Enable or disable automatic scanning

Artifact Analysis provides automated vulnerability scanning for images in both Container Registry and Artifact Registry through the Container Scanning API.

See the Pricing page for pricing information.

Enable the Container Scanning API

Artifact Analysis does not automatically scan existing images. To scan an existing image, you must push it again.

You can enable the Container Scanning API for an existing project, or create a new project and then enable the API. Enabling the Container Scanning API also enables the Container Analysis API for metadata storage and retrieval.

Enable the Container Scanning API

Disable the Container Scanning API

To disable vulnerability scanning for both Container Registry and Artifact Registry, do the following:

Console

  1. Open the Settings page for either service in the Google Cloud console.

    Artifact Registry:

    Open the Settings page

    Container Registry:

    Open the Settings page

  2. Click Disable Vulnerability Scanning.

gcloud

Run the following command:

gcloud services disable containerscanning.googleapis.com

Extend your monitoring time window

Artifact Analysis continuously monitors the vulnerability metadata for scanned images in Container Registry and Artifact Registry. The default time window for continuous monitoring is 30 days, after this period your images are stale and the metadata is no longer updated.

To extend the monitoring window, you must pull or push the image within the 30-day period. We recommend creating a scheduled task to re-push containers that don't require frequent updating, for example, your Istio and proxy images.

What's next