Binary Authorization
E697181
Binary Authorization is a Google Cloud security service that enforces deploy-time image verification and policy controls to ensure only trusted container images are run in your environments.
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
Google Cloud security service
ⓘ
container image security service ⓘ |
| appliesTo | container images ⓘ |
| availableAs | managed Google Cloud service ⓘ |
| canRequire |
images to be signed by trusted authorities
ⓘ
images to come from specific registries ⓘ images to meet vulnerability scanning criteria ⓘ |
| controls | whether a container image is allowed to deploy ⓘ |
| developer | Google ⓘ |
| enforces |
image integrity requirements
ⓘ
image provenance requirements ⓘ organizational deployment policies ⓘ |
| hasComponent |
admission controller
ⓘ
attestors ⓘ policy ⓘ |
| hasPurpose |
enforce deploy-time image verification
ⓘ
enforce policy controls on container deployment ⓘ ensure only trusted container images are run ⓘ |
| integratesWith |
Artifact Registry
NERFINISHED
ⓘ
Cloud Build NERFINISHED ⓘ Cloud Deploy NERFINISHED ⓘ Container Registry NERFINISHED ⓘ GKE admission control ⓘ |
| mitigates |
risk of running untrusted container images
ⓘ
supply chain security risks ⓘ |
| partOf | Google Cloud Platform NERFINISHED ⓘ |
| policyLanguage | YAML-based policy configuration ⓘ |
| relatedTo |
Cloud Build attestations
ⓘ
Software supply chain frameworks such as SLSA ⓘ |
| requires | IAM permissions to manage policies ⓘ |
| securityDomain |
container security
ⓘ
runtime deployment control ⓘ |
| supportsEnvironment |
Anthos
NERFINISHED
ⓘ
Cloud Run NERFINISHED ⓘ GKE Autopilot NERFINISHED ⓘ GKE Standard NERFINISHED ⓘ Google Kubernetes Engine NERFINISHED ⓘ |
| supportsFeature |
break-glass deployment exemptions
ⓘ
dry-run policy evaluation ⓘ integration with Cloud Audit Logs ⓘ logging of policy decisions ⓘ per-cluster policy configuration ⓘ project-wide policy configuration ⓘ |
| supportsUseCase |
compliance enforcement for container deployments
ⓘ
policy-based deployment control ⓘ software supply chain security ⓘ |
| usesConcept |
attestation
ⓘ
policy evaluation ⓘ signing ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.