English
Deutsch
Español
Español – América Latina
Français
Indonesia
Italiano
Português – Brasil
中文 – 简体
中文 – 繁體
日本語
한국어

Console

Contact Us Start free

Overview of Cloud Run threats

Security Command Center performs runtime and control plane monitoring of Cloud Run resources. For recommended responses to these threats, see Respond to Cloud Run threat findings.

Runtime finding types

The following runtime detections are available with Cloud Run Threat Detection:

Execution: Added Malicious Binary Executed

Execution: Added Malicious Library Loaded

Execution: Built in Malicious Binary Executed

Execution: Container Escape

Execution: Kubernetes Attack Tool Execution

Execution: Local Reconnaissance Tool Execution

Execution: Malicious Python executed

Execution: Modified Malicious Binary Executed

Execution: Modified Malicious Library Loaded

Malicious Script Executed

Malicious URL Observed

Reverse Shell

Unexpected Child Shell

Control plane finding types

The following control plane detections are available with Event Threat Detection:

Execution: Cryptomining Docker Image

Impact: Cryptomining Commands

Privilege Escalation: Default Compute Engine Service Account SetIAMPolicy

What's next

Learn about Cloud Run Threat Detection.
Learn how to respond to Cloud Run threat findings.
Refer to the Threat findings index.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-09-11 UTC.