Vulnerability scanning removal from GKE Standard edition


This page describes the removal of vulnerability scanning capabilities from the Google Kubernetes Engine (GKE) security posture dashboard for the GKE Standard edition. If you use GKE Enterprise, this page doesn't apply to you.

About vulnerability scanning

The GKE security posture dashboard lets you monitor eligible workloads for issues like security misconfigurations and known vulnerabilities. The security posture dashboard is available to use with both GKE Enterprise and the GKE Standard. The vulnerability scanning capability of the security posture dashboard monitors your workloads for the following:

  • Operating system (OS) image vulnerabilities
  • Language package vulnerabilities

Starting on July 31, 2025, GKE Standard edition environments can no longer do the following in the security posture dashboard:

  • Enable OS image vulnerability scanning
  • Enable Advanced Vulnerability Insights
  • View new vulnerability scanning results
  • View historical vulnerability scanning results

If you use GKE Enterprise, you'll continue to have access to all of these vulnerability scanning capabilities.

Timeline and milestones

Expect the following milestones:

  • January 31, 2025: the Google Cloud console displays prompts if you use the GKE Standard edition and have vulnerability scanning enabled in the security posture dashboard.
  • July 31, 2025: vulnerability scanning no longer displays results in the Google Cloud console. You no longer see an option to enable or disable vulnerability scanning in the security posture dashboard unless you enable GKE Enterprise.

What you should do

On July 31, 2025, if you don't upgrade to GKE Enterprise, you'll stop seeing vulnerability results in the security posture dashboard. If you were using Advanced Vulnerability Insights, you won't see charges on your bill after this date. These charges previously appeared as Container Registry Vulnerability Scanning service, with the SKU name Cluster hours with Advanced Vulnerability Insights for GKE enabled.

The following sections describe the options that you have to continue getting vulnerability scanning results or to disable vulnerability scanning. We recommend that you perform one of these actions before July 31, 2025.

Upgrade to GKE Enterprise

To continue using vulnerability scanning after it's removed in the GKE Standard, you must enable GKE Enterprise in your environment. For details, see Enable GKE Enterprise.

Enable container image scanning in Artifact Registry using Artifact Analysis

Artifact Analysis offers automatic or on-demand vulnerability scanning options for container images in Artifact Registry. For details, see Container scanning overview.

Disable vulnerability scanning

To stop using vulnerability scanning in your clusters prior to the removal in the GKE Standard, see Disable workload vulnerability scanning.