Ensure GCP GCR Container Vulnerability Scanning is enabled
Error: GCP GCR Container Vulnerability Scanning is disabled
Bridgecrew Policy ID: BC_GCP_GENERAL_41
Checkov Check ID: CKV2_GCP_11
Severity: MEDIUM
GCP GCR Container Vulnerability Scanning is disabled
Description
This policy identifies GCP accounts where GCR Container Vulnerability Scanning is not enabled. GCR Container Analysis and other third party products allow images stored in GCR to be scanned for known vulnerabilities. Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. It is recommended to enable vulnerability scanning for images stored in Google Container Registry.
Fix - Runtime
Fix - Buildtime
Terraform
resource "google_project_services" "pass_1" {
project = "your-project-id"
services = ["iam.googleapis.com", "cloudresourcemanager.googleapis.com", "containerscanning.googleapis.com"]
}
Updated 11 months ago