Container Registry tidak digunakan lagi. Mulai 18 Maret 2025, Container Registry akan dinonaktifkan dan penulisan image ke Container Registry tidak tersedia. Untuk mengetahui informasi selengkapnya tentang penghentian penggunaan Container Registry dan cara melakukan migrasi ke Artifact Registry, lihat Penghentian penggunaan Container Registry.
Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Artifact Analysis menyediakan pemindaian kerentanan dan penyimpanan metadata untuk
container melalui Artifact Analysis. Layanan pemindaian
melakukan pemindaian kerentanan pada image di Artifact Registry dan
Container Registry, lalu menyimpan metadata yang dihasilkan dan menyediakannya untuk
digunakan melalui API. Penyimpanan metadata memungkinkan penyimpanan informasi dari
berbagai sumber, termasuk pemindaian kerentanan, layanan Cloud lainnya, dan
penyedia pihak ketiga.
Artifact Analysis sebagai API informasi strategis
Dalam konteks pipeline CI/CD, Analisis Artefak dapat
diintegrasikan untuk menyimpan metadata tentang proses deployment Anda dan membuat keputusan
berdasarkan metadata tersebut.
Pada berbagai fase proses rilis, orang atau sistem otomatis dapat menambahkan
metadata yang menjelaskan hasil aktivitas. Misalnya, Anda dapat menambahkan
metadata ke image yang menunjukkan bahwa image tersebut telah lulus rangkaian pengujian integrasi
atau pemindaian kerentanan.
Gambar 1. Diagram yang menunjukkan Analisis Penampung sebagai komponen pipeline CI/CD
yang berinteraksi dengan metadata di seluruh tahap sumber, build, penyimpanan, dan deployment
serta lingkungan runtime.
Pemindaian kerentanan dapat dilakukan secara otomatis atau sesuai permintaan:
Jika pemindaian otomatis diaktifkan, pemindaian akan otomatis terpicu setiap kali Anda mengirim image baru ke Artifact Registry atau Container Registry. Informasi kerentanan
terus diperbarui saat kerentanan baru ditemukan.
Jika Pemindaian On-Demand diaktifkan,
Anda harus menjalankan perintah untuk memindai image lokal atau image di
Artifact Registry atau Container Registry. Pemindaian On-Demand memberi Anda
fleksibilitas yang lebih besar saat memindai penampung. Misalnya, Anda dapat memindai
image yang dibuat secara lokal dan memperbaiki kerentanan sebelum menyimpannya di
registry.
Hasil pemindaian tersedia hingga 48 jam setelah pemindaian selesai, dan informasi kerentanan tidak diperbarui setelah pemindaian.
Dengan Analisis Artefak yang terintegrasi ke dalam pipeline CI/CD, Anda dapat
membuat keputusan berdasarkan metadata tersebut. Misalnya, Anda dapat menggunakan
Otorisasi Biner untuk membuat kebijakan deployment yang
hanya mengizinkan deployment untuk image yang mematuhi kebijakan dari registry tepercaya.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-11 UTC."],[[["\u003cp\u003eArtifact Analysis provides vulnerability scanning for container images in Artifact Registry and Container Registry, storing and making the resulting metadata available via an API.\u003c/p\u003e\n"],["\u003cp\u003eIt can integrate into CI/CD pipelines, allowing metadata storage about the deployment process to inform decision-making.\u003c/p\u003e\n"],["\u003cp\u003eMetadata can be added at different stages of the release process, like indicating if an image passed integration tests or a vulnerability scan.\u003c/p\u003e\n"],["\u003cp\u003eVulnerability scanning can be automatic upon pushing new images or on-demand for more control over the scanning process, offering flexibility.\u003c/p\u003e\n"],["\u003cp\u003eIntegration with tools like Binary Authorization allows creating policies that permit deployments only for compliant images from trusted sources.\u003c/p\u003e\n"]]],[],null,["# Container analysis and vulnerability scanning\n\n\u003cbr /\u003e\n\nArtifact Analysis provides vulnerability scanning and metadata storage for\ncontainers through Artifact Analysis. The scanning service\nperforms vulnerability scans on images in Artifact Registry and\nContainer Registry, then stores the resulting metadata and makes it available for\nconsumption through an API. Metadata storage allows storing information from\ndifferent sources, including vulnerability scanning, other Cloud services, and\nthird-party providers.\n\nArtifact Analysis as a strategic information API\n------------------------------------------------\n\nIn the context of your CI/CD pipeline, Artifact Analysis can be\nintegrated to store metadata about your deployment process and make decisions\nbased on that metadata.\n\nAt various phases of your release process, people or automated systems can add\nmetadata that describes the result of an activity. For example, you might add\nmetadata to your image indicating that it has passed an integration test suite\nor a vulnerability scan.\n\n**Figure 1.** Diagram that shows Container Analysis as CI/CD pipeline component\nthat interacts with metadata across source, build, storage, and deployment\nstages as well as runtime environments.\n\nVulnerability scanning can occur automatically or on-demand:\n\n- When [automatic scanning](/container-analysis/docs/vulnerability-scanning) is\n enabled, scanning triggers automatically every time you push a new image to\n Artifact Registry or Container Registry. Vulnerability information is\n continuously updated when new vulnerabilities are discovered.\n\n- When [On-Demand Scanning](/container-analysis/docs/on-demand-scanning) is enabled,\n you must run a command to scan a local image or an image in\n Artifact Registry or Container Registry. On-Demand Scanning gives you\n more flexibility around when you scan containers. For example, you can scan a\n locally-built image and remediate vulnerabilities before storing it in a\n registry.\n\n Scanning results are available for up to 48 hours after the scan is\n completed, and vulnerability information is not updated after the scan.\n\nWith Artifact Analysis integrated into your CI/CD pipeline, you can\nmake decisions based on that metadata. For example, you can use\n[Binary Authorization](/binary-authorization/docs) to create deployment policies that\nonly allow deployments for compliant images from trusted registries.\n\nTo learn about using Artifact Analysis see the\n[Artifact Analysis documentation](/container-analysis/docs)."]]
