Container Registry is deprecated. Effective March 18, 2025, Container Registry is shut down and writing images to Container Registry is unavailable. For more information about the Container Registry deprecation and how to migrate to Artifact Registry, see Container Registry deprecation.
Stay organized with collections
Save and categorize content based on your preferences.
Binary Authorization is a Google Cloud service that provides deploy-time
enforcement of security policies for
Google Kubernetes Engine (GKE) and
Google Distributed Cloud. It supports container
images in Container Registry, Artifact Registry and other container image
registries.
At deploy time, Binary Authorization can use signatures called attestations to determine that a process was completed earlier.
For example, you can use Binary Authorization to:
Verify that a container image was built by a specific build system or
continuous integration (CI) pipeline.
Validate that a container image is compliant with vulnerability signing policy.
Verify that a container image passes criteria for promotion to the next
deployment environment, such as development to QA.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["Binary Authorization is a Google Cloud service that enforces security policies for Google Kubernetes Engine (GKE) and Google Distributed Cloud deployments."],["It supports container images from various registries, including Container Registry and Artifact Registry."],["Binary Authorization uses attestations to verify that processes were completed, such as ensuring an image was built by a specific CI pipeline."],["It can validate container image compliance with vulnerability signing policies."],["It verifies container image eligibility for promotion between environments, like from development to QA."]]],[]]
