Feature

You can manually prewarm images in Artifact Registry to reduce the cold-start latency for deployments. This feature is only available using the API.

Feature

Artifact Registry is available in the asia-southeast3 region (Bangkok). For more information, see Global locations.

Feature

Artifact Registry now calculates fingerprints for each version of a package pushed to the Artifact Registry repository. You can use the fingerprint to validate that the package wasn't modified when moving between Google Cloud systems, such as Compute Engine and Cloud Build. This feature is in public preview. For more information, see Use fingerprints to verify package version identities.

Feature

You can now use ExportArtifact() to export an artifact to a Cloud Storage bucket.

Feature

Artifact Registry support for managing Ruby gems with Artifact Registry repositories is in Preview. For more information, see the following topics:

• Get started with Ruby gems
• Store Ruby gems in Artifact Registry (Quickstart)

Feature

Layer-based scanning for Artifact Analysis is in Preview. You can view vulnerability metadata for a specific layer of your image digest in the Google Cloud Console and in the GCloud CLI. For more information, see the following topics:

Google Cloud Console:

• View layer metadata for Go images
• View layer metadata for Java images
• View layer metadata for Node.js images
• View layer metadata for Python images

GCloud CLI

• View layer metadata for Go images
• View layer metadata for Java images
• View layer metadata for Node.js images
• View layer metadata for Python images

Change

The Container Analysis API now supports the option of returning partial results during region-down failure conditions when listing notes, listing occurrences, or generating vulnerability summaries. For more information, view the returnPartialSuccess parameter for the following requests:

• v1.projects.locations.notes.list
• v1.projects.locations.occurrences.getVulnerabilitySummary
• v1.projects.locations.occurrences.list
• v1.projects.notes.list
• v1.projects.occurrences.getVulnerabilitySummary
• v1.projects.occurrences.list
• v1beta1.projects.locations.notes.list
• v1beta1.projects.locations.occurrences.getVulnerabilitySummary
• v1beta1.projects.locations.occurrences.list
• v1beta1.projects.notes.list
• v1beta1.projects.occurrences.getVulnerabilitySummary
• v1beta1.projects.occurrences.list

Announcement

Artifact Registry generic repositories are now generally available.

Generic repositories store versioned, immutable artifacts that don't have to adhere to any specific package format in Artifact Registry. You can store and manage arbitrary files such as archives, binaries, and media files with no package specifications or management clients.

To get started with generic repositories, see the quickstart.

Feature

Artifact Registry attachments are available in Preview for all repository formats. Attachments are artifacts that store metadata about a related artifact stored in Artifact Registry. To get started with attachments, see Store artifact metadata in attachments.

Feature

Gemini Cloud Assist for Artifact Registry is in Preview. You can learn about your container images with Gemini assistance.

To learn more, read the Gemini Cloud Assist overview.

Feature

Security Command Center ingests Artifact Analysis scanning findings from images scanned in Artifact Registry and deployed to supported runtimes.

In Security Command Center, you can view container image vulnerabilities within your running workloads across all projects alongside your other security risks in. You can also export these findings to BigQuery for in-depth analysis and long-term storage. This feature is in Preview. For more information, see vulnerability assessment.

Feature

Artifact Registry remote repositories and virtual repositories for Go are now Generally Available. To learn more about Go format repositories, read Work with Go modules.

Feature

Artifact Registry is available in the europe-north2 region (Stockholm). For more information, see Global locations.

Feature

Artifact Registry is now enabled for use with Cloud KMS Autokey.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.

For more information, see Enabling customer-managed encryption keys. To learn more about Cloud KMS Autokey, see Autokey overview.

Issue

Artifact Registry might give a 400 error on pushes or pulls for Workforce Identity Federation users. This issue is caused by Workforce Identity Federation attribute mappings in the Artifact Registry URL causing problems on the backend.

To mitigate this issue, you can push or pull from Artifact Registry without attribute mappings, or reduce the length of your attribute mappings.

Feature

Artifact Registry is available in the northamerica-south1 region (Querétaro, Mexico, North America). For more information, see Global locations.

Feature

Artifact Registry now provides the option to enable or disable vulnerability scanning on individual repositories. By giving you more granular control over the number of images scanned, this feature can help you manage scanning costs and reduce noise in vulnerability scanning results.

This feature is Generally Available.

For more information, see Enable or disable automatic scanning.

Feature

The Container Registry -> Artifact Registry Migration Admin role simplifies the IAM roles required for the transition from Container Registry to Artifact Registry. For instructions on how to use the role, see Automatically migrate from Container Registry to Artifact Registry.

Feature

Artifact Analysis now supports manual scans for vulnerabilities in the following types of packages:

• AlmaLinux OS
• Chainguard
• .NET
• Google Distroless
• NPM
• PHP
• Python
• Ruby
• Rust
• Red Hat Universal Base Image (UBI)
• Rocky Linux
• SUSE Linux Enterprise Server (SLES)
• Wolfi

You can use the On-Demand Scanning API to manually scan container images locally on your computer or in your registry. Artifact Analysis scans for vulnerabilities in these new packages types, in addition to already supported package types.

These capabilities are Generally Available (GA).

For more information, see Container scanning overview.

Feature

Artifact Analysis now supports scanning for vulnerabilities in the following types of operating systems:

• AlmaLinux OS
• Chainguard
• Google Distroless
• Red Hat Universal Base Image (UBI)
• Rocky Linux
• SUSE Linux Enterprise Server (SLES)
• Wolfi

If the Container Scanning API is enabled, it scans container images pushed to Artifact Registry addressing these new operating systems, in addition to already supported operating system and language package vulnerabilities.

These capabilities are Generally Available.

For more information, see Container scanning overview, or enable Container Scanning API.

Feature

Artifact Registry remote repositories support setting standard Artifact Registry repositories as upstreams for supported formats.

To learn more about how remote repositories work, read the Remote repository overview.

Feature

Organization policy constraints for Artifact Registry is available in General Availability.

For more information, see Use custom organization policies.

Feature

Artifact Registry artifact download rules are in Preview.

Download rules let you restrict downloads at the repository and package level. To learn more, see Restrict artifact downloads. To configure download rules, follow the instructions in Restrict artifact downloads with download rules.

Feature

Artifact Registry support for OCI specifications v1.1 is generally available in Docker format repositories.

You can upload containerized metadata about another container image to Artifact Registry as an attachment. To learn more, see Manage container metadata.

Feature

Artifact Analysis is gradually rolling out regionalized data storage and endpoints to help support compliance with data residency requirements. The Container Analysis API stores metadata in the same region or multi-region as the Artifact Registry repository where your image is scanned.

For more information, see Metadata storage locations.

Feature

Artifact Registry records metrics and logs for your projects. To explore the available Artifact Registry metrics and logs, view your project in the Metrics Explorer or the Logs Explorer.

For more information about metrics and logs, read Observability in Google Cloud.

Change

Updates to the Artifact Registry API are as follows:

• Add or update file annotations with UpdateFile().
• Add or update package version annotations with UpdateVersion().
• Filter by annotation or name with ListFiles(), ListPackages(), and ListVersions().
• Filter by name with ListTags(), ListRepositories() and ListDockerImages().
• Order by name, createTime, or updateTime for ListFiles(), ListVersions(), ListRepositories(), and ListPackages().

Change

The following Artifact Registry Cloud Audit Log method names have changed:

• Docker-EmptyTarBlob is renamed Docker-ServeBlob
• Docker-GetEmptyTags is renamed Docker-GetTags
• Docker-HeadEmptyTarBlob is renamed Docker-HeadBlob
• Kfp-UploadPackage-Redirect is renamed Kfp-UploadPackage
• Apt-ViewRemoteIndexFile is renamed to indicate the type of file requested:
  • Apt-ViewIndexFile: when a repository metadata file is requested
  • Apt-Contents: when the Contents index file for a specific repository component and architecture type is requested
  • Apt-ViewArchIndexFile: when the Packages index file for a specific repository component and architecture type is requested
• Apt-ViewRemotePackageFile is renamed Apt-ViewPackageFile
• Yum-ViewUpstreamFile is renamed to indicate the type of file requested:
  • Yum-ViewIndexKey: when the public key for signing Yum packages is requested
  • Yum-ViewIndexFile: when one of a repository's index files is requested
  • Yum-ViewPackageFile: when a Yum package file is requested

For more information on Artifact Registry logs, see Audit Logging.

Feature

Cleanup policies for Artifact Registry are Generally Available (GA).

Cleanup policies help you manage artifacts by automatically deleting artifacts that you no longer need, while keeping artifacts that you want to store.

Deletions requested by Cleanup policies count against Artifact Registry delete request quota and limits.

Feature

Artifact Registry generic repositories are available in Preview.

Generic repositories store versioned, immutable artifacts that don't have to adhere to any specific package format in Artifact Registry. You can store and manage arbitrary files such as archives, binaries, and media files with no package specifications or management clients.

To get started with generic repositories, see the quickstart.

Feature

Artifact Registry download file feature is Generally Available (GA) for standard repositories and remote repositories.

The download file feature allows users to download individual files without configuring authentication for format-specific tooling. For more information, see Download files.

Feature

The immutable tags setting is generally available for Docker repositories. When tags are immutable, you can't change the image digest that a tag references in the repository. You can configure this setting when you create a repository or change the setting on an existing repository.

Feature

Artifact Analysis automatic scanning for Ruby, Rust, .NET and PHP vulnerabilities in container images is now generally available. If the Container Scanning API is enabled, it scans container images pushed to Artifact Registry for Ruby, Rust, .NET and PHP vulnerabilities, in addition to already supported operating system and language package vulnerabilities.

Artifact Analysis returns Ruby, Rust, .NET and PHP vulnerability results for images that have a supported or unsupported operating system. When you push new versions of images to the registry, you might see more successful vulnerability scans against images without a supported operating system.

For more information, see Container scanning overview.