Artifact Registry overview

Artifact Registry enables you to centrally store artifacts and build dependencies as part of an integrated Google Cloud experience.

Introduction

Artifact Registry provides a single location for storing and managing your packages and Docker container images. You can:

  • Integrate Artifact Registry with Google Cloud CI/CD services or your existing CI/CD tools.
  • Protect your software supply chain.
  • Protect repositories in a VPC Service Controls security perimeter.
  • Create multiple regional repositories within a single Google Cloud project. Group images by team or development stage and control access at the repository level.

Artifact Registry integrates with Cloud Build and other continuous delivery and continuous integration systems to store packages from your builds. You can also store trusted dependencies that you use for builds and deployments.

Dependency management

Protecting your software supply chain goes beyond using specific tools. The processes and practices you use to develop, build, and run your software also impact the integrity of your software. To learn more about best practices for dependencies, see Dependency management

Software Delivery Shield

Software Delivery Shield is a fully-managed, end-to-end software supply chain security solution. It provides a comprehensive and modular set of capabilities and tools across Google Cloud services that developers, DevOps, and security teams can use to improve the security posture of the software supply chain.

As a part of Software Delivery Shield, Artifact Registry provides:

  • Remote repositories to cache dependencies from upstream public sources so that you have greater control over them and can scan them for vulnerabilities, build provenance, and other dependency information.
  • Virtual repositories to group remote and private repositories behind a single end point. Set a priority on each repository to control search order when downloading or installing an artifact.

You can view security insights about your security posture, build artifacts, and dependencies in Google Cloud console dashboards within Cloud Build, Cloud Run, and GKE.

Feature availability: remote and virtual repositories are not available for public access. To get access to these features, see the access request page.

Artifact Registry and Container Registry

Artifact Registry expands on the capabilities of Container Registry and is the recommended container registry for Google Cloud. If you currently use Container Registry, learn about transitioning from Container Registry to take advantage of new and improved features.

What's next