Search the Community

As a developer, you need a secure place to store all your stuff: container images of course, but also language packages that can enable code reuse across multiple applications. Today, we’re pleased to announce support for Node.js, Python and Java repositories for Artifact Registry in Preview. With today’s announcement, you can not only use Artifact Registry to secure and distribute container images, but also manage and secure your other software artifacts. At the same time, the Artifact Registry managed service provides advantages over on-premises registries. As a fully serverless platform, it scales based on demand, so you only pay for what you actually use. Enterprise security features such as VPC-SC, CMEK, and granular IAM ensure you get greater control and security features for both container and non-container artifacts. You can also connect to tools you are already using as a part of a CI/CD workflow. Let’s take a closer look at the features you’ll find in Artifact Registry, giving you a fully-managed tool to store, manage, and secure all your artifacts. Expanded repository formats With support for new repository formats, you can streamline and get a consistent view across all your artifacts. Now, supported artifacts include: Java packages (using the Maven repository format) Node.js packages (using the npm repository format) Python packages (using the PyPI repository format) In addition to existing container images and Helm charts (using the Docker repository format). Easy integration with you CI/CD toolchain You can also integrate Artifact Registry, including the new repository formats, with Google Cloud’s build and runtime services or your existing build system. The following are just some of the use cases that are made possible by this integration: Deployment to Google Kubernetes Engine (GKE), Cloud Run, Compute Engine and other runtime services CI/CD with Cloud Build, with automatic vulnerability scanning for OCI images Compatibility with Jenkins, Circle CI, TeamCity and other CI tools Native support for Binary Authorization to ensure only approved artifact images are deployed Storage and management of artifacts in a variety of formats Streamlined authentication and access control across repositories using Google Cloud IAM A more secure software supply chain Storing trusted artifacts in private repositories is a key part of a secure software supply chain and helps mitigate the risks associated with using artifacts directly from public repositories. With Artifact Registry, you can: Scan container images for vulnerabilities Protect repositories via a security perimeter (VPC-SC support) Configure access control at the repository level using Cloud IAM Use customer managed encryption keys (CMEK) instead of the default Google-managed encryption Use Cloud Audit Logging to track and review repository usage Optimize your infrastructure and maintain data compliance Artifact Registry provides regional support, enabling you to manage and host artifacts in the regions where your deployments occur, reducing latency and cost. By implementing regional repositories, you can also comply with your local data sovereignty and security requirements. Get started today These new features are available to all Artifact Registry customers. Pricing for language packages is the same as container pricing; see the pricing documentation for details.To get started using Node.js, Python and Java repositories, try the quickstarts in the Artifact Registry documentation. Node.js Quickstart Guide Python Quickstart Guide Java Quickstart Guide Video Overview: using Maven in Artifact Registry Related Article How we’re helping to reshape the software supply chain ecosystem securely We’re sharing some of the security best practices we employ and investments we make in secure software development and supply chain risk ... Read Article