Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-gcp-compliance
Overview
14Dashboards
621Benchmarks
202Queries
2Variables
GitHub

Control: Ensure container vulnerability scanning is enabled

Description

Container Vulnerability Scanning in Google Cloud Platform (GCP) refers to a security service that automatically performs vulnerability detection on container images stored in Container Registry and Artifact Registry. This service is designed to identify known security vulnerabilities in your container images.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.project_service_container_scanning_api_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.project_service_container_scanning_api_enabled --share

SQL

This control uses a named query:

select
  name as resource,
  case
    when state = 'ENABLED' then 'ok'
    else 'alarm'
  end as status,
  case
    when state = 'ENABLED'
      then name || ' container scanning API is enabled.'
    else name || ' container scanning API is disabled.'
  end as reason
  , location as location, project as project
from
  gcp_project_service
where
  name = 'containerscanning.googleapis.com';

Tags

category = Compliance
nist_csf_v2 = true
plugin = gcp
service = GCP/Project