google-cloud-platformgoogle-app-engine
Addressing OS vulnerability on GCP app engine
I used GCP's vulnerability scanner on artifact registry. This identified a number of vulnerabilities (153 in total). See image below
Of these 151 are identified as Package type "OS" and two are related to Python. The Python ones I am able to rectify. However, I am less clear of what needs to be done for the OS vulnerabilities identified. These all appear to be related to Ubuntu.
I am currently deployed on App Engine standard - should I be specifying somewhere a specific version of Ubuntu or the OS to resolve most of these?
Solution
With Google App Engine, you have some ability to update the OS.
- GAE Standard: More recent python versions will give you a more recent OS. See here: https://cloud.google.com/appengine/docs/standard/lifecycle/support-schedule#python
- GAE Flexible: Same but there is some ability to specify the ubuntu version. See here: https://cloud.google.com/appengine/docs/flexible/reference/app-yaml?tab=python
- GAE with custom runtime: I've never done this myself but you can use your own docker file so even more flexibility.