Best practice rules for GCP ArtifactRegistry
- Check for Publicly Accessible Artifact Registry Repositories
Ensure there are no publicly accessible Artifact Registry repositories available in your GCP account.
- Enable Artifact Registry Vulnerability Scanning
Ensure that vulnerability scanning for Artifact Registry repositories is enabled to enhance security and mitigate potential risks.
- Use Customer-Managed Encryption Keys for Repositories Encryption
Use Customer-Managed Encryption Keys (CMEKs) to protect Artifact Registry repositories and related data at rest.