Integrate Vulnetix CLI into Google Cloud Build for automated vulnerability scanning.
Add Vulnetix to Google Cloud Build
Create cloudbuild.yaml and run the Vulnetix CLI in your Google Cloud Build pipeline. It collects SARIF, CycloneDX and SPDX artifacts automatically and uploads them for centralised vulnerability management:
steps:
- name: 'golang:1.21'
entrypoint: 'bash'
args:
- '-c'
- |
go install github.com/vulnetix/cli@latest
vulnetix scan
vulnetix upload --file reports/results.sarif
secretEnv: ['VULNETIX_ORG_ID']
availableSecrets:
secretManager:
- versionName: projects/$PROJECT_ID/secrets/vulnetix-org-id/versions/latest
env: 'VULNETIX_ORG_ID'
Why run Vulnetix in Google Cloud Build?
Every scan from every job lands in one queue, deduplicated and prioritised with EPSS, CISA KEV and Coalition ESS exploit intelligence — so your Google Cloud Build pipeline gates merges on what is actually exploitable, not raw scanner noise.