Secure deployments using Binary Authorization

Binary Authorization is a Google Cloud service that provides software supply-chain security by enforcing a set of rules (policy) on containers deployed on a Google Cloud supported container-based platform. The service allows or blocks deployment of these containers based on that set of rules.

Also, Binary Authorization provides continuous validation to ensure that each deployed container continues to conform with policy.

There is no direct integration between Cloud Deploy and Binary Authorization, but you can use them together to help secure your software delivery process.

What Binary Authorization can do for your deployable images

At deploy time, Binary Authorization can use attestations to determine that a process was completed earlier. Here are some examples of what you can use Binary Authorization for:

  • Verify that a container image was built by a specific build system or continuous integration pipeline.

  • Validate that a container image complies with vulnerability signing policy.

  • Verify that a container image passes criteria for promotion to the next target.

What's next

  • Learn more about how to use Binary Authorization to help ensure the integrity of your container images.

  • Try a tutorial, for GKE, to configure and test a Binary Authorization policy that requires attestations.

  • Learn about the deployment lifecycle, in the context of Binary Authorization.