Hi all
I came across this link https://cloud.google.com/artifact-analysis/docs/ods-cloudbuild#build_and_scan which provides an approach to block the build of an packages with higher severity vulnerabilities. This is great!
However, my question, what are generally the steps to be taken when the severity is HIGH, for a package that is already used in productionised solution and there's no way to remove the package from the solution?
Solved! Go to Solution.
Hi @bihagkashikar,
Welcome to Google Cloud Community!
The risk of a high-severity vulnerability in a production system when immediate removal of the package is not possible.
@christianpaula thank you for your note.
This is exactly my question on your comment - " you need to assess the risk, implement mitigation controls, monitor the situation, and have a plan for remediation"
What are google recommended steps that one can carry out. Consider this, what happens there's are vulnerability identified in the google cloud python library https://github.com/googleapis/google-cloud-python, Google Cloud must be taking some steps to mitigate the issue?
Hi @bihagkashikar,
Welcome to Google Cloud Community!
The risk of a high-severity vulnerability in a production system when immediate removal of the package is not possible.
@christianpaula thank you for your note.
This is exactly my question on your comment - " you need to assess the risk, implement mitigation controls, monitor the situation, and have a plan for remediation"
What are google recommended steps that one can carry out. Consider this, what happens there's are vulnerability identified in the google cloud python library https://github.com/googleapis/google-cloud-python, Google Cloud must be taking some steps to mitigate the issue?