Using a centralized, private repository to host your internal code as a package not only enables code reuse, but also simplifies and secures your existing software delivery pipeline. By using the same formats and tools as you would in the open-source ecosystem, you can leverage the same advantages, simplify your build, and keep your business logic and applications secure.Language repository formats, now generally availableAs of today, support for language repositories in Artifact Registry is now generally available, allowing you to store all your language-specific artifacts in one place. Supported package types include:Java packages (using the Maven repository format)Node.js packages (using the npm repository format)Python packages (using the PyPI repository format)OS repository formats in previewAdditionally, support for new repository formats for Linux distributions is in public preview, allowing developers to create private internal-only packages and securely use them across multiple applications deployed to Linux environments. New supported artifact formats include:Debian packages (using the Apt repository format)RPM packages (using the Yum repository format)This is in addition to existing container images and Helm charts (using the Docker repository format). Your own secure supply chainStoring your packages in Artifact Registry not only enables code reuse, but also simplifies and secures your existing build pipeline. In addition to bringing your internal packages to a managed repository, using Artifact Registry also allows you to take additional steps to improve the security of your software delivery pipeline:Use Container Analysis to scan containers that use your private packages for vulnerabilitiesInclude your repositories in a Virtual Private Cloud to control accessMonitor repository usage with Cloud Audit LogsUse the binauthz-attestation builder with Cloud Build to create attestations that Binary Authorization verifies before allowing container deploymentUse Cloud Identity and Access Management (IAM) for repository access controlSeamless authenticationWith credential helpers to authenticate access for installers based on Cloud Identity and Access Management (IAM) permissions, using Artifact Registry to host your packages makes authentication to private repositories easy. By managing IAM groups, administrators can control access to repositories via the same tools used across Google Cloud.Regional repositories lower cost and enable data complianceArtifact Registry provides regional support, enabling you to manage and host artifacts in the regions where your deployments occur, reducing latency and cost. By implementing regional repositories, you can also comply with your local data sovereignty and security requirements.Get started todayThese repository formats are now generally available to all Artifact Registry customers. Pricing for language repositories is the same as container pricing; see the pricing documentation for details. To get started using language and OS repositories, try the quickstarts in the Artifact Registry documentation.Node.js Quickstart GuidePython Quickstart GuideJava Quickstart GuideApt Quickstart GuideRPM Quickstart GuideRelated ArticleNode, Python and Java repositories now available in Artifact RegistryExpanded language support lets you store Java, Node and Python artifacts in Artifact Registry, for a more secure software supply chain.Read Article
Quelle: Google Cloud Platform
Published by