Application Development

Node, Python and Java repositories now available in Artifact Registry

As a developer, you need a secure place to store all your stuff: container images of course, but also language packages that can enable code reuse across multiple applications. Today, we’re pleased to announce support for Node.js, Python and Java repositories for Artifact Registry in Preview. With today’s announcement, you can not only use Artifact Registry to secure and distribute container images, but also manage and secure your other software artifacts. 

At the same time, the Artifact Registry managed service provides advantages over on-premises registries. As a fully serverless platform, it scales based on demand, so you only pay for what you actually use. Enterprise security features such as VPC-SC, CMEK, and granular IAM ensure you get greater control and security features for both container and non-container artifacts. You can also connect to tools you are already using as a part of a CI/CD workflow. 

Let’s take a closer look at the features you’ll find in Artifact Registry, giving you a fully-managed tool to store, manage, and secure all your artifacts. 

Expanded repository formats

With support for new repository formats, you can streamline and get a consistent view across all your artifacts. Now, supported artifacts include:

  • Java packages  (using the Maven repository format)

  • Node.js packages (using the npm repository format)

  • Python packages (using the PyPI repository format)

In addition to existing container images and Helm charts (using the Docker repository format). 

Easy integration with your CI/CD toolchain

You can also integrate Artifact Registry, including the new repository formats, with Google Cloud’s build and runtime services or your existing build system. The following are just some of the use cases that are made possible by this integration:

  • Deployment to Google Kubernetes Engine (GKE), Cloud Run, Compute Engine and other runtime services 

  • CI/CD with Cloud Build, with automatic vulnerability scanning for OCI images 

  • Compatibility with Jenkins, Circle CI, TeamCity and other CI tools 

  • Native support for Binary Authorization to ensure only approved artifact images are deployed

  • Storage and management of artifacts in a variety of formats

  • Streamlined authentication and access control across repositories using Google Cloud IAM

A more secure software supply chain

Storing trusted artifacts in private repositories is a key part of a secure software supply chain and helps mitigate the risks associated with using artifacts directly from public repositories. With Artifact Registry, you can:

  • Scan container images for vulnerabilities

  • Protect repositories via a security perimeter (VPC-SC support)

  • Configure access control at the repository level using Cloud IAM

  • Use customer managed encryption keys (CMEK) instead of the default Google-managed encryption

  • Use Cloud Audit Logging to track and review repository usage

Optimize your infrastructure and maintain data compliance

Artifact Registry provides regional support, enabling you to manage and host artifacts in the regions where your deployments occur, reducing latency and cost. By implementing regional repositories, you can also comply with your local data sovereignty and security requirements.

Get started today

These new features are available to all Artifact Registry customers. Pricing for language packages is the same as container pricing; see the pricing documentation for details.To get started using Node.js, Python and Java repositories, try the quickstarts in the Artifact Registry documentation.