Analyzing Security Insights Using GCP Cloud Build

Building, testing, and deploying secure applications is essential for maintaining trust and reliability in software systems. Google Cloud Build offers a streamlined way to containerize applications and analyze their security with built-in tools like Security Insights. This blog provides a step-by-step guide to containerizing applications using Cloud Build, leveraging two repositories: the popular Juice Shop app and a Flask-based web application repository.

Step 1: Log in to Google Cloud Platform

Begin by logging into Google Cloud Platform (GCP) with the provided credentials. After logging in:

1. On the “Welcome to your new account” screen, review the text and click I understand.
2. On the “Welcome Cloud Student!” screen, select your country and agree to the terms of service.
3. Click AGREE AND CONTINUE to proceed.

Step 2: Enable Required Services

Activate the services necessary for building and scanning containers:

1. Search for Cloud Build in the top search bar and click ENABLE to activate it.
2. Search for and enable the Container Scanning API.
3. Launch the Cloud Shell by clicking the terminal icon (>_) in the top navigation bar, then click CONTINUE when prompted.

Step 3: Clone and Set Up Applications

In Cloud Shell, clone the repositories for both applications:

1. Clone the Flask-based web application repository:

   git clone https://github.com/pallets/flask.git
   

Set Up Juice Shop Application

Navigate to the Juice Shop directory and set it up:

cd flask/
npm install
npm start

Test the app to ensure it works as expected. Press CTRL+C to stop it before proceeding to containerization.

Set Up Flask Application

Navigate to the Flask directory and set it up:

cd flask/
pip install -e .

Test the Flask app by running the built-in development server:

flask --app flask run

Verify that the application runs successfully. Press CTRL+C to stop the app before proceeding.

Step 4: Build Container Images

For each application, use Cloud Build to create containerized images.

1. Flask App:

   cd flask/
   gcloud builds submit --tag gcr.io/${GOOGLE_CLOUD_PROJECT}/flaskapp .
   

When prompted, click AUTHORIZE for both builds. Monitor the progress of each build in the Cloud Build service and wait for them to finish.

Step 5: Analyze Security Insights

Once both builds are complete, analyze their security insights:

1. Go to Cloud Build and navigate to the BUILD ARTIFACTS tab for each build.
2. In the Security Insights column, click VIEW to examine vulnerabilities for each application.
3. For a detailed analysis of vulnerabilities:
   • Click the link for the application artifact under “Artifacts scanned.”
   • Click VIEW next to any listed vulnerability and expand the details with SHOW MORE INFO.
   • Use the provided CVE numbers to explore vulnerability details via external resources.

This guide demonstrates how to containerize and analyze the security of two different applications—Juice Shop and a Flask-based app—using Google Cloud Build. By following these steps, you gain valuable insights into potential vulnerabilities, enabling proactive resolution and secure deployments. Adopting such practices strengthens your development pipeline, ensuring robust and secure software delivery.