Using a centralized, private repository to host your internal code as a package not only enables code reuse, but also simplifies and secures your existing software delivery pipeline. By using the same formats and tools as you would in the open-source ecosystem, you can leverage the same advantages, simplify your build, and keep your business logic and applications secure.
Language repository formats, now generally available
As of today, support for language repositories in Artifact Registry is now generally available, allowing you to store all your language-specific artifacts in one place. Supported package types include:
- Java packages (using the Maven repository format)
- Node.js packages (using the npm repository format)
- Python packages (using the PyPI repository format)
OS repository formats in preview
Additionally, support for new repository formats for Linux distributions is in public preview, allowing developers to create private internal-only packages and securely use them across multiple applications deployed to Linux environments. New supported artifact formats include:
This is in addition to existing container images and Helm charts (using the Docker repository format).
Your own secure supply chain
Storing your packages in Artifact Registry not only enables code reuse, but also simplifies and secures your existing build pipeline. In addition to bringing your internal packages to a managed repository, using Artifact Registry also allows you to take additional steps to improve the security of your software delivery pipeline:
- Use Container Analysis to scan containers that use your private packages for vulnerabilities
- Include your repositories in a Virtual Private Cloud to control access
- Monitor repository usage with Cloud Audit Logs
- Use the binauthz-attestation builder with Cloud Build to create attestations that Binary Authorization verifies before allowing container deployment
- Use Cloud Identity and Access Management (IAM) for repository access control
With credential helpers to authenticate access for installers based on Cloud Identity and Access Management (IAM) permissions, using Artifact Registry to host your packages makes authentication to private repositories easy. By managing IAM groups, administrators can control access to repositories via the same tools used across Google Cloud.
Regional repositories lower cost and enable data compliance
Artifact Registry provides regional support, enabling you to manage and host artifacts in the regions where your deployments occur, reducing latency and cost. By implementing regional repositories, you can also comply with your local data sovereignty and security requirements.
Get started today
These repository formats are now generally available to all Artifact Registry customers. Pricing for language repositories is the same as container pricing; see the pricing documentation for details. To get started using language and OS repositories, try the quickstarts in the Artifact Registry documentation.
- Node.js Quickstart Guide
- Python Quickstart Guide
- Java Quickstart Guide
- Apt Quickstart Guide
- RPM Quickstart Guide
By: Dustin Ingram (Senior Developer Advocate)
Source: Google Cloud Blog