Posts by tag

Artifact Registry

5 posts
View Post
  • 5 min

Practicing The Principle Of Least Privilege With Cloud Build And Artifact Registry

People often use Cloud Build and Artifact Registry in tandem to build and store software artifacts – these include container images, to be sure, but also OS packages and language specific packages. Consider a venn diagram where these same users are also users who use the Google Cloud project as a shared, multi-tenant environment. Because a project is a logical encapsulation for services like Cloud Build and Artifact Registry, administrators of these services want to apply the principle of least privilege in most cases.Of the numerous benefits from practicing this, reducing the blast radius of misconfigurations or malicious users is…
View Post
Share
View Post
  • 4 min

Securing Cloud Run Deployments With Binary Authorization

Running applications and workloads in containers is becoming a standard practice for most organizations, especially organizations running in the cloud. This is due to the many benefits of designing applications as microservices. These benefits include increased scalability, better resiliency, faster deployments etc. As a result of this new ability to develop and push features faster, application and security teams are facing new challenges enforcing governance and control without hindering development speed.One common use case by customers is the ability to maintain different levels of governance for application artifacts depending on the environment. Developers have more autonomy in pre-production environments for…
View Post
Share
View Post
  • 2 min

Container Analysis Support For Maven And Go Automatic Scanning Of Containers In Public Preview

Java and Go vulnerability scanning support Google Cloud’s Container Scanning API now automatically scans Maven and Go packages for vulnerabilities. With the Container Scanning API enabled, any containers including Java (in Maven repositories) and Go language packages that are uploaded to an Artifact Registry repository will be scanned for vulnerabilities. This capability builds on existing Linux OS based vulnerability detection and provides customers with deeper insight into their applications. This feature is in Public Preview which makes it available to all Google Cloud customers. Get started with Artifact Registry via the instructions for Go or the instructions for Java. How…
View Post
Share
View Post
  • 4 min

Introducing GKE Image Streaming For Fast Application Startup And Autoscaling

We’re excited to announce the general availability of a new feature in Google Kubernetes Engine (GKE): image streaming. This revolutionary GKE feature has the potential to drastically improve your application scale-up time, allowing you to respond to increased user demand more rapidly, and save money by provisioning less spare capacity. We achieve this by reducing the image pull-time for your container from several minutes (in the case of large images) to a couple of seconds (irrespective of container size), and allowing your application to start booting immediately while GKE streams the container data in parallel. The way Kubernetes traditionally works when scaling…
View Post
Share
View Post
  • 4 min

Hack Your Own Custom Domains For Container Registry

If you serve public container images from Container Registry or Artifact Registry, you are exposing your project ID and other details to your users downloading this image. However, by writing a small middleware and running it serverless, you can customize how your registry works. In this article, I would like to show you how you can develop and run a serverless reverse proxy to customize the behavior of your registry, such as serving your images publicly on your custom domain name instead of gcr.io.   Anatomy of a “docker pull” Serving container images from a container registry is not magical. All container image…
View Post
Share