Use Binary Authorization

Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed to your Cloud Run resources. With Binary Authorization, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. By enforcing validation, you can gain tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process.

To deploy functions in Cloud Run, the Binary Authorization policy administrator must configure a Binary Authorization policy to exempt all images from the following repository and its subdirectories:

REGION-docker.pkg.dev/PROJECT_ID/cloud-run-source-deploy/**

Learn how to set up Binary Authorization for Cloud Run.