Stay organized with collections
Save and categorize content based on your preferences.
This page describes how to view the software supply chain security insights for
a selected Cloud Run revision, and provides brief details to help you
understand what this information reveals about the security posture of the
revision.
To learn how you can use Cloud Run with other Google Cloud products
and features to improve the security posture of your
software supply chain, see Software supply chain security.
Before you begin
You must enable Container Scanning API for container scanning.
Click the service you are interested in to open the Service details page.
Click the Revisions tab and select the desired revision.
In the details panel at the right, click the Security tab.
Locate the Security insights section. This
section shows the current vulnerability rating and other related details for
the selected revision. For more information about these details, see the section
Understanding security insights
Understanding security insights
The Security insights section displays the following information:
Supply-chain Levels for Software Artifacts (SLSA) level: Identifies the
maturity level of your software build process in accordance with the SLSA
specification. You can find more details at the SLSA website.
Vulnerabilities: An overview of any vulnerabilities found in your artifacts,
and the name of the image that Artifact Analysis has scanned. You can click the
image name to view vulnerability details.
Build details: Details of the build such as the builder and the link to view logs.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# View software supply chain security insights\n\nThis page describes how to view the software supply chain security insights for\na selected Cloud Run revision, and provides brief details to help you\nunderstand what this information reveals about the security posture of the\nrevision.\n\nTo learn how you can use Cloud Run with other Google Cloud products\nand features to improve the security posture of your\nsoftware supply chain, see [Software supply chain security](/software-supply-chain-security/docs/overview).\n\nBefore you begin\n----------------\n\nYou must enable Container Scanning API for container scanning.\n\n[Enable the Container Scanning API](https://console.cloud.google.com/apis/library/containerscanning.googleapis.com)\n\nRequired permissions\n--------------------\n\nTo view security insights, you need the following roles:\n\n- Artifact Analysis Occurrences Viewer\n- Cloud Run Viewer\n\nView security insights\n----------------------\n\n1. [Go to Cloud Run](https://console.cloud.google.com/run)\n\n2. Click the service you are interested in to open the **Service details** page.\n\n3. Click the **Revisions** tab and select the desired revision.\n\n4. In the details panel at the right, click the **Security** tab.\n\n5. Locate the **Security insights** section. This\n section shows the current vulnerability rating and other related details for\n the selected revision. For more information about these details, see the section\n [Understanding security insights](#understand-insights)\n\nUnderstanding security insights\n-------------------------------\n\nThe **Security insights** section displays the following information:\n\n- Supply-chain Levels for Software Artifacts (SLSA) level: Identifies the maturity level of your software build process in accordance with the SLSA specification. You can find more details at the [SLSA](https://slsa.dev/spec/v1.0/levels) website.\n- Vulnerabilities: An overview of any vulnerabilities found in your artifacts, and the name of the image that Artifact Analysis has scanned. You can click the image name to view vulnerability details.\n- Build details: Details of the build such as the builder and the link to view logs.\n- Build provenance: [Provenance](/software-supply-chain-security/docs/safeguard-builds#provenance) for the build.\n\nWhat's next\n-----------\n\n- For higher SLSA levels, consider setting up [continuous deployment](/run/docs/continuous-deployment-with-cloud-build).\n- For an example that deploys a Cloud Run service and leads you through the security insights for that service, see the [software supply chain security quickstart](/software-supply-chain-security/docs/quickstarts/deploy-run-view-security-insights)."]]
