Binary Authorization
GCPSecurityFree tier availableDeploy-time policy enforcement for GKE, Cloud Run, and Anthos that requires containers to be signed by trusted attestors before they can run, with break-glass bypass, continuous validation at runtime, and Cloud Build integration for automated attestation signing
FluffyStack toolsAttributes
- Supply Chain Security
- Yes
Sub-services (3)
Policies
Per-cluster or per-project rules defining required attestors and exemptions
Attestors
Named signing authorities used to authorise container images for deployment
Continuous Validation
Runtime re-evaluation of running pods against current policy
Compliance & Certifications
This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.
GDPRSOC 2ISO 27001HIPAAPCI DSSFedRAMP
Where this runs
44 regions
28 countries
2sovereign
Sovereign regions (2)
- T-Systems Sovereign Cloud · FrankfurtT-Systems Sovereign Cloud powered by Google Cloud
- S3NS Sovereign Cloud · ParisS3NS — Google Cloud + Thales joint venture
Commercial regions (42)
Europe (13)
- Belgium
- Finland
- Paris
- Berlin
- Frankfurt
- Milan
- Turin
- Netherlands
- Warsaw
- Madrid
- Stockholm
- Zurich
- London
North America (12)
- Montréal
- Toronto
- Querétaro
- Northern Virginia
- Columbus
- Iowa
- Dallas
- Las Vegas
- Los Angeles
- South Carolina
- Salt Lake City
- Oregon
South America (2)
- São Paulo
- Santiago
Asia (9)
- Hong Kong
- Delhi
- Mumbai
- Jakarta
- Osaka
- Tokyo
- Singapore
- Seoul
- Taiwan
Oceania (2)
- Melbourne
- Sydney
Middle East (3)
- Tel Aviv
- Doha
- Dammam
Africa (1)
- Johannesburg
Tags
Equivalent services on other platforms
Pricing
Pricing model:pay-as-you-go