Answer-first summary for fast verification
Answer: Enable the Container Scanning API in Artifact Registry, and scan the built container images for vulnerabilities.
Option C is the correct choice because enabling the Container Scanning API (part of Container Analysis) in Artifact Registry allows automatic vulnerability scanning of container images when they are uploaded. This integrates natively with Google Cloud services, ensuring minimal disruption to existing processes. The scan results are stored in Artifact Analysis and can be accessed via APIs or the console, making them available to the deployment pipeline. Other options involve third-party tools (B, D) or policy enforcement without direct scanning (A), which do not meet the requirement of minimal changes and native integration.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are updating your Cloud Build pipeline to follow best practices. The current steps are:
You need to introduce a vulnerability scanning step for the built container image and make the scan results accessible to your Google Cloud deployment pipeline, while minimizing impact on other teams' workflows. What is the recommended approach?
A
Enable Binary Authorization, and configure it to attest that no vulnerabilities exist in a container image.
B
Upload the built container images to your Docker Hub instance, and scan them for vulnerabilities.
C
Enable the Container Scanning API in Artifact Registry, and scan the built container images for vulnerabilities.
D
Add Artifact Registry to your Aqua Security instance, and scan the built container images for vulnerabilities.
No comments yet.