Java and Go vulnerability scanning support

Google Cloud’s Container Scanning API now automatically scans Maven and Go packages for vulnerabilities.

With the Container Scanning API enabled, any containers including Java (in Maven repositories) and Go language packages that are uploaded to an Artifact Registry repository will be scanned for vulnerabilities. This capability builds on existing Linux OS based vulnerability detection and provides customers with deeper insight into their applications. This feature is in Public Preview which makes it available to all Google Cloud customers.

Partner with aster.cloud
for your next big idea.
Let us know here.

From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.

CYBERPOGO.COM :: For the Arts, Sciences, and Technology.

DADAHACKS.COM :: Parenting For The Rest Of Us.

ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.

TAKUMAKU.COM :: For The Hearth And Home.

ASTER.CLOUD :: From The Cloud And Beyond.

LIWAIWAI.COM :: Intelligence, Inside and Outside.

GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.

FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.

ASTERCASTER.COM :: Supra Astra. Beyond The Stars.

BARTDAY.COM :: Prosperity For Everyone.

Get started with Artifact Registry via the instructions for Go or the instructions for Java.

How it works

Once the API is enabled, upload a container image which contains Go and/or Maven packages.

Vulnerability totals for each image digest are displayed in the Vulnerabilities column. Customers can then drill down on the vulnerability to get CVE numbers, and if available, a suggested fix.

Vulnerabilities can also be displayed via the gcloud CLI and the API.

To view a list of vulnerabilities from the gcloud CLI, the following can be used.

gcloud artifacts docker images list --show-occurrences LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE_ID --format=json

To view a list of vulnerabilities with the API, run the following command.

curl -X GET -H "Content-Type: application/json" -H \
    "Authorization: Bearer $(gcloud auth print-access-token)" \
    https://containeranalysis.googleapis.com/v1/projects/PROJECT_ID/occurrences

Integrate your Workflows via API and Pub/Sub

This feature now makes it possible to scan Java (in Maven repositories) and Go language packages both via the existing On-Demand scan capability, and with an automatic scan on push to Artifact Registry. Language scanning is in addition to the Linux OS scanning which is already available.

This capability can be combined with Pub/Sub notifications to trigger additional actions for the vulnerabilities and other metadata. An example of this is sending an e-mail notification to those who need the information.

Organizations are increasingly concerned about the supply chain risks associated with building their applications using open source software. Being able to scan applications for vulnerabilities is an important step for customers to enhance their security posture. Language package vulnerabilities are available in the same formats that customers are already familiar with. They appear alongside OS vulnerabilities within the Artifact Registry UI, and are available through existing CLI and APIs. These steps aid customers in identifying the potential vulnerabilities introduced in software packages and make appropriate decisions with that information.

Learn more about types of vulnerability scanning.

By: Nate Avery (Outbound Product Manager) and Greg Mucci (Product Manager, Developer Experience)
Source: Google Cloud Blog

For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

Container Analysis Support For Maven And Go Automatic Scanning Of Containers In Public Preview

Java and Go vulnerability scanning support

From our partners:

How it works

Integrate your Workflows via API and Pub/Sub

For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

aster.cloud

Related Topics

One paperwork problem – Get your Digital Nomad Visa employment documents fast from UK, EU or Singapore

Samsung Art Store Brings Art Basel to Homes Worldwide With New Curated Collection

You Do Not Need to Invest in the IPO of SpaceX, Anthropic, and OpenAI

The consequences of relying on AI for accurate news

Connecting AI agents with unstructured data using Google Cloud Storage MCP Servers

WWDC26: Apple unveils next generation of Apple Intelligence, Siri AI, powerful parental controls, and an expansive set of software improvements

IBM and Google Cloud Announce Strategic Partnership to Scale AI with Human Expertise and AI‑Powered Delivery

Data Sovereignty in Spain. It’s Not Just About the Law, It’s About Efficiency

Ink vs Pixels. What you miss versus what you are actually missing.

Banks race to patch new cyber vulnerabilities, and other cybersecurity news

Most Popular

Pope Leo XIV to Publish First Encyclical on Artificial Intelligence and Human Dignity on 25 May

Portfolio to Clients, and is Strengthened by Ongoing Project Glasswing Work

Everything The reMarkable Paper Pure Actually Does

Scaling cloud and AI: Microsoft Azure’s commitment to Europe’s digital future

Introducing The Anthropic Institute

Container Analysis Support For Maven And Go Automatic Scanning Of Containers In Public Preview

Java and Go vulnerability scanning support

From our partners:

How it works

Integrate your Workflows via API and Pub/Sub

For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Related Topics

You May Also Like