Answer-first summary for fast verification
Answer: Enable the Vulnerability scanning setting in the Container Registry.
Option A is correct because enabling Vulnerability Scanning in Container Registry (now Artifact Registry) is a fully managed service that automatically scans container images for CVEs when they are pushed. This solution requires no additional development effort, ensures minimal impact on agility, and aligns with the requirement to use managed services. Options B and D involve custom implementations or monitoring logs, which are less efficient and not fully managed. Option C restricts development flexibility by disallowing open-source base images, which contradicts the teams' requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your development teams need to use diverse open-source operating systems in their Docker builds. When container images are published in your company's environment, they must be scanned for Common Vulnerabilities and Exposures (CVEs) without affecting development agility. You prefer using managed services where available. What is the recommended approach?
A
Enable the Vulnerability scanning setting in the Container Registry.
B
Create a Cloud Function that is triggered on a code check-in and scan the code for CVEs.
C
Disallow the use of non-commercially supported base images in your development environment.
D
Use Cloud Monitoring to review the output of Cloud Build to determine whether a vulnerable version has been used.
No comments yet.