Google Cloud Professional Cloud Architect — Question 186

Your company is building containerized applications as part of their CI/CD pipeline. To improve the security and maintainability of the build process, you need to:
• Identify potential vulnerabilities within your container images.
• Generate verifiable metadata about the builds for auditing and compliance.
• Create a comprehensive inventory of your application’s dependencies

What should you do?

Answer options

• A. Use Cloud Build to build container images, and then trigger Artifact Analysis on images pushed to Artifact Registry.
• B. Use Cloud Build to build container images, trigger Binary Authorization, and use Cloud Asset Inventory for tracking and analysis.
• C. Use Cloud Build to build container images, push the images to Artifact Registry, and use Security Command Center for tracking and analysis.
• D. Use Cloud Build to build container images, trigger Binary Authorization, and use Security Command Center for tracking and analysis.

Correct answer: A

Explanation

The correct answer is A, as it directly addresses the need to identify vulnerabilities through Artifact Analysis on images in Artifact Registry. Option B is incorrect because Binary Authorization is not focused on vulnerability detection. Option C and D fail to explicitly provide the necessary vulnerability scanning through Artifact Analysis, which is crucial for security in this context.