Container Registry is deprecated. Effective March 18, 2025, Container Registry is shut down and writing images to Container Registry is unavailable. For more information about the Container Registry deprecation and how to migrate to Artifact Registry, see Container Registry deprecation.
Securing deployments Stay organized with collections Save and categorize content based on your preferences.
Binary Authorization is a Google Cloud service that provides deploy-time enforcement of security policies for Google Kubernetes Engine (GKE) and Google Distributed Cloud. It supports container images in Container Registry, Artifact Registry and other container image registries.
At deploy time, Binary Authorization can use signatures called attestations to determine that a process was completed earlier. For example, you can use Binary Authorization to:
Verify that a container image was built by a specific build system or continuous integration (CI) pipeline.
Validate that a container image is compliant with vulnerability signing policy.
Verify that a container image passes criteria for promotion to the next deployment environment, such as development to QA.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-11-11 UTC."],[],[]]
