Google Artifact Registry

Google Artifact Registry is enables you to centrally store artifacts and build dependencies as part of an integrated Google Cloud experience.

Usage of Google Artifact Registry in Delivery Shield

• Delivery Shield gets notified for every build run in a pipeline. To identify the image for every build, it connects to the Google Artifact Registry and pulls the newly built image.

• Once the image is pulled, it runs security scans on it. The scanned results are available in the Vulnerability Management page, and Artifact section of the DBOM page.

• Delivery Shield also collects metadata such as Artifact SHA to perform artifact integrity checks and ensure the security in the supply chain. This information gets populated in the DBOM page for audit purposes.

To Manage Google Artifact Registry:

1. Navigate to Config > Integrations.

2. In the Artifact panel, click Google Artifact Registry.

1. The integration page is displayed. Click +New Account.

2. In the popup appears, enter the following details:

1. Enter the Account Name, Service Account Key, Source details.

2. Select the Teams and the corresponding Environments from the dropdown for which you want the integration to be available. The integration will be available for the selected teams and environment only.

• An example is given below for reference:

• In the example above,

  • if Team 1, Team 2, and Team 3 are selected, only applications associated with these teams can access the integration. Any applications belonging to other teams, such as Team 4, will not have access to this account.

  • Even if the user who created this account is also an admin for Team 4, the integration account remains restricted and is not available for Team 4.

  • Access to the account is strictly limited to the specified Teams and Environments selected during account creation.

• For Organization Admins:

  • When an Organization Admin creates an account without selecting specific Teams and Environments, the account will be universally applicable, granting access to all teams and all environments by default.

• For Team Admins with Multiple Teams:

  • If a Team Admin who manages multiple teams creates an account without specifying particular Teams and Environments, the account will only be accessible to the teams for which the logged-in user holds admin privileges.

1. Click Save. The tool is connected.

2. You can edit the entered values by clicking the Edit option as shown below:

1. Enable or disable the Vulnerability Scan toggle button and click Update.

The new setting gets updated.