🔥 3-day streak
Professional Cloud Security Engineer5 / 152
Question 5 of 152
A financial services company runs a CI/CD pipeline that pushes container images to Artifact Registry. Security requires that any image with a CRITICAL OS-package vulnerability must never be promoted to the production GKE cluster, while HIGH and below can proceed with tracking. The team already uses Binary Authorization with an attestor. What is the most effective way to automatically enforce this severity-based gate before deployment?
Reviewed for accuracy · Report an issueNext question