Monday, September 26, 2022

[FIXED] How to inlcude Container Registry vulnerability scans in the CI/CD script using Cloud Build on GCP

      , , ,      No comments   

Issue

Is there a way to add the Container Registry vulnerability scans as a step in the .yaml script doing the CI/CD pipeline using Cloud Build. The idea will be to not deploy a image if the severity is critical or hight.

using

Right now the scan is done on Container Registry after an image is pushed but this is independant of the CI/CD pipeline script. I don't know what is the best practices in this area in particular in compagny that have heavy security rules.


Solution

Now GCP is providing a "on demand scanning" functionality that can be used from a Cloud Build pipeline link

Right now the tool require 2-3 time the size of the container in RAM (Max with Cloud Build is 32 GB). I hope this will be improve soon. In such case we can use the --remote option, to scan a container already store in Artifac Registry



Answered By - Dr. Fabien Tarrade
Answer Checked By - Dawn Plyler (PHPFixing Volunteer)

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

1,207,096

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...