You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current deployment process (including 2.7.0) still relies on Google Cloud Functions which upload zipped Jar files which are then built into containers. Our security reviews have identified that using Google Cloud Run is preferred as we can verifiably build containers for all software artefacts internally and use GCP's binary authorization features (aka BCID internally) to have stricter guarantees about what is run in our production environment.
Additionally, the JAR upload step slightly increases the deployment process (the need for managing GCS buckets and using internally inherited Google cloud build functionality) which could be simplified by simply releasing the cloud functions as containers. This is relevant for us since we have a strict separation between our build and deploy systems which isn't really the case with https://github.com/privacysandbox/aggregation-service/blob/main/docs/gcp-aggregation-service.md which builds and deploys, somewhat breaking some of our security recommendations.
Can you please migrate the use of Google CLoud Functions to Google Cloud Run directly so that we can address the points above?
Thanks
The text was updated successfully, but these errors were encountered:
The current deployment process (including 2.7.0) still relies on Google Cloud Functions which upload zipped Jar files which are then built into containers. Our security reviews have identified that using Google Cloud Run is preferred as we can verifiably build containers for all software artefacts internally and use GCP's binary authorization features (aka BCID internally) to have stricter guarantees about what is run in our production environment.
Additionally, the JAR upload step slightly increases the deployment process (the need for managing GCS buckets and using internally inherited Google cloud build functionality) which could be simplified by simply releasing the cloud functions as containers. This is relevant for us since we have a strict separation between our build and deploy systems which isn't really the case with https://github.com/privacysandbox/aggregation-service/blob/main/docs/gcp-aggregation-service.md which builds and deploys, somewhat breaking some of our security recommendations.
Can you please migrate the use of Google CLoud Functions to Google Cloud Run directly so that we can address the points above?
Thanks
The text was updated successfully, but these errors were encountered: