Securing deployments

Binary Authorization is a Google Cloud service that provides deploy-time enforcement of security policies for supported Google Cloud environments, including Google Kubernetes Engine (GKE), Cloud Run, and Anthos clusters on VMware. It supports container images in Artifact Registry and other container image registries.

At deploy time, Binary Authorization can use signatures called attestations to determine that a process was completed earlier. For example, you can use Binary Authorization to:

  • Verify that a container image was built by a specific build system or continuous integration (CI) pipeline.
  • Validate that a container image is compliant with vulnerability signing policy.
  • Verify that a container image passes criteria for promotion to the next deployment environment, such as development to QA.

To learn about using Binary Authorization see the Binary Authorization documentation.