Binary Authorization
E697181
Binary Authorization is a Google Cloud security service that enforces deploy-time image verification and policy controls to ensure only trusted container images are run in your environments.
All labels observed (1)
| Label | Occurrences |
|---|---|
| Binary Authorization canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T7933128 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: Binary Authorization Context triple: [Artifact Registry, integratesWith, Binary Authorization]
-
A.
kernel authorization framework (kauth)
The kernel authorization framework (kauth) is NetBSD’s modular in-kernel security subsystem that centralizes and manages authorization decisions for various system operations.
-
B.
RASP
RASP is an intensive U.S. Army selection and training course designed to identify and prepare soldiers for service in the 75th Ranger Regiment.
-
C.
CB-Full Certification Scheme
The CB-Full Certification Scheme is an international conformity assessment program under the IECEE that enables comprehensive testing and certification of electrical and electronic products for global market access.
-
D.
AppArmor
AppArmor is a Linux kernel security module that confines programs to a limited set of resources using per-application security profiles to reduce the impact of vulnerabilities and attacks.
-
E.
NIST SP 800-122
NIST SP 800-122 is a NIST cybersecurity guidance document that provides recommendations for protecting the confidentiality of personally identifiable information (PII).
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: Binary Authorization Target entity description: Binary Authorization is a Google Cloud security service that enforces deploy-time image verification and policy controls to ensure only trusted container images are run in your environments.
-
A.
kernel authorization framework (kauth)
The kernel authorization framework (kauth) is NetBSD’s modular in-kernel security subsystem that centralizes and manages authorization decisions for various system operations.
-
B.
RASP
RASP is an intensive U.S. Army selection and training course designed to identify and prepare soldiers for service in the 75th Ranger Regiment.
-
C.
CB-Full Certification Scheme
The CB-Full Certification Scheme is an international conformity assessment program under the IECEE that enables comprehensive testing and certification of electrical and electronic products for global market access.
-
D.
AppArmor
AppArmor is a Linux kernel security module that confines programs to a limited set of resources using per-application security profiles to reduce the impact of vulnerabilities and attacks.
-
E.
NIST SP 800-122
NIST SP 800-122 is a NIST cybersecurity guidance document that provides recommendations for protecting the confidentiality of personally identifiable information (PII).
- F. None of above. chosen
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
Google Cloud security service
ⓘ
container image security service ⓘ |
| appliesTo | container images ⓘ |
| availableAs | managed Google Cloud service ⓘ |
| canRequire |
images to be signed by trusted authorities
ⓘ
images to come from specific registries ⓘ images to meet vulnerability scanning criteria ⓘ |
| controls | whether a container image is allowed to deploy ⓘ |
| developer | Google ⓘ |
| enforces |
image integrity requirements
ⓘ
image provenance requirements ⓘ organizational deployment policies ⓘ |
| hasComponent |
admission controller
ⓘ
attestors ⓘ policy ⓘ |
| hasPurpose |
enforce deploy-time image verification
ⓘ
enforce policy controls on container deployment ⓘ ensure only trusted container images are run ⓘ |
| integratesWith |
Artifact Registry
NERFINISHED
ⓘ
Cloud Build NERFINISHED ⓘ Cloud Deploy NERFINISHED ⓘ Container Registry NERFINISHED ⓘ GKE admission control ⓘ |
| mitigates |
risk of running untrusted container images
ⓘ
supply chain security risks ⓘ |
| partOf | Google Cloud Platform NERFINISHED ⓘ |
| policyLanguage | YAML-based policy configuration ⓘ |
| relatedTo |
Cloud Build attestations
ⓘ
Software supply chain frameworks such as SLSA ⓘ |
| requires | IAM permissions to manage policies ⓘ |
| securityDomain |
container security
ⓘ
runtime deployment control ⓘ |
| supportsEnvironment |
Anthos
NERFINISHED
ⓘ
Cloud Run NERFINISHED ⓘ GKE Autopilot NERFINISHED ⓘ GKE Standard NERFINISHED ⓘ Google Kubernetes Engine NERFINISHED ⓘ |
| supportsFeature |
break-glass deployment exemptions
ⓘ
dry-run policy evaluation ⓘ integration with Cloud Audit Logs ⓘ logging of policy decisions ⓘ per-cluster policy configuration ⓘ project-wide policy configuration ⓘ |
| supportsUseCase |
compliance enforcement for container deployments
ⓘ
policy-based deployment control ⓘ software supply chain security ⓘ |
| usesConcept |
attestation
ⓘ
policy evaluation ⓘ signing ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: Binary Authorization Description of subject: Binary Authorization is a Google Cloud security service that enforces deploy-time image verification and policy controls to ensure only trusted container images are run in your environments.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.