5.1.1 Ensure Image Vulnerability Scanning using GCR Container Analysis or a third party provider

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Scan images stored in Google Container Registry (GCR) for vulnerabilities.

Rationale:

Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. GCR Container Analysis and other third party products allow images stored in GCR to be scanned for known vulnerabilities.

Solution

Using Google Cloud Console

Go to GCR by visiting https://console.cloud.google.com/gcr

Select Settings and Click Enable Vulnerability Scanning.

Using Command Line

gcloud services enable containerscanning.googleapis.com

Impact:

None.

Default Value:

By default, GCR Container Analysis is disabled.

See Also

https://workbench.cisecurity.org/files/2764