Artifacts are files created by software development processes, such as packages, containers, configuration files, or documents. Examples of artifacts include:
- The output of a build such as container images or software packages
- Dependencies that you need in order to build or deploy an application, such as a base image or an open source package
- Configuration files, such as a Helm chart
This page describes Google Cloud's artifact management tools that you can use to store, secure, and deploy your artifacts.
Artifact management tools on Google Cloud
Store artifacts with Artifact Registry, which allows you to securely store and manage your artifacts in private or public repositories. It is the evolution of Container Registry, a Google Cloud service for storing and managing containers.
Manage metadata with Container Analysis, which allows you to:
- Scan container images for known vulnerabilities.
- Add other metadata to container images, such as metadata indicating that the image has passed an integration test suite. You can use Container Analysis to consolidate your metadata from different sources.
Deploy only trusted containers with Binary Authorization. Use it to create security policies so that only approved containers are deployed to Google Kubernetes Engine or Anthos clusters on VMware. Binary Authorization works with container images from Artifact Registry, Container Registry, and other container image registries.
Benefits of an artifact management system
Working with artifacts can be complex because artifacts originate from many sources both inside and outside an organization. Each separate system that you interact with introduces a potential point of failure due to outages or other issues. A single build might include files that originate from:
- Builds across multiple internal teams
- Open source projects in GitHub
- Format-specific sites such as Maven Central and Docker Hub
An artifact management system addresses these complexity and reliability issues by centralizing your artifacts in a single location. You gain more control over your artifacts and how they are used. An artifact repository:
- Acts as a single source of truth and CI/CD integration point for your artifacts.
- Provides features such as version management, vulnerability scanning, and approval workflows.
- Enables unified access control and consistent configuration.
- Provides consistency in your automation for working with artifacts.
- Supports many of the DevOps capabilities for optimizing organizational performance.
Artifact management in the CI/CD workflow
Artifact Management is a core part of a continuous integration and continuous delivery (CI/CD) pipeline. Google Cloud provides integrated end-to-end services for software development, including:
- Cloud Source Repositories for managing your source code.
- Cloud Build for running builds and tests on Google Cloud infrastructure.
- Container Analysis for container metadata management and vulnerability scanning.
- Binary Authorization for software supply-chain security using approval workflows.
- Runtime environments, including Compute Engine, Google Kubernetes Engine, and Cloud Run.
- Cloud Monitoring and Cloud Logging for gathering data on the health of your deployed applications.
You can use these services together or integrate some services with your existing CI/CD tools.
- Try Artifact Registry's quickstarts:
- Try the Quickstart for Container Analysis
- Try the Quickstart for Binary Authorization