Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Minimize Container Registries To Only Approved Ones” for GCP using GCP console, please follow the below steps:
- Login to the GCP console (https://console.cloud.google.com/).
- Navigate to the Container Registry page by clicking on “Navigation menu > Container Registry”.
- Click on the Registry that you want to modify.
- Click on the “Permissions” tab.
- Click on the “Add Member” button.
- In the “New members” field, enter the email address of the user or group that you want to grant permissions to.
- In the “Select a role” field, choose the appropriate role that you want to grant to the user or group. For example, you can choose “Storage Object Viewer” to allow users to view the images in the registry.
- Click on the “Add” button to add the user or group to the registry with the selected role.
Using CLI
Using CLI
To remediate the misconfiguration “Minimize Container Registries To Only Approved Ones” in GCP using GCP CLI, you can follow the below steps:
-
Open the terminal and authenticate into your GCP account using the following command:
-
Once you are authenticated, set the project where the container registry is located using the following command:
-
Now, list all the container registries in the project using the following command:
- Identify the container registries that are not approved and need to be minimized.
-
Delete the unwanted container registry using the following command:
Replace
[IMAGE_NAME]with the name of the container image that you want to delete. - Repeat the above step for all the unwanted container registries.
-
Once you have deleted all the unwanted container registries, verify that only approved container registries are present using the following command:
This will list all the container registries present in the project.
Using Python
Using Python
To remediate the misconfiguration “Minimize Container Registries To Only Approved Ones” in GCP using Python, you can follow the below steps:
- First, you need to get the list of all the container registries in your GCP project using the Google Cloud SDK and Python. You can use the following command to get the list of container registries:
- Next, you need to create a list of approved container registries that are allowed in your GCP project.
- Then, you can loop through the list of container registries and check if each registry is in the approved list or not. If it is not in the approved list, then you can delete that container registry using the following command:
- You can write a Python script to automate this process. Here is an example script:
- You can run this script periodically to ensure that only approved container registries are present in your GCP project.