HCP Packer improves metadata visibility for artifact creation

You can now see the Packer Community Edition version and plugin versions associated with each artifact in HCP Packer.

Apr 23 2024Mitchell Ross

HCP Packer is a powerful tool for managing the lifecycle of image artifacts at scale across any cloud or on-premises environment. We are excited to announce the addition of Packer version and plugin version tracking, now available in HCP Packer and the latest version of Packer Community Edition (1.10.1+). With these additions, users can now quickly check the versions of Packer Community Edition or associated plugins used while creating a build artifact. This enhancement lays the foundation for a secure build pipeline and helps organizations ensure they are leveraging the latest Packer features.

»Artifact governance challenges

As the security demands on the software supply chain grow, organizations increasingly recognize the governance of their base images and build artifacts as a pivotal concern. Without provenance and a clear lineage of where and how each artifact was built, organizations face heightened security threats from unverified software components. Organizations must ensure they employ only trusted artifacts, validated at each stage of their lifecycle, to maintain the integrity and security of their software supply chain. It can be difficult to verify an artifact's legitimacy and compliance without proper visibility into its creation pipeline.

»Improving build visibility

HCP Packer plays a crucial role in the software supply chain by managing the resources at the foundation of infrastructure pipelines: image artifacts. Through proper image management, organizations can shift their security left and address risks earlier in the infrastructure deployment process. With the addition of Packer version and plugin version tracking, users can now see which version of Packer Community Edition or plugins were used for each of their artifacts, directly in the HashiCorp Cloud Platform (HCP). This enhancement marks another step towards complete artifact provenance by providing users with more visibility into the tools used to create an artifact and allowing them to use this information for troubleshooting and risk mitigation.

See the Packer Community Edition version and plugin versions used for each build directly in HCP Packer.

See the Packer Community Edition version and plugin versions used for each build directly in HCP Packer.

»Learn more

To learn more about HCP Packer, visit the HCP Packer introduction page on HashiCorp Developer.

Get started with HCP Packer for free to track and manage artifacts across all your cloud environments.

HCP

Sign up for the latest HashiCorp news

By submitting this form, you acknowledge and agree that HashiCorp will process your personal information in accordance with the Privacy Policy.

More blog posts like this one

Introducing The Infrastructure Cloud
April 22 2024 | Products & Technology
Introducing The Infrastructure Cloud

Do cloud right with The Infrastructure Cloud from HashiCorp. Unlock developer potential while controlling cloud costs and risk.

HCP Packer webhooks now generally available
April 16 2024 | Products & Technology
HCP Packer webhooks now generally available

Webhooks for HCP Packer automatically notify external systems about image-related events.

Predictable plugin loading in Packer 1.11
March 12 2024 | Products & Technology
Predictable plugin loading in Packer 1.11

To boost stability, Packer 1.11 introduces a predictable plugin loading approach, loading only binaries from its plugin directory with accompanying SHA256SUM files.