You can now see the Packer Community Edition version and plugin versions associated with each artifact in HCP Packer.
HCP Packer is a powerful tool for managing the lifecycle of image artifacts at scale across any cloud or on-premises environment. We are excited to announce the addition of Packer version and plugin version tracking, now available in HCP Packer and the latest version of Packer Community Edition (1.10.1+). With these additions, users can now quickly check the versions of Packer Community Edition or associated plugins used while creating a build artifact. This enhancement lays the foundation for a secure build pipeline and helps organizations ensure they are leveraging the latest Packer features.
As the security demands on the software supply chain grow, organizations increasingly recognize the governance of their base images and build artifacts as a pivotal concern. Without provenance and a clear lineage of where and how each artifact was built, organizations face heightened security threats from unverified software components. Organizations must ensure they employ only trusted artifacts, validated at each stage of their lifecycle, to maintain the integrity and security of their software supply chain. It can be difficult to verify an artifact's legitimacy and compliance without proper visibility into its creation pipeline.
HCP Packer plays a crucial role in the software supply chain by managing the resources at the foundation of infrastructure pipelines: image artifacts. Through proper image management, organizations can shift their security left and address risks earlier in the infrastructure deployment process. With the addition of Packer version and plugin version tracking, users can now see which version of Packer Community Edition or plugins were used for each of their artifacts, directly in the HashiCorp Cloud Platform (HCP). This enhancement marks another step towards complete artifact provenance by providing users with more visibility into the tools used to create an artifact and allowing them to use this information for troubleshooting and risk mitigation.
To learn more about HCP Packer, visit the HCP Packer introduction page on HashiCorp Developer.
Get started with HCP Packer for free to track and manage artifacts across all your cloud environments.
Do cloud right with The Infrastructure Cloud from HashiCorp. Unlock developer potential while controlling cloud costs and risk.
Webhooks for HCP Packer automatically notify external systems about image-related events.
To boost stability, Packer 1.11 introduces a predictable plugin loading approach, loading only binaries from its plugin directory with accompanying SHA256SUM files.