Software Supply Chain Security

Enhances software supply chain security across the entire software development life cycle from development, supply, and CI/CD to runtimes. 

Benefits

Holistic software supply chain security solution built on best practices

Shift left on security through software life cycle

Catch security issues early in the process with a holistic solution that starts from securing your development environments and software dependencies all the way to protecting your application at runtime. 

Improve security with proven best practices

Tackle the complicated supply chain security challenge with a tested approach built on industry best practices and Google’s decades of experience protecting our own software supply chains.

Meet you where you are on your security journey

Incrementally improve your security posture by incorporating the open and pluggable tools into your existing practices. No matter how early or advanced you are on this journey, you can get started today.

Key features

Strengthen software supply chain security throughout the development life cycle

Enhance application security in development environments

Take advantage of Cloud Workstations, which provides fully managed development environments on Google Cloud to protect your source code and its development environments. Cloud Workstations comes with built-in security best practices, such as VPC Service Controls, private ingress and egress, forced image updates, and IAM access policies. 

Improve the security of your application images and dependencies

Store, secure, and manage your build artifacts in Artifact Registry and proactively detect vulnerabilities with the on-demand and automated scanning of Container Analysis. Enhance the security of your application's open source dependencies using our Assured Open Source Software, which provides a trusted source for you to access and incorporate Google curated and tested OSS packages.  

Strengthen the security of your CI/CD pipeline

Access managed CI with Cloud Build, which provides out-of-the-box support for SLSA level 3 builds and comes with security features, such as VPC Service Controls, SLSA level insights, and isolated and ephemeral build environments. Cloud Build also works with Google Cloud Deploy, our CD platform, which offers built-in security best practices, such as granular IAM controls and approval gates.  

Protect your running applications

Improve the security of your running applications with GKE and Cloud Run. GKE comes with native security features that provide actionable guidance into the security posture of your applications, such as a centralized security dashboard and automated scanning and alerting. Cloud Run, our secure serverless platform, provides insights into the SLSA levels and vulnerabilities of running containers. 

Enforce trust-based security policies throughout your SDLC

Enhance the security of your software supply chain by establishing, verifying, and maintaining a chain of trust throughout your SDLC. Based on the attestations collected along the SDLC, Binary Authorization helps define, verify, and enforce trust-based policies to meet the scale and speed requirements of modern application development.

Ready to get started? Contact us

Documentation

Learn more about Software Supply Chain Security

Google Cloud Basics

Software supply chain threats

Understand the attack surface of the software supply chain spanning all the way from source, build, publish, and dependencies to deploy.

Google Cloud Basics

Assess your security posture

This guide gives you frameworks and tools that you can use to assess your security posture and identify ways to mitigate threats.

Google Cloud Basics

Software Supply Chain Security overview

Get an overview of the Software Supply Chain Security solution and its components.

Quickstart

Build an application and view security insights

This quickstart shows how to build an application and view security insights for the build in the Software Supply Chain Security's insights panel in Cloud Build. 

Quickstart

Deploy to Cloud Run and view security insights

This quickstart shows how to deploy a container image to Cloud Run and view security insights in Software Supply Chain Security's insights panel in Cloud Run. 

Google Cloud Basics

Deploy to GKE and view security insights

This quickstart shows how to deploy a container image to Google Kubernetes Engine and view security insights in its security posture management dashboard.

Not seeing what you’re looking for?

Take the next step

Tell us what you’re solving for. A Google Cloud expert will help you find the best solution.

Google Cloud
  • ‪English‬
  • ‪Deutsch‬
  • ‪Español‬
  • ‪Español (Latinoamérica)‬
  • ‪Français‬
  • ‪Indonesia‬
  • ‪Italiano‬
  • ‪Português (Brasil)‬
  • ‪简体中文‬
  • ‪繁體中文‬
  • ‪日本語‬
  • ‪한국어‬
Console
Google Cloud