2025-08-04 –, Firenze
We scanned all of the Google-owned container images you might be using on the Artifact Registry for vulnerabilities and secrets. You probably won't like what we found.
The Artifact Registry is the go-to solution for hosting container images in GCP. It is widely adopted by customers for storing and managing images, but Google itself uses it for hosting and managing many container images as well. The images managed by Google can be split into three categories: Public Images offered by Google for its users' convenience, images by third-party companies vetted and uploaded by Google to the cloud marketplace, and Google production images used in actual GCP services. All three categories carry significant trust from Google to its users, raising the question - how secure are they, really? To find out, we decided to dive into some research and test any images we could find across these categories.
Some of these Google-managed images are not documented or meant for public use, despite having read permissions for all GCP users - making their discovery complex. We were able to utilize and develop several techniques for discovering and scanning these images for security issues, which enabled us to find and scan thousands of images. Google claims in its documentation that it vets and checks the container images for vulnerabilities, but the results show otherwise. Many actively maintained images across all three categories contained outdated software with critical vulnerabilities, including some of the most infamous and exploited in the wild. In addition to the vulnerabilities, we discovered plain-text secrets and credentials to key services, cloud providers, and APIs.
In this talk, we will explore some of the questions these issues raise while walking the audience through our process of revealing and analyzing the images: What is the severity of the issues we found, and what is the actual risk they pose to GCP users? Is it Google's responsibility to ensure the safety of the products in its marketplace? We will conclude by equipping GCP users with best practices to protect themselves and mitigate these issues in their environment.
Lenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.
Moshe is a Senior Security Researcher specializing in cloud vulnerability research at Tenable Cloud Security. With nearly a decade of experience in cybersecurity, Moshe has developed a strong focus on network and operational security, web vulnerability research, and cloud infrastructure security.