Enable and use Notebook Security Scanner

You can enable and use Notebook Security Scanner to detect vulnerabilities in Python packages that are used in Colab Enterprise notebooks (files with the ipynb filename extension) and resolve those package vulnerability findings.

After you enable Notebook Security Scanner, it scans Colab Enterprise notebooks once in every 24 hours and publishes the package vulnerability findings to the Security Command Center Findings page.

You can use Notebook Security Scanner for Colab Enterprise notebooks that are created in the following regions: us-central1, us-east4, us-west1, and europe-west4.

Enable Notebook Security Scanner

You can enable Notebook Security Scanner at the organization level or project level.

The way you enable Notebook Security Scanner depends on whether Security Command Center needs to be activated for your organization or project, or on the Security Command Center tier that is activated for your organization or project. Depending on your use case, follow the instructions in the appropriate section:

New activation Premium tier

If your organization doesn't have Security Command Center, then activate Security Command Center Premium tier for your organization or project, and enable Notebook Security Scanner.

  1. In the Google Cloud console, go to the Security Command Center page.

    Go to Security Command Center

  2. In the resource selector, select your organization or project.
  3. Click Get Security Command Center.
  4. Select the Premium tier, and click Next.
  5. For Notebook Security Scanner, select Enable from the list, and click Next.
  6. Select Grant roles automatically, and then click Grant roles.
  7. After the service account is provisioned, click Next.
  8. To complete the activation process, click Finish.

New activation Enterprise tier

If your organization doesn't have Security Command Center, then activate Security Command Center Enterprise tier for your organization, and enable Notebook Security Scanner.

Existing Premium or Enterprise tier

If the Security Command Center Premium or Enterprise tier is activated for your organization or project, then enable Notebook Security Scanner.

  1. In the Google Cloud console, go to the Security Command Center page.

    Go to Security Command Center

  2. Click Settings.
  3. In the Notebook Security Scanner card, click Manage settings.
  4. For your project, select Enable from the Notebook Security Scanner column.

Review and resolve package vulnerability findings

After you enable Notebook Security Scanner, Notebook Security Scanner scans the Colab Enterprise notebooks (files with the ipynb filename extension) in your project or organization every 24 hours to detect vulnerabilities in Python packages and publishes these findings to the Security Command Center Findings page. For a newly created Colab Enterprise notebook, the package vulnerability findings might take a maximum of four hours to appear in the Security Command Center Findings page.

To review package vulnerability findings in Security Command Center, follow these steps:

  1. In the Google Cloud console, go to the Security Command Center Findings page.

    Go to Findings

  2. In the resource selector, select your organization or project.

  3. In the Quick filters section, go to the Source display name subsection, and then select Notebook Security Scanner.

    The Findings query results panel shows only the package vulnerability findings of Notebook Security Scanner.

  4. To view details of a specific finding, click the finding name in the Category column. The finding details panel expands to display a summary of the finding details.

  5. To resolve a package vulnerability finding, follow the steps mentioned in the Next steps section of the finding.

    In some cases, a fix for a package vulnerability might not be available. In such cases, we recommend that you use alternative Python packages.

What's next