Cyscale
Back to controls

Ensure container images do not contain exploitable vulnerabilities

### Overview

Category

Controls

Medium

Applies to

Google Cloud

Coverage

null controls, 1 queries

Asset types

1 covered

Overview

Overview

Container images that carry exploitable vulnerabilities create software supply-chain risk before the workload is even deployed. Reviewing vulnerable images directly helps platform teams block unsafe artifacts earlier in the release path and clean up registries that keep known-bad images available.

Remediation guidance

Review the affected image versions, rebuild them on patched base images, update vulnerable packages, and republish the fixed digests. Remove or quarantine deprecated image tags so downstream workloads cannot keep pulling known-vulnerable artifacts.

Query logic

These are the stored checks tied to this control.

GCP container images with exploitable high or critical vulnerabilities

Connectors

Google Cloud

Covered asset types

Image

Expected check: eq []

{ ContainerImagesWithExploitableVulnerabilities { ...AssetFragment } }
Cyscale Logo
Cyscale is an agentless cloud-native application protection platform (CNAPP) that automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

Stay connected

Receive new blog posts and product updates from Cyscale

By clicking Subscribe, I agree to Cyscale’s Privacy Policy

© 2026 Cyscale Limited

© 2026 Cyscale Limited

Terms of useSecurity PolicyPrivacy PolicyStatusSitemap
Terms of useSecurity PolicyPrivacy Policy
StatusSitemap
LinkedIn icon
Twitter icon
Facebook icon
crunch base icon
angel icon