Halaman ini menjelaskan penghapusan kemampuan pemindaian kerentanan dari dasbor postur keamanan Google Kubernetes Engine (GKE).
Tentang pemindaian kerentanan
Dasbor postur keamanan GKE memungkinkan Anda memantau workload yang memenuhi syarat untuk masalah seperti kesalahan konfigurasi keamanan dan kerentanan yang diketahui.
Pemindaian kerentanan beban kerja menggunakan tingkatan berikut, yang masing-masing memindai bagian tertentu dari container yang sedang berjalan:
Pemindaian kerentanan workload - tingkat standar: memindai OS container untuk menemukan kerentanan.
Advanced Vulnerability Insights: memindai OS container dan paket bahasa untuk mendeteksi kerentanan.
Linimasa dan tonggak pencapaian
Penghapusan pemindaian kerentanan workload memiliki tonggak penting berikut:
31 Juli 2025: tingkat standar pemindaian kerentanan dihentikan. Hasil pemindaian ini tidak lagi ditampilkan di konsolGoogle Cloud . Anda tidak lagi melihat opsi untuk mengaktifkan atau menonaktifkan pemindaian kerentanan untuk GKE di konsol Google Cloud .
16 Juni 2025: Advanced Vulnerability Insights tidak digunakan lagi. Hasil pemindaian tetap ditampilkan di dasbor postur keamanan GKE. Pesan informasi tentang penghentian layanan ditampilkan di konsol Google Cloud .
16 Juni 2026: Hasil Insight Kerentanan Lanjutan tidak lagi ditampilkan di konsol Google Cloud .
Dampak pada workload dan cluster
Penghapusan kemampuan pemindaian kerentanan workload tidak akan menyebabkan gangguan pada workload atau cluster. Jika Anda tidak melakukan tindakan apa pun hingga tanggal yang tercantum di bagian sebelumnya, hanya perubahan berikut yang akan terjadi:
Halaman Security Posture di konsol Google Cloud tidak menampilkan hasil pemindaian kerentanan baru.
Jika tingkat pemindaian kerentanan tidak digunakan lagi, Anda tidak dapat mengaktifkan tingkat tersebut di cluster.
Jika tingkat pemindaian kerentanan dihapus, Anda tidak dapat melihat hasil historis untuk tingkat tersebut.
Anda tidak dapat melihat hasil pemindaian yang ada di dasbor postur keamanan .
Pemindaian kerentanan workload dinonaktifkan di cluster yang ada yang menggunakan fitur tersebut.
Log yang ada di Cloud Logging tetap berada di bucket log _Default selama
periode retensi log yang dikonfigurasi.
Yang dapat Anda lakukan
Untuk memindai image guna menemukan kerentanan setelah pemindaian kerentanan workload dihapus, pertimbangkan opsi berikut:
Artifact Analysis memiliki opsi pemindaian kerentanan otomatis atau on-demand untuk image container di Artifact Registry. Untuk mengetahui detailnya, lihat
Ringkasan pemindaian container.
Security Command Center dapat menilai gambar Pod yang di-deploy untuk mengetahui kerentanan. Untuk
informasi selengkapnya, lihat sumber keamanan berikut:
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-07-31 UTC."],[],[],null,["# Vulnerability scanning removal from GKE\n\n[Autopilot](/kubernetes-engine/docs/concepts/autopilot-overview) [Standard](/kubernetes-engine/docs/concepts/choose-cluster-mode)\n\n*** ** * ** ***\n\nThis page describes the removal of vulnerability scanning capabilities from the\nGoogle Kubernetes Engine (GKE) security posture dashboard.\n\nAbout vulnerability scanning\n----------------------------\n\nThe GKE security posture dashboard lets you monitor eligible\nworkloads for issues like security misconfigurations and known vulnerabilities.\nWorkload vulnerability scanning uses the following *tiers*, each of which\nscans specific parts of your running containers:\n\n- **Workload vulnerability scanning - standard tier**: scan the container OS for vulnerabilities.\n- **Advanced Vulnerability Insights**: scan the container OS and language packages for vulnerabilities.\n\nTimeline and milestones\n-----------------------\n\nThe workload vulnerability scanning removal has the following major milestones:\n\n- **July 31, 2025**: the standard tier of vulnerability scanning is shutdown. Results for these scans no longer display in the Google Cloud console. You no longer see an option to enable or disable vulnerability scanning for GKE in the Google Cloud console.\n- **June 16, 2025**: Advanced Vulnerability Insights is deprecated. Scan results still display in the GKE security posture dashboard. Informational messages about the deprecation display in the Google Cloud console.\n- **June 16, 2026**: Advanced Vulnerability Insights results no longer display in the Google Cloud console.\n\nImpact to workloads and clusters\n--------------------------------\n\n| **Key Point:** No disruptions occur in your workloads and clusters. Vulnerability scanning is a monitoring capability that doesn't interact directly with your running workloads.\n\nThe removal of workload vulnerability scanning capabilities won't result in\nworkload or cluster disruptions. If you take no action by the dates in the\npreceding section, the only changes that occur are as follows:\n\n- The **Security Posture** page in the Google Cloud console doesn't display new vulnerability scanning results.\n- If the vulnerability scanning tier is deprecated, you can't enable that tier in clusters.\n- If the vulnerability scanning tier is removed, you can't view historical results for that tier.\n- You can't view existing scan results in the security posture dashboard .\n- Workload vulnerability scanning is disabled in existing clusters that use the feature.\n\nExisting logs in Cloud Logging remain in the `_Default` log bucket for the\nconfigured [log retention period](/logging/quotas#logs_retention_periods).\n\nWhat you can do\n---------------\n\nTo scan images for vulnerabilities after workload vulnerability scanning is\nremoved, consider the following options:\n\n- Artifact Analysis has automatic or on-demand vulnerability scanning options for container images in Artifact Registry. For details, see [Container scanning overview](/artifact-analysis/docs/container-scanning-overview).\n- Security Command Center can assess the images of deployed Pods for vulnerabilities. For\n more information, see the following security sources:\n\n - [Artifact Registry vulnerability assessment](/security-command-center/docs/concepts-security-sources#ar-vuln-assessment) ([Preview](/products#product-launch-stages)).\n - [Vulnerability Assessment for Google Cloud](/security-command-center/docs/concepts-security-sources#vulnerability-assessment-for-google-cloud). ([Preview](/products#product-launch-stages)).\n\nDisable vulnerability scanning\n------------------------------\n\nTo stop using vulnerability scanning in your clusters prior to the removal in\nthe GKE Standard edition, see\n[Disable workload vulnerability scanning](/kubernetes-engine/docs/how-to/security-posture-vulnerability-scanning#disable-security-posture)."]]
