[ad_1]
Google announced today a major update of its CI / CD Cloud Build platform, which brings a vulnerability analysis to all container images created with the help of the service. The search for vulnerabilities in the container registry, which is now in beta, aims to ensure that as companies adopt modern DevOps practices, the container they deploy will eventually be free of known vulnerabilities.
As Google rightly notes, the only way to ensure that security protocols are always followed is to automate the process. In this case, all new cloud generation images are automatically scanned when Cloud Build creates an image and stores it in the container registry.
The service uses standard security databases to look for new problems. Currently, the service can identify package vulnerabilities for Ubuntu, Debian and Alpine, with the support of CentOS and RHEL coming soon.
When it detects a problem, the service notifies the user, but companies can also set up automatic rules (using Pub / Sub notifications and Cloud functions) to take action automatically. Users also get detailed reports on the severity of the vulnerability, VCSS scores, affected packets, and hotfix availability.
Source link
