Binary Authorization is a service on Google Cloud that provides centralized software supply-chain security for applications that run on Google Kubernetes Engine (GKE) and Anthos clusters on VMware. Learn more

Guides

Reference

Resources

Training and tutorials

Try Binary Authorization tutorials, courses, and self-paced training from Google Cloud Skills Boost.

Training

Secure your GKE Deployments with Binary Authorization

This lab describes how to secure a GKE cluster using Binary Authorization.

GKE

Learn more  
Codelab

Secure your GKE Deployments with Binary Authorization

Add deploy-time policy enforcement to your GKE cluster.

GKE

Learn more  
Tutorial

Get started using the command-line tool

Get up and running quickly with GKE and Binary Authorization with this end-to-end getting started tutorial.

GKE

Learn more  
Tutorial

Multi-project setup

Use different projects to restrict access for different activities, enforcing separation of duties.

GKE

Learn more  
Tutorial

Create attestations based on vulnerability scanning

Use Kritis Signer to scan a container image with Container Analysis before creating attestations.

Kritis Container Analysis

Learn more  
How-to

View audit logs for Binary Authorization

View audit logs for Binary Authorization events.

GKE Cloud Audit Logs

Learn more  
How-to

View audit logs for Binary Authorization for Anthos clusters on VMware

View audit logs for Binary Authorization events for Anthos clusters on VMware.

GKE on-prem Cloud Audit Logs

Learn more  
How-to

Monitor metrics for Binary Authorization for Anthos clusters on VMware

Monitor metrics from Binary Authorization for GKE on-prem.

GKE on-prem Cloud Monitoring

Learn more  

Use cases

Explore use cases, reference architectures, whitepapers, best practices, and industry solutions.

Best practice

Security controls and forensic analysis for GKE apps

Details instrumentation and tools used in forensic analysis for apps deployed to GKE.

Security Container analysis

Learn more  
Use case

Implement Binary Authorization using Cloud Build and GKE

Walks you through setting up Binary Authorization for GKE.

GKE Cloud Build

Learn more  
Architecture

Help secure software supply chains on GKE

Shows you how to ensure that your supply chain follows a known and secure path before you deploy your code in a GKE cluster.

DevOps

Learn more  

Code samples

Dive into coding with examples that demonstrate how to use and connect Google Cloud services.

terraform

Google Provider

With Google Provider for Terraform, you can configure your Google Cloud infrastructure.

Learn more  

terraform

Attestor Provider

Create Binary Authorization attestors.

Learn more  

terraform

IAM policy for Binary Authorization Attestor

Three different resources help you manage your IAM policy for Binary Authorization Attestor.

Learn more  

terraform

Binary Authorization Policy

Configure a Binary Authorization policy.

Learn more  

Videos