Ensure GCP GCR Container Vulnerability Scanning is enabled

Error: GCP GCR Container Vulnerability Scanning is disabled
Bridgecrew Policy ID: BC_GCP_GENERAL_41
Checkov Check ID: CKV2_GCP_11
Severity: MEDIUM

GCP GCR Container Vulnerability Scanning is disabled

Description

This policy identifies GCP accounts where GCR Container Vulnerability Scanning is not enabled. GCR Container Analysis and other third party products allow images stored in GCR to be scanned for known vulnerabilities. Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. It is recommended to enable vulnerability scanning for images stored in Google Container Registry.

Fix - Runtime

Fix - Buildtime

Terraform

resource "google_project_services" "pass_1" {
  project = "your-project-id"
  services   = ["iam.googleapis.com", "cloudresourcemanager.googleapis.com", "containerscanning.googleapis.com"]
}