This document includes the best practices and guidelines for Artifact Registry when running generative AI workloads on Google Cloud. Use Artifact Registry with Vertex AI to streamline your machine learning (ML) development and deployment process, improve collaboration, and ensure the security and reliability of your ML models.
Consider the following use cases for Artifact Registry with Vertex AI:
- Manage your ML artifacts: Artifact Registry lets you store and manage all your ML artifacts in a single place, including model training code, datasets, trained models, and prediction serving containers. You can use this centralized repository to track, share, and reuse your ML artifacts across different teams and projects.
- Version control and reproducibility: Artifact Registry provides version control for your ML artifacts, helping you track changes and roll back to previous versions, if needed. This feature is crucial for ensuring the reproducibility of your ML experiments and deployments.
- Secure and reliable storage: Artifact Registry offers secure and reliable storage for your ML artifacts. These artifacts are encrypted at rest and in transit. Configure access control to restrict who can access the artifacts to help protect your valuable data and intellectual property.
- Integration with Vertex AI Pipelines: Integrate Artifact Registry with Vertex AI Pipelines to build and automate your ML workflows. Use Artifact Registry to store your pipeline artifacts (for example, your pipeline definitions, code, and data) and to automatically trigger pipeline runs when new artifacts are uploaded.
- Streamline CI/CD for ML: Integrate Artifact Registry with your CI/CD tooling to streamline the development and deployment of your ML models. For example, use Artifact Registry to automatically build and deploy your model serving container whenever you push a new version of your model to Artifact Registry.
- Multi-region support: Artifact Registry lets you store your artifacts in multiple regions, which can help improve the performance and availability of your ML models, especially if you have users located in different parts of the world.
Required Artifact Registry controls
The following controls are strongly recommended when using Artifact Registry.
Configure vulnerability scanning for artifacts
| Google control ID | AR-CO-6.2 |
|---|---|
| Category | Required |
| Description | Use Artifact Analysis or another tool to scan for vulnerabilities in images and packages within Artifact Registry. If you use a third-party scanning tool, you must deploy these tools correctly to scan Artifact Registry for vulnerabilities in images and packages. |
| Applicable products |
|
| Path | serviceusage.getservice |
| Operator | = |
| Value |
|
| Related NIST-800-53 controls |
|
| Related CRI profile controls |
|
| Related information |
Recommended controls based on generative AI use case
If you handle sensitive data or sensitive generative AI workloads, we recommend that you implement the following controls in your applicable generative AI use cases.
Create cleanup policies for artifacts
| Google control ID | AR-CO-6.1 |
|---|---|
| Category | Recommended based on use case |
| Description | Cleanup policies are useful if you store many versions of your artifacts but only need to keep specific versions that you release to production. Create separate cleanup policies for deleting artifacts and retaining artifacts. |
| Applicable products |
|
| Related NIST-800-53 controls |
|
| Related CRI profile controls |
|
| Related information |
What's next
Review BigQuery controls.
See more Google Cloud security best practices and guidelines for generative AI workloads.