View Software Delivery Shield details

This page describes how to view the Software Delivery Shield panel for a selected Cloud Run revision, and provides brief details to help you understand what this panel reveals for the revision.

Software Delivery Shield is a fully-managed, end-to-end software supply chain security solution that helps you to improve the security posture of developer workflows and tools, software dependencies, CI/CD systems used to build and deploy your software, and runtime environments such as Google Kubernetes Engine and the Cloud Run runtime environment. For more details, refer to the Software Delivery Shield overview.

Before you begin

You need to to enable Container Scanning API for container scanning.

Enable the Container Scanning API

Required permissions

To view the Software Delivery Shield panel, you need the following roles:

  • Artifact Analysis Occurrences Viewer
  • Cloud Run Viewer

View the Software Delivery Shield panel

  1. Go to Cloud Run

  2. Click the service you are interested in to open the Service details page.

  3. Click the Revisions tab and select the desired revision.

  4. In the details panel at the right, click the Security tab.

  5. Locate the Software Delivery Shield section. This section shows the current vulnerability rating and other related details for the selected revision. For more information about these details, see the section Understanding the Software Delivery Shield panel

Understanding the Software Delivery Shield panel

The Software Delivery Shield panel displays the following information:

  • Supply-chain Levels for Software Artifacts (SLSA) level: Identifies the maturity level of your software build process in accordance with the SLSA specification). You can find more details at the SLSA website.
  • Vulnerabilities: An overview of any vulnerabilities found in your artifacts, and the name of the image that Artifact Analysis has scanned. You can click the image name to view vulnerability details.
  • Build details: Details of the build such as the builder and the link to view logs.
  • Build provenance: Provenance for the build.

What's next