Google Cloud launches container security tool and more at Tokyo jamboree
Google has rolled out a series of cloudy updates in time for its Cloud Next Tokyo event – around container security, in-memory data, and artificial intelligence (AI).
Container Registry vulnerability scanning, launched in beta, looks to prevent the deployment of vulnerable images by automatically detecting known security vulnerabilities during the continuous integration and delivery (CI/CD) processes.
Regular readers of this publication will certainly be aware of the importance of security in containerisation and DevOps. Indeed, back in June this publication wrote about the various pieces of research around unsecured consoles and dashboards, with companies including Tesla and Weight Watchers affected.
This is where Google wants to shore things up (below). All container images built using its fully managed CI/CD platform, Cloud Build, will now be automatically scanned for OS package vulnerabilities. What’s more, vulnerability scanning will also be integrated with Binary Authorization, which ensures only trusted container images can be deployed without the need for manual intervention.
“When we set out to build vulnerability scanning for container images, we started from the premise that security needs to be built into CI/CD from the very beginning, to cut down on time spent remediating downstream security issues, and to reduce risk exposure,” Google wrote in a blog announcing the launch. “Furthermore, security controls need to happen atuomatically, not as part of some manual, ad-hoc process.
“The system must be able to automatically block vulnerable images based on policies set by the DevSecOps team,” the blog adds. “In other words, CI/CD security needs to be comprehensive, from scanning images, to enforcing validation, as part of every CI/CD pipeline.”
Cloud Memorystore for Redis, made generally available with these updates, is based on the open source Redis database and automates tasks such as provisioning, scaling, failover and monitoring. New regions which support the service are Tokyo – as one would expect – Singapore and the Netherlands, taking the total number of supported regions to eight.
The AI-focused announcement was specific to Japan; Google said that it was offering two courses, the Machine Learning with TensorFlow on Google Cloud Platform specialisation, and the Associate Cloud Engineer certification, in Japanese. A new Advanced Solutions Lab (ASL) is also being launched in Tokyo. “In the coming months, the ASL will offer an immersive training experience so that Japanese businesses can learn directly from Google Cloud ML engineers in a classroom setting,” the company wrote. “With this training, businesses can build the skills they need to create and deploy machine learning at scale, using the full power of Google Cloud.”
Another new feature is around more effective code search. Cloud Source Repositories, whose revamped product is now available in beta, is aimed around privately hosting, tracking, and managing changes to large codebases on Google Cloud Platform. The code search capabilities are based on document indexing and retrieval techniques used on Google Search.
The company is in the midst of its Next world tour – with London on the agenda in October.