GCP GCR Container Vulnerability Scanning is disabled

Description

This policy identifies GCP accounts where GCR Container Vulnerability Scanning is not enabled. GCR Container Analysis and other third party products allow images stored in GCR to be scanned for known vulnerabilities. Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. It is recommended to enable vulnerability scanning for images stored in Google Container Registry.

Code Example

{
 "resource "google_project_services" "pass_1" {
  project = "your-project-id"
  services   = ["iam.googleapis.com", "cloudresourcemanager.googleapis.com", "containerscanning.googleapis.com"]
}

",
}

Remediation

Terraform

Rule Details

Field	Value
ID	IAC-0996
Severity	INFO
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV2_GCP_11

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

GCP GCR Container Vulnerability Scanning is disabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

GCP GCR Container Vulnerability Scanning is disabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

GCP GCR Container Vulnerability Scanning is disabled

Description

Code Example

Remediation

Rule Details

References