Understanding Binary Authorization concepts
Binary Authorization is a part of the secure software supply chain. The service ensures that only authorized container images are executed on container-based runtimes such as Google Kubernetes Engine (GKE), GKE Enterprise, and Cloud Run. Based on the Kritis specification, which is part of the Grafeas open source project, the service uses policies that are enforced when someone deploys a container onto a runtime.
Containers can come from many places, such as public DockerHub. When using containers from public repositories, it’s possible to introduce malware or unknown elements. A secure software supply chain should validate that it knows the source of containers running in their environments. Enterprises should use Binary Authorization on Google Cloud for several compelling reasons to enhance their software supply chain security:
- Enforce trust and verification:
- Control over deployments: Binary Authorization acts as a gatekeeper...