As a developer, you need a secure place to store all your stuff: container images of course, but also language packages that can enable code reuse across multiple applications. Today, we’re pleased to announce support for Node.js, Python and Java repositories for Artifact Registry in Preview. With today’s announcement, you can not only use Artifact Registry to secure and distribute container images, but also manage and secure your other software artifacts.Â
At the same time, the Artifact Registry managed service provides advantages over on-premises registries. As a fully serverless platform, it scales based on demand, so you only pay for what you actually use. Enterprise security features such as VPC-SC, CMEK, and granular IAM ensure you get greater control and security features for both container and non-container artifacts. You can also connect to tools you are already using as a part of a CI/CD workflow.Â
Let’s take a closer look at the features you’ll find in Artifact Registry, giving you a fully-managed tool to store, manage, and secure all your artifacts.Â
Expanded repository formats
With support for new repository formats, you can streamline and get a consistent view across all your artifacts. Now, supported artifacts include:
Java packages (using the Maven repository format)
Node.js packages (using the npm repository format)
Python packages (using the PyPI repository format)
In addition to existing container images and Helm charts (using the Docker repository format).Â
Easy integration with you CI/CD toolchain
You can also integrate Artifact Registry, including the new repository formats, with Google Cloud’s build and runtime services or your existing build system. The following are just some of the use cases that are made possible by this integration:
Deployment to Google Kubernetes Engine (GKE), Cloud Run, Compute Engine and other runtime servicesÂ
CI/CD with Cloud Build, with automatic vulnerability scanning for OCI imagesÂ
Compatibility with Jenkins, Circle CI, TeamCity and other CI toolsÂ
Native support for Binary Authorization to ensure only approved artifact images are deployed
Storage and management of artifacts in a variety of formats
Streamlined authentication and access control across repositories using Google Cloud IAM
A more secure software supply chain
Storing trusted artifacts in private repositories is a key part of a secure software supply chain and helps mitigate the risks associated with using artifacts directly from public repositories. With Artifact Registry, you can:
Scan container images for vulnerabilities
Protect repositories via a security perimeter (VPC-SC support)
Configure access control at the repository level using Cloud IAM
Use customer managed encryption keys (CMEK) instead of the default Google-managed encryption
Use Cloud Audit Logging to track and review repository usage
Optimize your infrastructure and maintain data compliance
Artifact Registry provides regional support, enabling you to manage and host artifacts in the regions where your deployments occur, reducing latency and cost. By implementing regional repositories, you can also comply with your local data sovereignty and security requirements.
Get started today
These new features are available to all Artifact Registry customers. Pricing for language packages is the same as container pricing; see the pricing documentation for details.To get started using Node.js, Python and Java repositories, try the quickstarts in the Artifact Registry documentation.
Node.js Quickstart Guide
Python Quickstart Guide
Java Quickstart Guide
Cloud BlogRead More
