Spring Boot on GCP
Search…
Introduction
Getting Started
Google Cloud Platform
Cloud Shell
gcloud CLI
Hello World!
Application Development
Development Tools
Spring Cloud GCP
Cloud Services
Observability
DevOps
Deployment
Runtime Environments
Container
Container Image
Secure Container Image
Container Awareness
Vulnerability Scanning
Attestation
Kubernetes
Istio
Additional Resources
Code Labs
Presentations / Videos
Cheat Sheets
Powered By
GitBook
Vulnerability Scanning
​
Cloud Container Analysis
can scan your container images stored in Container Registry for vulnerabilities. See
Vulnerability Scanning documentation
for more detail.
Container images are scanned upon push to Container Registry, and then continuously monitored/scanned if the image was pulled in the last 30 days.
Enable API
1
gcloud services
enable
containeranalysis.googleapis.com
2
gcloud services
enable
containerscanning.googleapis.com
Copied!
Push an Image
Container images are scanned when they are pushed to Container Registry. To force a scan on an existing image, you have to re-push it the image. For example, follow the
Container Image section
, and re-push the Hello World container image.
1
PROJECT_ID
=
$(
gcloud config get-value project
)
2
​
3
./mvnw compile com.google.cloud.tools:jib-maven-plugin:2.4.0:build
\
4
-Dimage
=
gcr.io/
${PROJECT_ID}
/helloworld
Copied!
Vulnerabilities
Once the image is scanned, you can see the status of Vulnerability Scanning in Container Registry.
1
PROJECT_ID
=
$(
gcloud config get-value project
)
2
​
3
open
https://gcr.io/
$PROJECT_ID
/helloworld
Copied!
On the right hand side, see the
Vulnerabilities
column:
Click into
View vulnerabilities
to see the details:
You can list vulnerabilities for a specific container image. It'll be outputted in the raw YAML format:
1
PROJECT_ID
=
$(
gcloud config get-value project
)
2
​
3
gcloud beta container images describe gcr.io/
$PROJECT_ID
/helloworld
\
4
--show-package-vulnerability
Copied!
See
Vulnerability Scanning documentation
for more information on vulnerability database sources.
Continuous Scan
Container images are scanned upon push to Container Registry, and then continuously monitored/scanned if the image was pulled in the last 30 days.
See
Vulnerability Scanning documentation
for more information.
Previous
Container Awareness
Next
Attestation
Last modified
1yr ago
Copy link
Contents
Enable API
Push an Image
Vulnerabilities
Continuous Scan