Cloudsmith.
Configuration Steps
Prerequisites
- You are using either:
- The Renovate GitHub App (hosted version), OR
- A self-hosted instance of Renovate (for full control of credentials).
- A private Cloudsmith repository for your chosen package type.
- A valid authentication method (Entitlement Token, or User/Service API Key) for your Cloudsmith repository. Cloudsmith repositories are private by default. Renovate requires authentication to list available package versions and perform version checks.
Authentication best practices
We recommend using a Cloudsmith Entitlement token instead of an API key.
1. Add your Cloudsmith Entitlement Token as a Secret
In the Mend Developer Dashboard, navigate to Settings → Credentials → Add Secret. This step can be completed at the Repository level or the Organisation level, and define your:
- Secret Name: use
MEND_CLOUDSMITH_TOKEN
. - Secret Value: Use your Cloudsmith entitlement token. Click here to learn how to generate a new one.
- Check the Env var box (if available).

2. Add a Host Rule
The primary purpose of hostRules is to configure credentials for host authentication (in this case, your private repository). In the next step, you'll tell Renovate how to match against your Cloudsmith repository and which credentials to use.
In the Mend Developer Dashboard, navigate to Settings → Host Rules → Add Host Rule and fill in the fields:
Field | value |
---|---|
Description | Cloudsmith Docker Updates |
Host Type | docker (or npm, pip, maven, nuget depending on your package type) |
Host URL | https://docker.cloudsmith.io |
Secret Type | Pasword |
Host Username | YOOUR_ORG_NAME/YOUR_REPO_NAME |
Password | {{ MEND_CLOUDSMITH_TOKEN }} |

renovate.json
You do not need to add a renovate.json file to your repository — the hosted App manages this for you!
3. Example: version upgrade for docker
Once configured, Renovate will automatically:
- Authenticate to your Cloudsmith repository using the newly created Host Rule.
- Scan your project (Dockerfile, package.json, requirements.txt, pom.xml, etc.).
- Check Cloudsmith for newer versions. In the image below, you can observe how Renovate detected an upgraded version of the
datadog-cloudsmith-agent
docker container, from version2.1.0
to2.10.0
.

- Automatically open a pull request with the latest version available. Please, note that Silent Mode needs to be disabled.

Summary
- Renovate can be used with any Cloudsmith-supported package type.
- The Renovate GitHub App hosted via Mend works perfectly with Cloudsmith private repositories with little configuration:.
Updated 21 days ago