Register today to learn strategies and best practices to power your business with modern cloud apps.
Jump to

Software supply chain security

Google Cloud improves end-to-end software supply chain security with dedicated tooling and built-in automation for policy enforcement, while enabling you to adopt industry standards in a flexible and incremental way.

Benefits

Software supply chain security at cloud-native speed and scale

Shift left on security through software life cycle

Catch security issues early in the process with a holistic solution that spans the entire software life cycle, including developer tools, CI/CD pipelines, artifact repositories, and runtime environments. 

Improve security with proven best practices

Enable software supply chain security with dedicated tooling and automation for high-velocity environments. Automatically block deployments that do not conform to security policies.

Meet you where you are on your security journey

Start today by incorporating the SLSA framework to adopt an incremental pathway toward holistic software supply chain security.  No matter where you are on your journey, our open and pluggable tools can help. 

Key features

Strengthen software supply chain security throughout the software life cycle

Comprehensive vulnerability scanning for improved image security

Scan images for vulnerabilities with on-demand scanning, which gives you granular control over the images you want to scan at various stages of the software development life cycle. For example, you can scan packages or base images before investing any development effort. You can also use the automated scanning feature to ensure every image has scan results available upon repository push.

Managed CI/CD pipelines with enhanced security measures

Use Cloud Build to access managed CI/CD pipelines with support for private networks and isolated and ephemeral build environments. You can also integrate vulnerability scanning for policy-based governance. Need a more controlled rollout? Cloud Build works with Google Cloud Deploy, which offers approval gates between environments (for example, dev, stage, and prod) and fine-grained access control. 

Automated security enforcement at and after deployment time

Get policy-based security enforcement with Binary Authorization. You can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. Running images may then be continuously validated post-deployment to ensure they are constantly conforming to the policies in place. 

Auto-generated build provenance for easy security verification

Quickly generate and verify an artifact’s build provenance with Cloud Build. Build provenance is a collection of verifiable data about where, when, and how build artifacts were created. Cloud Build automatically generates signed provenance, which provides a verifiable record of the build information. It can also help you meet Supply-chain Levels for Software Artifacts (SLSA) level 2 assurance. 

Runtime environments built with security best practices

Improve the security of runtime environments with GKE or Cloud Run — both come with easy integration with Binary Authorization. In addition,  Protect for GKE, currently in preview, provides in-depth guidance into the security posture of your clusters and workloads. And Cloud Run, our serverless platform, lets you run containers in isolated sandboxes for better security. 

S3C diagram

Ready to get started? Contact us

Documentation

Learn how to improve software supply chain security in your organization

Google Cloud Basics
Software supply chain threats

Understand the attack surface of the software supply chain spanning all the way from source, build, publish, and dependencies to deploy.

Best Practice
Protect your software supply chain

Learn best practices that help protect your software across processes and systems in your software supply chain

Tutorial
Secure software supply chains on Google Kubernetes Engine

Learn how to ensure that your software supply chain follows a known and secure path before your code is deployed in a GKE cluster.

What's new

What's new

Sign up for Google Cloud newsletters to receive product updates, event information, special offers, and more.