As a developer, you need a secure place to store all your stuff: container images of course, but also language packages that can enable code reuse across multiple applications. Today, we’re pleased to announce support for Node.js, Python and Java repositories for Artifact Registry in Preview. With today’s announcement, you can not only use Artifact Registry to secure and distribute container images, but also manage and secure your other software artifacts. At the same time, the Artifact Registry managed service provides advantages over on-premises registries. As a fully serverless platform, it scales based on demand, so you only pay for what you actually use. Enterprise security features such as VPC-SC, CMEK, and granular IAM ensure you get greater control and security features for both container and non-container artifacts. You can also connect to tools you are already using as a part of a CI/CD workflow. Let’s take a closer look at the features you’ll find in Artifact Registry, giving you a fully-managed tool to store, manage, and secure all your artifacts. Expanded repository formatsWith support for new repository formats, you can streamline and get a consistent view across all your artifacts. Now, supported artifacts include:Java packages (using the Maven repository format)Node.js packages (using the npm repository format)Python packages (using the PyPI repository format)In addition to existing container images and Helm charts (using the Docker repository format). Easy integration with your CI/CD toolchainYou can also integrate Artifact Registry, including the new repository formats, with Google Cloud’s build and runtime services or your existing build system. The following are just some of the use cases that are made possible by this integration:Deployment to Google Kubernetes Engine (GKE), Cloud Run, Compute Engine and other runtime services CI/CD with Cloud Build, with automatic vulnerability scanning for OCI images Compatibility with Jenkins, Circle CI, TeamCity and other CI tools Native support for Binary Authorization to ensure only approved artifact images are deployedStorage and management of artifacts in a variety of formatsStreamlined authentication and access control across repositories using Google Cloud IAMA more secure software supply chainStoring trusted artifacts in private repositories is a key part of a secure software supply chain and helps mitigate the risks associated with using artifacts directly from public repositories. With Artifact Registry, you can:Scan container images for vulnerabilitiesProtect repositories via a security perimeter (VPC-SC support)Configure access control at the repository level using Cloud IAMUse customer managed encryption keys (CMEK) instead of the default Google-managed encryptionUse Cloud Audit Logging to track and review repository usageOptimize your infrastructure and maintain data complianceArtifact Registry provides regional support, enabling you to manage and host artifacts in the regions where your deployments occur, reducing latency and cost. By implementing regional repositories, you can also comply with your local data sovereignty and security requirements.Get started todayThese new features are available to all Artifact Registry customers. Pricing for language packages is the same as container pricing; see the pricing documentation for details.To get started using Node.js, Python and Java repositories, try the quickstarts in the Artifact Registry documentation.Node.js Quickstart GuidePython Quickstart GuideJava Quickstart GuideVideo Overview: using Maven in Artifact RegistryRelated ArticleHow we’re helping to reshape the software supply chain ecosystem securelyWe’re sharing some of the security best practices we employ and investments we make in secure software development and supply chain risk …Read Article
Quelle: Google Cloud Platform
Published by