You are deploying containerized applications to production Google Kubernetes Engine (GKE) clusters via a CI/CD pipeline and must prevent containers with known vulnerabilities from being deployed. Your solution must meet these requirements:

Be cloud-native.

Be cost-efficient.

Minimize operational overhead.

How should you accomplish this? (Choose two.)*

Exam-Like

Create a Cloud Build pipeline that will monitor changes to your container templates in a Cloud Source Repositories repository. Add a step to analyze Container Analysis results before allowing the build to continue.

Use a Cloud Function triggered by log events in Google Cloud's operations suite to automatically scan your container images in Container Registry.

Use a cron job on a Compute Engine instance to scan your existing repositories for known vulnerabilities and raise an alert if a non-compliant container image is found.

Deploy Jenkins on GKE and configure a CI/CD pipeline to deploy your containers to Container Registry. Add a step to validate your container images before deploying your container to the cluster.

In your CI/CD pipeline, add an attestation on your container image when no vulnerabilities have been found. Use a Binary Authorization policy to block deployments of containers with no attestation in your cluster.

Google Professional Cloud Security Engineer

Get started today

Comments