At deploy time, Binary Authorization can use signatures called attestations to determine that a process was completed earlier.
For example, you can use Binary Authorization to:
Verify that a container image was built by a specific build system or
continuous integration (CI) pipeline.
Validate that a container image is compliant with vulnerability signing policy.
Verify that a container image passes criteria for promotion to the next
deployment environment, such as development to QA.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eBinary Authorization is a Google Cloud service that enforces security policies at deploy-time for environments like GKE, Cloud Run, and Google Distributed Cloud.\u003c/p\u003e\n"],["\u003cp\u003eIt supports container images in Artifact Registry and other container image registries by verifying signatures called attestations.\u003c/p\u003e\n"],["\u003cp\u003eBinary Authorization can verify that a container image was built by a specific system, is compliant with vulnerability signing policy, or meets promotion criteria.\u003c/p\u003e\n"],["\u003cp\u003eIt provides documentation on how to use Binary Authorization on their documentation site.\u003c/p\u003e\n"]]],[],null,["# Securing deployments\n\nBinary Authorization is a Google Cloud service that provides deploy-time\nenforcement of security policies for [supported Google Cloud environments](/binary-authorization/docs/overview#supported_platforms), including\n[Google Kubernetes Engine (GKE)](/kubernetes-engine/docs),\n[Cloud Run](/run/docs), and\n[Google Distributed Cloud](/anthos/gke/docs/on-prem). It supports container\nimages in Artifact Registry and other container image registries.\n\nAt deploy time, Binary Authorization can use signatures called attestations to determine that a process was completed earlier.\nFor example, you can use Binary Authorization to:\n\n- Verify that a container image was built by a specific build system or continuous integration (CI) pipeline.\n- Validate that a container image is compliant with vulnerability signing policy.\n- Verify that a container image passes criteria for promotion to the next deployment environment, such as development to QA.\n\nTo learn about using Binary Authorization see the\n[Binary Authorization documentation](/binary-authorization/docs)."]]
