Deploy only trusted workloads for containers and serverless.
View documentation for this product.
Enforce standardized container release practices
Using Binary Authorization, DevOps teams can gain assurance that only explicitly authorized container images will be deployed. By verifying images prior to deployment, you can reduce the risk of unintended or malicious code running in your environment.
Put proactive security measures in place
Binary Authorization helps DevOps teams implement a proactive container security posture by ensuring only verified containers are admitted into the environment and that they remain trusted during runtime.
Binary Authorization integrates with the GKE and Cloud Run control plane to allow or block image deployment based on the policies that you define. You can also leverage integrations with Cloud Build and Container Registry Vulnerability Scanning to enable deploy-time controls based on build information and vulnerability findings.
Define policies at the project and cluster levels based on the security requirements of your organization. Create distinct policies for multiple environments (e.g., production and test) in addition to CI/CD setups.
Policy verification and enforcement
Enforce policies by using Binary Authorization to verify signatures from vulnerability scanning tools like Container Registry Vulnerability Scanning, third-party solutions, or image signatures you generate.
Cloud Security Command Center integration
View results for policy violations as part of your single pane of glass for security in Security Command Center. Explore events such as failed deploy attempts due to policy restriction, or breakglass workflow activities.
Maintain a record of all policy violations and failed deployment attempts using Cloud Audit Logs.
Cloud KMS support
Use an asymmetric key you manage in Cloud Key Management Service to sign images for signature verification.
Open-source support for Kubernetes
Use the open-source Kritis tool to enforce signature verification across both on-premises Kubernetes and cloud GKE deployments.
Dry run support
Test changes to your policy in non-enforcing mode before deploying. See results including would-be-blocked deployments in Cloud Audit Logs.
Bypass policy in an emergency using the breakglass workflow to ensure you aren't impeded from incident response. All breakglass incidents are recorded in Cloud Audit Logs.
Integration with third-party solutions
Integrate Binary Authorization with leading container security and CI/CD partners, such as CloudBees, Twistlock (Palo Alto Networks), and Terraform.
Binary Authorization Getting Started tutorial
Binary Authorization codelab
Secure the Software Supply Chain
Binary Authorization: Deploy only what you trust
Container Registry vulnerability scanning integration guide
Binary Authorization demo video
Next ’19: End-To-End Security and Compliance for Your Kubernetes Software Supply Chain
To learn more about how Binary Authorization is priced, please visit our pricing page.
Take the next step
Start building on Google Cloud with $300 in free credits and 20+ always free products.
Take the next step
Start your next project, explore interactive tutorials, and manage your account.