Google Cloud rolls out security feature for container images

The new Container Registry vulnerability scanning feature should bring more stability to the early stages of the CI/CD process, Google says.
Written by Stephanie Condon, Senior Writer

Google on Wednesday announced a new feature for developers in the early stages of the continuous integration and continuous delivery (CI/CD) process. All container images built using Cloud Build, Google's fully-managed CI/CD platform, will now be automatically scanned for OS package vulnerabilities. The Container Registry vulnerability scanning feature is currently in beta.

The images will be scanned for vulnerabilities when they're pushed to Container Registry once the Container Analysis API is enabled. Vulnerability scanning is also integrated with Binary Authorization, a deploy-time security control that ensures only trusted container images are automatically deployed on Kubernetes Engine.

The new feature should help prevent the deployment of vulnerable images, and it should reduce the time spent dealing with security issues downstream, Google says.

In other news related to developer productivity, Google announced it's revamped Cloud Source Repositories. The updated version, now in beta, features a new user interface as well as semantic code search capabilities. The code search function is powered by the same underlying code search infrastructure that Google engineers use.

Google on Wednesday also announced the general availability of Cloud Memorystore for Redis, a fully-managed in-memory data store service built on Google infrastructure. Cloud Memorystore automates complex tasks like provisioning, scaling, failover and monitoring. Cloud Memorystore was one of mulitple managed database services Google rolled out earlier this year.

Editorial standards