Google can scan docker images pushed to our artifact registry for vulnerabilities. This might give us early warning about security issues, and I suspect is most relevant to our hub images.
GitHub has a similar service, though it would scan the repo rather than the images.
Perhaps we can turn it on and see what sort of notifications we get before deciding on how we would respond to them.
User Stories
As an infrastructure admin, I want to ensure that all deployed images have no known vulnerabilities.
Summary
Google can scan docker images pushed to our artifact registry for vulnerabilities. This might give us early warning about security issues, and I suspect is most relevant to our hub images.
GitHub has a similar service, though it would scan the repo rather than the images.
Perhaps we can turn it on and see what sort of notifications we get before deciding on how we would respond to them.
User Stories
Important information
https://console.cloud.google.com/artifacts/settings