You are running a containerized application on Google Kubernetes Engine. Your container images are stored in Container Registry. Your team uses CI/CD practices. You need to prevent the deployment of containers with known critical vulnerabilities. What should you do?
To prevent the deployment of containers with known critical vulnerabilities in a Google Kubernetes Engine environment, the most effective approach involves using Google's container security tools. First, enable the Container Scanning API to automatically perform vulnerability scanning of your container images stored in the Container Registry. Then, programmatically review the vulnerability reports generated by the Container Scanning API to ensure that the containers are free from critical vulnerabilities. Finally, implement Binary Authorization, which enforces a policy requiring an attestation that the container is free of known critical vulnerabilities before it can be deployed. This method ensures a systematic and automated approach to maintaining secure container deployments.
i think c is correct
D is the answer. https://cloud.google.com/binary-authorization/docs/creating-attestations-kritis
https://cloud.google.com/container-analysis/docs/automated-scanning-howto#view-code https://cloud.google.com/binary-authorization/docs Answer D
D is correct.
I would go for D https://cloud.google.com/container-analysis/docs/os-overview
Answer is D, use the default tools provided by google like container analysis.
Using container scanning API is a better choice.
D is correct