Google Artifact Registry

Google Artifact Registry is enables you to centrally store artifacts and build dependencies as part of an integrated Google Cloud experience.

Usage of Google Artifact Registry in SSD

  • SSD gets notified for every build run in a pipeline. To identify the image for every build, it connects to the Google Artifact Registry and pulls the newly built image.

  • Once the image is pulled, it runs security scans on it. The scanned results are available in the Vulnerability Management page, and Artifact section of the DBOM page.

  • SSD also collects metadata such as Artifact SHA to perform artifact integrity checks and ensure the security in the supply chain. This information gets populated in the DBOM page for audit purposes.

Google Artifact Registry is integrated as part of SSD. You need to just enable or disable it when required.

To Manage Google Artifact Registry:

  1. Navigate to Config > Integrations.

  2. In the Artifact panel, click Google Artifact Registry.

  1. The integration page is displayed.

  2. Enter the service account key to connect to the registry.

  1. Click Save. The tool is connected.

  2. You can edit the entered values by clicking the Edit option as shown below:

  1. Enable or disable the Vulnerability Scan toggle button and click Update.

The new setting gets updated.

Last updated