GCPcloud~30 mins

Container supply chain security in GCP - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Container supply chain security

📖 Scenario: You work for a company that deploys applications using containers on Google Cloud Platform (GCP). Your team wants to ensure the container images are secure and trusted before deployment.To do this, you will set up a simple container supply chain security configuration using Google Cloud Build and Binary Authorization.

🎯 Goal: Build a basic container supply chain security setup by creating a container image list, defining a trusted image pattern, applying a Binary Authorization policy, and enabling image signature verification.

📋 What You'll Learn

Create a list of container images with exact names and tags

Define a trusted image pattern variable for allowed images

Write a policy rule that allows only trusted images

Enable Binary Authorization enforcement on the GKE cluster

💡 Why This Matters

🌍 Real World

Container supply chain security helps prevent untrusted or vulnerable container images from running in production, protecting applications and data.

💼 Career

Cloud engineers and security specialists use these practices to secure container deployments and comply with organizational security policies.

Progress0 / 4 steps

Create a list of container images

Create a Python list called container_images with these exact strings: "gcr.io/my-project/app:v1.0", "gcr.io/my-project/app:v1.1", and "gcr.io/my-project/db:v2.0".

GCP

# Create the list container_images with the exact image strings
# Your code here

Need a hint?

Use square brackets [] to create a list and include the exact image strings inside quotes separated by commas.

Define a trusted image pattern

Create a string variable called trusted_image_pattern and set it to the exact value "gcr.io/my-project/app:*" to represent trusted app images.

GCP

container_images = ["gcr.io/my-project/app:v1.0", "gcr.io/my-project/app:v1.1", "gcr.io/my-project/db:v2.0"]
# Define trusted_image_pattern string variable
# Your code here

Need a hint?

Assign the exact string with quotes to the variable trusted_image_pattern.

Write a policy rule for trusted images

Create a Python dictionary called policy_rule with keys "name" set to "allow-trusted-images" and "allowed_images" set to a list containing the variable trusted_image_pattern.

GCP

container_images = ["gcr.io/my-project/app:v1.0", "gcr.io/my-project/app:v1.1", "gcr.io/my-project/db:v2.0"]
trusted_image_pattern = "gcr.io/my-project/app:*"
# Create policy_rule dictionary with name and allowed_images keys
# Your code here

Need a hint?

Use curly braces {} to create a dictionary and include the exact keys and values.

Enable Binary Authorization enforcement

Write a string variable called binary_authorization_enabled and set it to the exact value "true" to represent enabling Binary Authorization on the GKE cluster.

GCP

container_images = ["gcr.io/my-project/app:v1.0", "gcr.io/my-project/app:v1.1", "gcr.io/my-project/db:v2.0"]
trusted_image_pattern = "gcr.io/my-project/app:*"
policy_rule = {"name": "allow-trusted-images", "allowed_images": [trusted_image_pattern]}
# Enable Binary Authorization enforcement
# Your code here

Need a hint?

Assign the string "true" to the variable binary_authorization_enabled.