As enterprises modernize their applications with improved software delivery processes, they face increasing challenges in managing their dependencies—the artifacts that make up their applications, deployed in accordance with security and compliance best practices. Today, we’re excited to announce that Artifact Registry is generally available. With support for container images, Maven, npm packages, and additional formats coming soon, Artifact Registry helps your organization benefit from scale, security, and standardization across your software supply chain. As the evolution of Google Container Registry, Artifact Registry is the single place to store container images as well as language and OS packages. As a fully managed platform, Artifact Registry helps you get total control of the software delivery process with numerous new features, including support for regional repositories, VPC service controls, granular per-repository access controls, and Customer Managed Encryption Keys (CMEK). It also offers built-in vulnerability scanning for container images and integrates with Binary Authorization, so you can enforce validation and define policies to ensure only verified images make it to production. Delivering software both fast and safely is an important goal of enterprise software development. Data from DevOps Research & Assessment (DORA) shows that there’s a vast gap between elite DevOps teams and everyone else in their ability to meet this goal. Artifact Registry brings together many of the best practices employed by elite DevOps teams so that any organization can deliver software at scale, reduce operational overhead, and free developers to focus on building differentiated value for customers. Swiss financial services provider Leonteq Securities is an early adopter of Artifact Registry, and reports that it has allowed them to streamline their software delivery process:“The migration from our on-prem registry to Artifact Registry has been a smooth experience. Artifact Registry builds upon Container Registry by providing us a single place to store, manage, secure, and share both Maven and Docker artifacts. And given Artifact Registry is fully serverless, unlike our on-prem registry, we never run out of space and pay for what we actually use.” – Imants Firsts, Senior Software Engineer, Leonteq SecuritiesLet’s take a deeper look at the features you’ll find in Artifact Registry, and how to get started. Integrate security into your CI/CD pipelineArtifact Registry gives you the freedom to integrate with tools you use and love on a day-to-day basis. It is fully integrated with Cloud Build, Google Cloud’s CI/CD platform, automatically storing, managing, and securing any artifacts it creates. And with baked-in vulnerability scanning, container images are automatically scanned for OS package vulnerabilities. Artifact Registry is also integrated with Google Cloud runtimes such as Google Kubernetes Engine (GKE), Cloud Run, and Compute Engine. So whether you’re deploying to serverless, Kubernetes, or a Virtual Machine environment, Artifact Registry supports your DevOps processes. In addition, because Artifact Registry supports standard protocols, you can easily integrate it with popular CI/CD and security tooling. This enables you to benefit from Artifact Registry’s increased capabilities without having to change all of your existing CI/CD workflow and tooling. StackRox, Qualys, Palo Alto Networks, and Sysdig are early partners who have integrated and verified their tooling with Artifact Registry. StackRox is a Kubernetes-native container security platform that protects cloud-native applications across the entire software life cycle—from build, to deploy, to runtime—and delivers better security, accelerates development velocity, and lowers operational risks. Qualys container security, built on the Qualys Cloud platform, provides comprehensive inventory, security assessment and runtime defense capabilities for containers across the build-ship-run container lifecycle in your hybrid IT environment. Palo Alto Networks Prisma Cloud provides full-lifecycle, full-stack security for any cloud-native workload or application running on Google Cloud. Sysdig secures and monitors containers on Anthos with GKE and GKE On Prem. It provides deep visibility into the risk, health, and performance of cloud-native apps across public, hybrid, and multi-cloud deployments enabling secure and reliable software delivery.Artifact Registry: Evolution of Container Registry With more features, Artifact Registry builds upon the benefits already available in Container Registry. Following are just some of the benefits enterprises can get with Artifact Registry:*Some features are in pre-GA release stages. For full details please see Artifact Registry’s documentation.We’ll continue to develop Artifact Registry with even greater control and security features for both container and non-container artifacts. To take advantage of these improvements and additions, you can learn more about transitioning from Container Registry here. Try it today!With Artifact Registry, you now have an easy way to manage artifacts and improve security within your CI/CD pipeline. Here are more ways you can learn more about Artifact Registry:Artifact Registry for Java application development and deliveryIntro to Artifact RegistryDeploying from Artifact Registry to GKE
Quelle: Google Cloud Platform
Published by