Create multiple regional repositories within a single Google Cloud
project. Group images by team or development stage and control access at the
repository level.
Artifact Registry integrates with Cloud Build and other continuous
delivery and continuous integration systems to store packages from your builds.
You can also store trusted dependencies that you use for builds and deployments.
Dependency management
Protecting your software supply chain goes beyond using specific tools.
The processes and practices you use to develop, build, and run your software
also impact the integrity of your software. To learn more about best practices
for dependencies, see
Dependency management
Software supply chain security
Google Cloud provides a comprehensive and modular set of capabilities
and tools that your developers, DevOps, and security teams can use to improve
the security posture of your software supply chain.
Artifact Registry provides:
Remote repositories to cache dependencies from upstream public sources so that
you have greater control over them and can scan them for vulnerabilities,
build provenance, and other dependency information.
Virtual repositories to group remote and private repositories behind a single
endpoint. Set a priority on each repository to control search order when
downloading or installing an artifact.
You can view security insights about your security posture, build artifacts,
and dependencies in Google Cloud console dashboards within Cloud Build,
Cloud Run, and GKE.
Artifact Registry and Container Registry
Artifact Registry expands on the capabilities of Container Registry and
is the recommended container registry for Google Cloud. If you currently use
Container Registry, learn about
transitioning from Container Registry to take advantage of
new and improved features.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eArtifact Registry offers a centralized solution for storing and managing packages and Docker container images, integrating seamlessly with Google Cloud's CI/CD services and other tools.\u003c/p\u003e\n"],["\u003cp\u003eIt enhances software supply chain security by allowing users to manage container metadata, scan for vulnerabilities with Artifact Analysis, and protect repositories within a VPC Service Controls security perimeter.\u003c/p\u003e\n"],["\u003cp\u003eArtifact Registry provides remote repositories for caching dependencies from public sources and virtual repositories to group remote and private repositories, enabling greater control and prioritization.\u003c/p\u003e\n"],["\u003cp\u003eArtifact Registry is the recommended container registry for Google Cloud, offering expanded capabilities compared to Container Registry, and the ability to transition between them.\u003c/p\u003e\n"],["\u003cp\u003eArtifact Registry integrates with Cloud Build and other CI/CD systems to store build packages, as well as trusted dependencies for builds and deployments.\u003c/p\u003e\n"]]],[],null,["# Artifact Registry overview\n\nArtifact Registry lets you centrally store artifacts and build\ndependencies as part of an integrated Google Cloud experience.\n\nIntroduction\n------------\n\nArtifact Registry provides a single location for storing and managing\nyour packages and Docker container images. You can:\n\n- Integrate Artifact Registry with Google Cloud [CI/CD services](https://cloud.google.com/blog/topics/developers-practitioners/devops-and-cicd-google-cloud-explained) or your existing CI/CD tools.\n - Store artifacts from [Cloud Build](/build/docs).\n - Deploy artifacts to Google Cloud runtimes, including [Google Kubernetes Engine](/kubernetes-engine/docs), [Cloud Run](/run/docs), [Compute Engine](/compute/docs), and [App Engine flexible environment](/appengine/docs/flexible).\n - Identity and Access Management provides consistent credentials and access control.\n- Protect your software supply chain.\n - Manage container metadata and scan for container vulnerabilities with [Artifact Analysis](/artifact-analysis/docs).\n- Protect repositories in a [VPC Service Controls](/vpc-service-controls/docs/overview) security perimeter.\n- Create multiple regional repositories within a single Google Cloud project. Group images by team or development stage and control access at the repository level.\n\nArtifact Registry integrates with Cloud Build and other continuous delivery and continuous integration systems to store packages from your builds. You can also store trusted dependencies that you use for builds and deployments.\n\nDependency management\n---------------------\n\nProtecting your software supply chain goes beyond using specific tools.\nThe processes and practices you use to develop, build, and run your software\nalso impact the integrity of your software. To learn more about best practices\nfor dependencies, see\n[Dependency management](/software-supply-chain-security/docs/dependencies)\n\nSoftware supply chain security\n------------------------------\n\nGoogle Cloud provides a comprehensive and modular set of capabilities\nand tools that your developers, DevOps, and security teams can use to improve\nthe security posture of your software supply chain.\n\nArtifact Registry provides:\n\n- Remote repositories to cache dependencies from upstream public sources so that you have greater control over them and can scan them for vulnerabilities, build provenance, and other dependency information.\n- Virtual repositories to group remote and private repositories behind a single endpoint. Set a priority on each repository to control search order when downloading or installing an artifact.\n\nYou can view security insights about your security posture, build artifacts,\nand dependencies in Google Cloud console dashboards within Cloud Build,\nCloud Run, and GKE.\n\nArtifact Registry and Container Registry\n----------------------------------------\n\nArtifact Registry expands on the capabilities of Container Registry and\nis the recommended container registry for Google Cloud. If you currently use\nContainer Registry, learn about\n[transitioning from Container Registry](/artifact-registry/docs/transition-from-gcr) to take advantage of\nnew and improved features.\n\n\nWhat's next\n-----------\n\n- [Docker quickstart](/artifact-registry/docs/docker/quickstart)\n- [Go quickstart](/artifact-registry/docs/go/store-go)\n- [Helm quickstart](/artifact-registry/docs/helm/store-helm-charts)\n- [Java quickstart](/artifact-registry/docs/java/quickstart)\n- [Node.js quickstart](/artifact-registry/docs/nodejs/quickstart)\n- [Python quickstart](/artifact-registry/docs/python/quickstart)"]]
