Binary Authorization is a service on Google Cloud that provides centralized software supply-chain security for applications that run on Google Kubernetes Engine (GKE) and GKE on-prem. Learn more

Guides

Reference

Resources

Training and tutorials

Try Binary Authorization tutorials, training courses, and Qwiklabs from Google Cloud.

Qwiklabs
Securing Your GKE Deployments with Binary Authorization

This lab describes how to secure a GKE cluster using Binary Authorization.

GKE

Learn more  
Tutorial
Getting started using the command-line tool

Get up and running quickly with GKE and Binary Authorization with this end-to-end getting started tutorial.

GKE

Learn more  
Tutorial
Multi-project setup

Use different projects to restrict access for different activities, enforcing separation of duties.

GKE

Learn more  
Tutorial
Creating attestations based on vulnerability scanning

Use Kritis Signer to scan a container image with before creating attestations.

Kritis Container Analysis

Learn more  
Codelab
Securing Your GKE Deployments with Binary Authorization

Adding deploy-time policy enforcement to your Kubernetes Engine (GKE) cluster.

GKE

Learn more  
How-to
Viewing audit logs

Viewing audit logs for Binary Authorization events.

GKE Cloud Audit Logs

Learn more  
How-to
Viewing audit logs

Viewing audit logs for Binary Authorization events.

GKE on-prem Cloud Audit Logs

Learn more  
How-to
Monitoring metrics

Monitoring metrics from Binary Authorization for GKE on-prem.

GKE on-prem Cloud Monitoring

Learn more  

Use cases

Explore use cases, reference architectures, whitepapers, best practices, and industry solutions.

Best practice
Security controls and forensic analysis for GKE apps

Details instrumentation and tools used in forensic analysis for apps deployed to GKE.

Security Container analysis

Learn more  
Use case
Implementing Binary Authorization using Cloud Build and GKE

Walks you through setting up Binary Authorization for Google Kubernetes Engine.

GKE Cloud Build

Learn more  
Architecture
Help secure software supply chains on Google Kubernetes Engine

Shows you how to ensure that your supply chain follows a known and secure path before you deploy your code in a Google Kubernetes Engine cluster.

DevOps

Learn more  

Code samples

Dive into coding with examples that demonstrate how to use and connect Google Cloud services.

terraform

Google Provider

With Google Provider for Terraform you can configure your Google Cloud infrastructure

Learn more  

terraform

Attestor Provider

Create Binary Authorization attestors

Learn more  

terraform

IAM policy for Binary Authorization Attestor

Three different resources help you manage your IAM policy for Binary Authorization Attestor.

Learn more  

terraform

Binary Authorization Policy

Configure a Binary Authorization polcy.

Learn more  

Videos