INSUBCONTINENT EXCLUSIVE:
Google today announced an important update to its Cloud Build CI/CD platform that brings vulnerability scanning to all container images
Container Registry vulnerability scanning, which is now in beta, is meant to ensure that as businesses adopt modern DevOps practices, the
container they eventually deploy are free of known vulnerabilities.
As Google rightly notes, the only way to ensure that security protocols
are always followed is by automating the process
In this case, all new Cloud Build images are automatically scanned when Cloud Build creates an imageand stores it in the Container
Registry.
The service uses the standard security databases to find new issues
Currently, the service can identify package vulnerabilities forUbuntu, Debian, and Alpine, with CentOS and RHEL support coming soon.
When
it finds an issue, the service will notify the user, but businesses can also set up automatic rules (using Pub/Sub notifications and Cloud
Functions) to take actions automatically
Users also get detailed reports about the severity of the vulnerability, VCSS scores, which packages were affected and whether there a fix
