Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Otorisasi Biner adalah Google Cloud layanan yang
menyediakan keamanan supply chain software dengan menerapkan serangkaian aturan
(kebijakan) pada container
yang di-deploy di Google Cloud
platform berbasis container yang didukung.
Layanan mengizinkan atau memblokir deployment penampung ini berdasarkan kumpulan
aturan tersebut.
Selain itu, Otorisasi Biner menyediakan validasi berkelanjutan
untuk memastikan bahwa setiap penampung yang di-deploy terus mematuhi kebijakan.
Tidak ada integrasi langsung antara Cloud Deploy dan
Otorisasi Biner, tetapi Anda dapat menggunakannya bersama untuk membantu mengamankan
proses pengiriman software.
Manfaat Otorisasi Biner untuk image yang dapat di-deploy
Pada waktu deployment, Otorisasi Biner dapat menggunakan pengesahan
untuk menentukan bahwa proses telah diselesaikan lebih awal. Berikut adalah beberapa contoh
tujuan penggunaan Otorisasi Biner:
Pastikan bahwa image container dibuat oleh sistem build atau
pipeline continuous integration tertentu.
Validasi bahwa image container mematuhi kebijakan penandatanganan kerentanan.
Pastikan bahwa image container lulus kriteria untuk promosi ke target berikutnya.
Langkah selanjutnya
Pelajari lebih lanjut cara menggunakan Otorisasi Biner
untuk membantu memastikan integritas image container Anda.
Coba tutorial, untuk
GKE, guna mengonfigurasi dan menguji kebijakan
Otorisasi Biner yang memerlukan pengesahan.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-03 UTC."],[[["\u003cp\u003eBinary Authorization is a Google Cloud service that enhances software supply-chain security by enforcing rules on container deployments.\u003c/p\u003e\n"],["\u003cp\u003eThe service permits or denies container deployment based on a set of predefined rules, known as a policy.\u003c/p\u003e\n"],["\u003cp\u003eBinary Authorization offers continuous validation to ensure deployed containers remain compliant with the established policy.\u003c/p\u003e\n"],["\u003cp\u003eAt deploy time, Binary Authorization can leverage attestations to confirm the completion of previous processes, such as verifying the build source or compliance with vulnerability signing policy.\u003c/p\u003e\n"],["\u003cp\u003eAlthough there is no direct integration with Cloud Deploy, Binary Authorization can be used in conjunction to bolster the security of the software delivery process.\u003c/p\u003e\n"]]],[],null,["# Secure deployments using Binary Authorization\n\n[Binary Authorization](/binary-authorization) is a Google Cloud service that\nprovides software supply-chain security by enforcing a set of rules\n([policy](/binary-authorization/docs/overview#policy_model)) on containers\ndeployed on a Google Cloud\n[supported container-based platform](/binary-authorization/docs/overview#supported_platforms).\nThe service allows or blocks deployment of these containers based on that set of\nrules.\n\nAlso, Binary Authorization provides [continuous validation](/binary-authorization/docs/overview-cv#overview)\nto ensure that each deployed container continues to conform with policy.\n\nThere is no direct integration between Cloud Deploy and\nBinary Authorization, but you can use them together to help secure your\nsoftware delivery process.\n\nWhat Binary Authorization can do for your deployable images\n-----------------------------------------------------------\n\nAt deploy time, Binary Authorization can use [attestations](/binary-authorization/docs/key-concepts#attestations)\nto determine that a process was completed earlier. Here are some examples of\nwhat you can use Binary Authorization for:\n\n- Verify that a container image was built by a specific build system or\n continuous integration pipeline.\n\n- Validate that a container image complies with vulnerability signing policy.\n\n- Verify that a container image passes criteria for promotion to the next target.\n\nWhat's next\n-----------\n\n- Learn more about how to use [Binary Authorization](/binary-authorization/docs)\n to help ensure the integrity of your container images.\n\n- [Try a tutorial](/binary-authorization/docs/getting-started-cli), for\n GKE, to configure and test a Binary Authorization\n policy that requires attestations.\n\n- Learn about the [deployment lifecycle](/binary-authorization/docs/overview#lifecycle),\n in the context of Binary Authorization."]]