Member-only story
Google Cloud Binary Authorization
Binary Authorization is a service on Google Cloud that provides software supply-chain security for container-based applications.
It enables you to configure a policy that the service enforces when an attempt is made to deploy a container image on one of the supported container-based platforms.
Lifecycle
A deployment lifecycle for images can consist of the following stages, where completing one stage is a prerequisite for progression to the next one — for example:
- Build and unit testing
- Deployment into a development environment where users aren’t affected
- Deployment into a QA environment, where only internal users are affected
- Deployment into a canary environment, where only a fraction of external users are affected
- Deployment into production
Each stage can have its own deployment environment — for example, a GKE cluster or a Google Cloud project — and its own criteria that must be satisfied before an image can move onto the next stage.
Binary Authorization allows you to define the rules by which an image passes from one stage to another and it provides the means for enforcing those rules
