To enable Vanta to fetch vulnerabilities surfaced by GCP Container Registry, enable both the Container Analysis API and Container Scanning API in GCP.
- The Container Analysis API lets Vanta fetch container metadata. This API is free.
- The Container Scanning API enables vulnerability scanning on each container. This may incur additional charges from GCP.
If you’re already doing container vulnerability scanning in GCP, both should be enabled already. If not, Vanta recommends you start container scanning, but do decide whether you want to do so yourself. You can learn more about container scanning here. When you’re ready, follow the instructions below to enable for each GCP project.
You can enable these APIs via either the online console or the gcloud terminal command.
Via the online console: Go to the following links and follow the instructions:
- Container analysis: https://console.cloud.google.com/flows/enableapi?apiid=containeranalysis.googleapis.com
- Container scanning: https://console.cloud.google.com/flows/enableapi?apiid=containerscanning.googleapis.com
Via gcloud: Enter the following commands in your terminal:
gcloud services enable containerscanning.googleapis.com
gcloud services enable containeranalysis.googleapis.com
Please note that enabling Container Scanning API will incur additional charges from GCP.
For additional information on GCP container analysis, please refer to: https://cloud.google.com/container-analysis/docs/container-analysis