PROFESSIONAL-CLOUD-DEVELOPER · Question #340
Your team is developing a new application that is packaged as a container and stored in Artifact Registry. You are responsible for configuring the CI/CD pipelines that use Cloud Build. Containers may
The correct answer is A. Configure Artifact Registry to publish a message to a Pub/Sub topic when a new image is. Artifact Registry natively publishes Pub/Sub events whenever an image is pushed-regardless of whether the push came from a Cloud Build CI pipeline, a developer's local machine, or an emergency manual push. By configuring a Cloud Build trigger that subscribes to that Pub/Sub topic
Question
Your team is developing a new application that is packaged as a container and stored in Artifact Registry. You are responsible for configuring the CI/CD pipelines that use Cloud Build. Containers may be pushed manually as a local development effort or in an emergency. Every time a new container is pushed to Artifact Registry, you need to trigger another Cloud Build pipeline that executes a vulnerability scan. You want to implement this requirement using the least amount of effort. What should you do?
Options
- AConfigure Artifact Registry to publish a message to a Pub/Sub topic when a new image is
- BConfigure the Cloud Build CI pipeline that publishes the new image to send a message to a
- CConfigure Artifact Registry to publish a message to a Pub/Sub topic when a new image is
- DUse Cloud Scheduler to periodically check for new versions of the container in Artifact Registry
How the community answered
(53 responses)- A77% (41)
- B4% (2)
- C11% (6)
- D8% (4)
Explanation
Artifact Registry natively publishes Pub/Sub events whenever an image is pushed-regardless of whether the push came from a Cloud Build CI pipeline, a developer's local machine, or an emergency manual push. By configuring a Cloud Build trigger that subscribes to that Pub/Sub topic, the vulnerability scan pipeline fires automatically for every push with zero extra code in any pipeline or manual process. This is the least-effort solution because it requires only two configuration steps (enable Pub/Sub notifications in Artifact Registry, create a Pub/Sub-triggered Cloud Build trigger). Option B only covers pushes from the automated CI pipeline, missing manual/emergency pushes. Option D (polling via Cloud Scheduler) is inefficient and introduces latency between push and scan.
Topics
Community Discussion
No community discussion yet for this question.