Integrate Google Artifact Registry to BoostSecurity

---

This document outlines the process to configure the BoostSecurity platform to integrate with Google Cloud Platform (GCP) Artifact Registry. This integration enables BoostSecurity to retrieve container image metadata, including labels and provenance, and associate these assets with their corresponding source code repositories.

---

Permissions

---

To establish the integration, a service account within the target GCP project must be granted the following permissions:

• artifactregistry.locations.list
• artifactregistry.repositories.list
• artifactregistry.dockerimages.list
• artifactregistry.repositories.downloadArtifacts

---

Integration Steps

---

Follow the steps below to integrate GAR to BoostSecurity:

1. Access the Google Cloud Provider Console and select Artifact Registry from the service menu.

   

2. Choose the target project and copy its Project ID.

   

3. The Artifact Registry dashboard is displayed in the desired project being used for the integration.

   

4. Next, navigate to Service Accounts in the Google Cloud Console.

   

5. Go to the Keys section and generate a new service account key.

6. Assign the required permissions to the service account by following these steps:

   1. Select the service account.
   2. Navigate to Permissions > Manage Access.
   3. Add a role and choose either a custom role or the built-in Artifact Registry Reader role.

   

7. Visit the Integrations page on BoostSecurity.

8. Locate the Google Artifact Registry and click Install.

   

9. Input the Project ID and the Service Account JSON file, and then click the Install button to finalize the integration.