Binary Authorization is a Google Cloud service that provides deploy-time enforcement of security policies for supported Google Cloud environments , including Google Kubernetes Engine (GKE) , Cloud Run , and Google Distributed Cloud . It supports container images in Artifact Registry and other container image registries.
At deploy time, Binary Authorization can use signatures called attestations to determine that a process was completed earlier. For example, you can use Binary Authorization to:
- Verify that a container image was built by a specific build system or continuous integration (CI) pipeline.
- Validate that a container image is compliant with vulnerability signing policy.
- Verify that a container image passes criteria for promotion to the next deployment environment, such as development to QA.
To learn about using Binary Authorization see the Binary Authorization documentation .
