Artifact Registry is a single place to store, manage, and secure your build artifacts that’s fully integrated with Google Cloud’s tooling and runtimes, so you can integrate them with your CI/CD tooling and set up automated pipelines. And today, our remote repository and virtual repository features are now generally available, providing enhanced availability and control of your dependencies, optimizing build performance, and making it easier to manage and share artifacts across different teams.
Improved dependency management
Customers use a wide array of internal and external dependencies in their software supply chain today. Using remote and virtual repositories can help with the complexities of modern day dependency management across your organization:
Remote repositories can insulate your build processes from downtime of an external repository by providing local caching of artifacts. Artifact Registry supports access to a variety of popular external repositories including Docker Hub, Maven Central, Npmjs and PyPi.Local caching through remote repositories decreases build latency by allowing dependencies to be served from regions that are closest to development teams.Virtual repositories can help facilitate management and artifact distribution by allowing aggregation of internal and external repositories under a single URL. Developers no longer have to configure and keep track of a myriad of endpoints, and can focus on their core responsibilities such as writing code.
Improve security posture
Remote repositories can help you scan your external dependencies for security vulnerabilities through Google Cloud’s Artifact Analysis, allowing you to act to fix them before they can be exploited by attackers.
Virtual repositories provide control over the priority of your dependency resolution. For example, you can configure a virtual repository such that an internal repository is always checked before going upstream to a third-party source such as Maven Central. This control allows you to prevent the kinds of dependency confusion attacks that have wreaked havoc on many companies in the software industry.
A simplified experience
Remote and virtual repositories simplify accessing and managing repositories for developers by consolidating multiple repository URLs into a single endpoint. When using remote, standard, and virtual repositories, you can reduce the number of endpoints from three down to one, and improve these efficiencies even further by adding more repositories to the same virtual repository.
Using remote and virtual repositories is straightforward through the Artifact Registry UI.
Creating a remote repository
Creation of a virtual repository
For more information on remote and virtual repositories, follow the links below to get started:
Cloud BlogRead More