After the promotional period, when you enable the Container Scanning API billing begins immediately.
Best practices for keeping your costs low
When you enable the Container Scanning API, every new image you push will be automatically scanned. To keep your costs low, separate the container images you want to scan into a different project.
Set up a new Google Cloud project and enable the Container Scanning API for that project. This project will incur normal billing charges for Artifact Registry and Container Registry. Push the images you want to scan to this project.
Add the following steps in your CI/CD pipeline:
Add a tag corresponding to the Artifact Registry or Container Registry project where Container Scanning is enabled.
Push the images to the project.
Estimating your scanning costs
To calculate the approximate cost for the images in a project, estimate the number of images you push in a time frame and multiply that number by the price, $0.26. You can do this by running a shell script in Cloud Shell.
Open a Cloud Shell in your project.
Click the Open Editor icon and create a new file
cost-estimation.shwith the following content:
#!/bin/bash # Replace with your project data GC_PROJECT='PROJECT_REPOSITORY' START_DATE='START_DATE' END_DATE='END_DATE' IFS=$'\n' FILTER="timestamp.date('%Y-%m-%d', Z)>'$START_DATE' AND timestamp.date('%Y-%m-%d', Z)<'$END_DATE'" PRICE="0.26" images=$( gcloud container images list --repository="$GC_PROJECT" | sed -n '/gcr.io/p' ) total_digests=0 for image in $images; do image_digests=$( gcloud container images list-tags --filter="$FILTER" "$image" | wc -l ) if [[ "$image_digests" -gt 1 ]]; then total_digests=$(( total_digests + $image_digests - 1 )) fi done total_price=$( python -c "print($total_digests * $PRICE)" ) echo "Number of images: $total_digests" echo "Estimated cost: $total_price"
Replace the following:
PROJECT_REPOSITORY: your project repository. For example,
START_DATE: the starting date for the period to estimate, in
Y-m-dformat. For example,
END_DATE: the end date for the period to estimate, in
Y-m-dformat. For example,
Run the script:
It shows the total number of images and the total estimated cost:
Number of images: 53 Estimated cost: 13.78
This is only an estimation, the actual cost may change due to other factors, for example:
Pushing the same image to different multi-regions in the same project does not generate additional costs.
Pushing the same image to two different repositories within two different projects does not generate additional costs.
Checking current vulnerability scanning costs
- Learn more about vulnerability scanning.
- Check the upgrading guide to learn how to move from the beta to the generally available version of Container Analysis.