Software Supply Chain Security

Take advantage of Cloud Workstations, which provides fully managed development environments on Google Cloud to protect your source code and its development environments. Cloud Workstations comes with built-in security best practices, such as VPC Service Controls, private ingress and egress, forced image updates, and IAM access policies. 

Store, secure, and manage your build artifacts in Artifact Registry and proactively detect vulnerabilities with the on-demand and automated scanning of Container Analysis. Enhance the security of your application's open source dependencies using our Assured Open Source Software, which provides a trusted source for you to access and incorporate Google curated and tested OSS packages.  

Access managed CI with Cloud Build, which provides out-of-the-box support for SLSA level 3 builds and comes with security features, such as VPC Service Controls, SLSA level insights, and isolated and ephemeral build environments. Cloud Build also works with Google Cloud Deploy, our CD platform, which offers built-in security best practices, such as granular IAM controls and approval gates.  

Improve the security of your running applications with GKE and Cloud Run. GKE comes with native security features that provide actionable guidance into the security posture of your applications, such as a centralized security dashboard and automated scanning and alerting. Cloud Run, our secure serverless platform, provides insights into the SLSA levels and vulnerabilities of running containers. 

Enhance the security of your software supply chain by establishing, verifying, and maintaining a chain of trust throughout your SDLC. Based on the attestations collected along the SDLC, Binary Authorization helps define, verify, and enforce trust-based policies to meet the scale and speed requirements of modern application development.