All APIs
Container Analysis API logo

Container Analysis API

Container Analysis API

Upanalyticsby Google

Container Analysis API stores and queries container image metadata — vulnerability scan results (CVE), build provenance, signed attestations, compliance checks.

Visit site ↗Health checked 9h ago
Use it when

Native integration with Artifact Registry (auto-scan on push)

Watch for

Only scans known CVEs — no help for 0-days

First check

Enable Artifact Registry API + Container Analysis API. Pushed images to Artifact Registry are auto-scanned. GET /v1/projects/{project}/notes/{note} to fetch results.

Auth
CORS
No
HTTPS
Yes
Signup
?
Latency
41 ms
Protocol
REST
Pricing

Uptime · 30-day window

Probes: 1Uptime: 100%Avg latency: 41ms
01

About this API

Container Analysis is the core of GCP's container supply-chain security stack. Any image pushed to Artifact Registry is auto-scanned — analyzing base layer OS, installed packages, detecting known CVEs. Results are stored in Container Analysis "occurrences", queryable or pushable via Pub/Sub. This data integrates with CI/CD: CI calls the API before deploy to check "does this image have critical CVEs", failing if so. Combined with Binary Authorization, you can enforce stricter policies — only images signed by attestors (e.g. security-team attestation) can deploy to GKE. Core implementation for SLSA, SBOM, and other supply-chain security standards.

02

What you can build

  • 1CI/CD integration to block deploys on vulnerable images
  • 2Generate Software Bill of Materials (SBOM)
  • 3Pre-deploy signature verification via Binary Authorization
  • 4Compliance audit
03

Strengths & limitations

Strengths

  • Native integration with Artifact Registry (auto-scan on push)
  • Based on CVE databases (NVD + multiple commercial sources)
  • Combined with Binary Authorization for supply-chain security

Limitations

  • Only scans known CVEs — no help for 0-days
  • Coverage incomplete for low-code apps (e.g. some game engines)
04

Example request

Generic template — replace <endpoint> with the real path from the docs.
curl https://google.com/<endpoint>
05

Getting started

Enable Artifact Registry API + Container Analysis API. Pushed images to Artifact Registry are auto-scanned. GET /v1/projects/{project}/notes/{note} to fetch results.

06

FAQ

How long does scanning take?+

Small images: a few minutes. Complex images (hundreds of MB + many OS packages): 10-20 minutes.

What are the CVE data sources?+

NVD (public CVE database) + official security advisories from Distroless / Ubuntu / Debian / Alpine + some commercial sources.

07

Technical details

CORS: NoHTTPS: YesSignup: ?Open source: No
Auth type
unknown
Pricing
unknown
Protocols
REST
SDKs
python, javascript, go, java
Response time
41 ms
Last health check
5/12/2026, 7:37:30 AM
08

Tags

google-cloudcontainer-analysissecuritysbomcve
09

More from Google

View all from Google →
Admin SDK API

Google Workspace Admin SDK API programmatically manages Workspace organizations — users, groups, devices, domains, audit logs, organizational units.

AdMob API

Retrieve AdMob accounts, apps, ad units, ad sources, and generate mediation or network reports.

AdSense Host API

Work with AdSense Host accounts, ad clients, ad units, reports, and ad code generation from one API surface.

Apigee API

Programmatically manage Apigee organizations, API proxy deployments, attributes, certificates, and hybrid operations.

BigQuery API

Google BigQuery API is the REST interface to GCP's flagship data warehouse — execute SQL queries, manage datasets/tables, stream inserts, and use built-in ML.

Binary Authorization API

Control Binary Authorization attestors and policy checks for container images deployed to GKE and Anthos.

Business Profile Performance API

Fetch Business Profile location metrics, daily time series, and monthly search keyword impressions.

Calendar API

Google Calendar API lets apps create, read, and update calendar events programmatically — the go-to integration for scheduling apps.