Your organization is concerned about application vulnerabilities in production that have led to security breaches. You need to automatically scan your deployment pipeline for vulnerabilities and ensure only approved, scanned containers can run in your environment. What should you do?

Exam-Like

Use Kubernetes role-based access control (RBAC) as the source of truth for cluster access by granting “container.clusters.get” to limited users. Restrict deployment access by allowing these users to generate a kubeconfig file containing the configuration access to the GKE cluster.

Use gcloud artifacts docker images describe LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE_ID@sha256:HASH --show-package-vulnerability in your CI/CD pipeline, and trigger a pipeline failure for critical vulnerabilities.

Enforce the use of Cloud Code for development so users receive real-time security feedback on vulnerable libraries and dependencies before they check in their code.

Enable Binary Authorization and create attestations of scans.

Google Professional Cloud Security Engineer

Get started today

Comments

Your organization is concerned about application vulnerabilities in production that have led to security breaches. You need to automatically scan your deployment pipeline for vulnerabilities and ensure only approved, scanned containers can run in your environment. What should you do?