# GCR

Google Container Registry (GCR) is a fully-managed, secure container image storage and management service provided by Google Cloud. It allows developers and teams to store, manage, and deploy Docker container images.

### Usage of GCR in Delivery Shield:

* Delivery Shield gets notified for every build run in a pipeline. To identify the image for every build, it connects to the GCR repo and pulls the newly built image.
* Once the image is pulled, it runs security scans on it. The scanned results are available in the[ Vulnerability Management](https://docs.opsmx.com/opsmx-secure-software-delivery-ssd-platform/user-guide/vulnerability-management) page, and Artifact section of the [DBOM](https://docs.opsmx.com/opsmx-delivery-shield-platform/user-guide/view-security-posture/application-security-posture/dbom) page.

### To Integrate GCR:

1. Navigate to **Setup** > **Integrations**.
2. Click the Artifact tab. In the artifacts that appear, click GCR.

<figure><img src="https://2047464521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MBEa1hoX6SqpDj-ymNs%2Fuploads%2FdEgogdZL8hv5ACNvCfbw%2Fgcr%201.png?alt=media&#x26;token=7981351f-5b94-48d9-b2d1-9c1610fe1eb0" alt=""><figcaption></figcaption></figure>

The GCR integration page is displayed. Click **+New Account**.

3. In the popup that appears, enter the details for the following&#x20;

<figure><img src="https://2047464521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MBEa1hoX6SqpDj-ymNs%2Fuploads%2FnA5PjRVD4Al8Q7a2Nygj%2Fgcr%202.png?alt=media&#x26;token=00545692-f88c-4b4d-aa54-adfb07eea511" alt=""><figcaption></figcaption></figure>

* **Account Name** - The name of the user account.
* **Approved Artifact Repo -** Enter the name of the approved artifact repository from which the images are deployed.  Security issues are raised by SSD if you try to deploy images from a different repository.&#x20;
* **Host Url -** Enter the Host Url for the given account.
* **Region** - Enter the location of the account.&#x20;
* Select the **Teams** and the corresponding **Environments** from the dropdown for which you want the integration to be available. The integration will be available for the selected teams and environment only.&#x20;

  <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>You can select up to 5 teams for the integration to be displayed. </p></div>

  * An example is given below for reference:

  <figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXeuMZQzZsZQuulVdW9B9OuffNPoEXqbcpcAkYtKVyb7YiTQxbVIt1L4Gh-zshqX2J9MFKIat8x4oWFIGxdg3j1XVagyUNhUAlD_52soyMyd1cy53p6XiYi0LsTjIBfHcybRWl61?key=D9EXoOdGF7oYOBvYaW2GnRWJ" alt=""><figcaption></figcaption></figure>

  * In the example above,&#x20;
    * if **Team 1**, **Team 2**, and **Team 3** are selected, only applications associated with these teams can access the integration. Any applications belonging to other teams, such as **Team 4**, will not have access to this account.
    * Even if the user who created this account is also an admin for **Team 4**, the integration account remains restricted and is not available for **Team 4**.&#x20;
    * Access to the account is strictly limited to the specified **Teams** and **Environments** selected during account creation.
  * **For Organization Admins:**
    * When an **Organization Admin** creates an account without selecting specific **Teams** and **Environments**, the account will be universally applicable, granting access to **all teams** and **all environments** by default.
  * **For Team Admins with Multiple Teams:**
    * If a **Team Admin** who manages multiple teams creates an account without specifying particular **Teams** and **Environments**, the account will only be accessible to the teams for which the logged-in user holds admin privileges.

3. Click **Test** to check if the entered values are valid. If the given values are valid, a popup appears at the top as shown below indicating it.&#x20;
4. Once validated, click **Save**. The GCR account gets integrated in the artifact stage.
5. To edit the entered values, click on the three dots provided in the **Actions** column. In the dropdown select **Edit**.
6. Re-enter the new values and click Update.

The new values get updated.

<br>