Disable Vulnerability Scanning

[dims]

Just got a nice note from the friendly GCP folks:

[Action Required] Free Container Scanning ends May 19, 2021; Normal billing begins July 1, 2021

I was able to click on disable for k8s-artifacts-prod, but looks like we need to do this across the board automatically.

[dims]

cc @thockin @spiffxp

[spiffxp]

/assign

[ameukam]

/assign @thockin

[spiffxp]

Are we concerned the costs are really going to be that outsized? tl;dr it looks like ~2.5% of spend as currently deployed

• Pricing is $0.26 per scanned image https://cloud.google.com/container-analysis/pricing
• Looking at the billing report, I believe the dollars spent there are representative of what we would pay, they're just being covered with gratis GCP credits instead of our own. So, ballpark numbers:
  • April: 148K total, 3.7K vuln scanning (2.5%) (2K of which was k8s-staging-ci-images (54%))
  • YTD: 584K total, 16K vuln scanning (2.7%) (10K of which was k8s-staging-ci-images (62%))
  • Last Year: 700K total, 11K vuln scanning (1.5%) (3K of which was k8s-staging-ci-images (27%), 0.6K of which was k8s-artifacts-prod (5%)

Regardless, I'm interested in pruning services that shouldn't be enabled anyway, so I'm using this as a reason to push more on that work.

WIP PR is here: #2016