nerdexam
Google

PROFESSIONAL-CLOUD-DEVELOPER · Question #340

Your team is developing a new application that is packaged as a container and stored in Artifact Registry. You are responsible for configuring the CI/CD pipelines that use Cloud Build. Containers may

The correct answer is A. Configure Artifact Registry to publish a message to a Pub/Sub topic when a new image is. Artifact Registry natively publishes Pub/Sub events whenever an image is pushed-regardless of whether the push came from a Cloud Build CI pipeline, a developer's local machine, or an emergency manual push. By configuring a Cloud Build trigger that subscribes to that Pub/Sub topic

Implementing CI/CD pipelines

Question

Your team is developing a new application that is packaged as a container and stored in Artifact Registry. You are responsible for configuring the CI/CD pipelines that use Cloud Build. Containers may be pushed manually as a local development effort or in an emergency. Every time a new container is pushed to Artifact Registry, you need to trigger another Cloud Build pipeline that executes a vulnerability scan. You want to implement this requirement using the least amount of effort. What should you do?

Options

  • AConfigure Artifact Registry to publish a message to a Pub/Sub topic when a new image is
  • BConfigure the Cloud Build CI pipeline that publishes the new image to send a message to a
  • CConfigure Artifact Registry to publish a message to a Pub/Sub topic when a new image is
  • DUse Cloud Scheduler to periodically check for new versions of the container in Artifact Registry

How the community answered

(53 responses)
  • A
    77% (41)
  • B
    4% (2)
  • C
    11% (6)
  • D
    8% (4)

Explanation

Artifact Registry natively publishes Pub/Sub events whenever an image is pushed-regardless of whether the push came from a Cloud Build CI pipeline, a developer's local machine, or an emergency manual push. By configuring a Cloud Build trigger that subscribes to that Pub/Sub topic, the vulnerability scan pipeline fires automatically for every push with zero extra code in any pipeline or manual process. This is the least-effort solution because it requires only two configuration steps (enable Pub/Sub notifications in Artifact Registry, create a Pub/Sub-triggered Cloud Build trigger). Option B only covers pushes from the automated CI pipeline, missing manual/emergency pushes. Option D (polling via Cloud Scheduler) is inefficient and introduces latency between push and scan.

Topics

#CI/CD#Cloud Build#Artifact Registry#Pub/Sub

Community Discussion

No community discussion yet for this question.

Full PROFESSIONAL-CLOUD-DEVELOPER Practice