Container Analysis is a service that provides vulnerability scanning and metadata storage for software artifacts. The scanning service performs vulnerability scans on images in Container Registry, then stores the resulting metadata and makes it available for consumption through an API. Metadata storage allows storing information from different sources, including vulnerability scanning, other Cloud services, and third-party providers.
Container Analysis as a strategic information API
Container Analysis is a Cloud infrastructure component that enables you to store and retrieve structured metadata for Google Cloud resources. In the context of your CI/CD pipeline, Container Analysis can be integrated to store metadata about your deployment process and make decisions based on that metadata.
Figure 1. Diagram that shows Container Analysis as CI/CD pipeline component that interacts with metadata across source, build, storage, and deployment stages as well as runtime environments.
Container Analysis associates metadata to images through notes and ocurrences, to learn more about these concepts see the metadata storage page. The service also performs vulnerability scans for new images pushed to Container Registry, to learn more about this feature see vulnerability scanning.