This page describes how to view the software supply chain security insights for a selected Cloud Run revision, and provides brief details to help you understand what this information reveals about the security posture of the revision.
To learn how you can use Cloud Run with other Google Cloud products and features to improve the security posture of your software supply chain, see Software supply chain security.
Before you begin
You must enable Container Scanning API for container scanning.
Enable the Container Scanning API
Required permissions
To view security insights, you need the following roles:
- Artifact Analysis Occurrences Viewer
- Cloud Run Viewer
View security insights
Click the service you are interested in to open the Service details page.
Click the Revisions tab and select the desired revision.
In the details panel at the right, click the Security tab.
Locate the Security insights section. This section shows the current vulnerability rating and other related details for the selected revision. For more information about these details, see the section Understanding security insights
Understanding security insights
The Security insights section displays the following information:
- Supply-chain Levels for Software Artifacts (SLSA) level: Identifies the maturity level of your software build process in accordance with the SLSA specification. You can find more details at the SLSA website.
- Vulnerabilities: An overview of any vulnerabilities found in your artifacts, and the name of the image that Artifact Analysis has scanned. You can click the image name to view vulnerability details.
- Build details: Details of the build such as the builder and the link to view logs.
- Build provenance: Provenance for the build.
What's next
- For higher SLSA levels, consider setting up continuous deployment.
- For an example that deploys a Cloud Run service and leads you through the security insights for that service, see the software supply chain security quickstart.