Enable Automatic Runtime Security Updates

01 Sign in to the Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to examine from the console top navigation bar.

03 Navigate to Cloud Run console available at https://console.cloud.google.com/run/.

04 Select the SERVICES tab to view the Cloud Run services deployed for the selected GCP project.

05 Click on the name (link) of the service that you want to examine, listed in the Name column.

06 Select the SOURCE tab, choose EDIT SOURCE, and click on the Edit runtime and security updates button (pencil icon). The panel with the service runtime settings opens.

07 In the Automatic runtime security updates section, check the Enable automatic runtime security updates setting checkbox to determine if automatic runtime security updates are enabled for the selected resource. If the setting checkbox is unchecked, automatic runtime security updates are currently disabled for the selected Cloud Run service.

08 Repeat steps no. 5 - 7 for each Cloud Run service created for the selected GCP project.

09 Repeat steps no. 2 - 8 for each project deployed within your Google Cloud account.

01 Run projects list command (Windows/macOS/Linux) with custom output filters to list the ID of each project available in your Google Cloud Platform (GCP) account:

gcloud projects list
	--format="value(projectId)"

02 The command output should return the requested GCP project ID(s):

cc-bigdata-project-123123
cc-iot-app-project-112233

03 Run services list command (Windows/macOS/Linux) with the ID of the GCP project that you want to examine as the identifier parameter and custom output filters to describe the name and the region of each Cloud Run service deployed within the selected project:

gcloud run services list
	--project cc-bigdata-project-123123
	--format="(NAME,REGION)"

04 The command output should return the requested service names and the associated regions:

NAME: cc-project5-service
REGION: us-central1

NAME: tm-stream-service
REGION: us-central1

NAME: tm-vertex-service
REGION: us-central1

05 Run services describe command (Windows/macOS/Linux) with the name of the Cloud Run service that you want to examine as the identifier parameter, to determine if automatic runtime security updates are enabled for the selected service:

gcloud run services describe cc-project5-service
	--region=us-central1
	--format="value(metadata.annotations.'run.googleapis.com/build-enable-automatic-updates')"

06 The command output should return the feature status (true for enabled, false for disabled):

false

07 Repeat steps no. 5 and 6 for each Cloud Run service created for the selected GCP project.

08 Repeat steps no. 3 – 8 for each GCP project deployed in your Google Cloud account.

01 Sign in to the Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to access from the console top navigation bar.

03 Navigate to Cloud Run console available at https://console.cloud.google.com/run/.

04 Select the SERVICES tab to access the Cloud Run services deployed for the selected GCP project.

05 Click on the name (link) of the service that you want to configure, listed in the Name column.

06 Select the SOURCE tab, choose EDIT SOURCE, and click on the Edit runtime and security updates button (pencil icon). The panel with the service runtime settings opens.

07 In the Automatic runtime security updates section, check the Enable automatic runtime security updates checkbox to enable automatic runtime security updates for the selected Cloud Run service. Choose SAVE to apply the changes.

08 Back to the SOURCE page, choose SAVE AND REDEPLOY to enable the feature and deploy a new revision of the service.

09 Repeat steps no. 5 - 8 for each Cloud Run service that you want to configure, available within the selected project.

10 Repeat steps no. 2 – 9 for each project deployed in your Google Cloud account.

01 RRun beta run deploy command (Windows/macOS/Linux) with the name of the Cloud Run service that you want to configure as the identifier parameter, to enable automatic runtime security updates and deploy a new revision of the selected service. Include the --automatic-updates parameter in the command request to enable the feature:

gcloud beta run deploy cc-project5-service
	--region=us-central1
	--source "gs://run-sources-cc-bigdata-project-123123-us-central1/services/cc-project5-service/1234567890.123123.zip"
	--base-image nodejs20
	--automatic-updates

02 The command output should return the build information available for the redeployed service:

Building using Buildpacks and deploying container to Cloud Run service [cc-project5-service] in project [cc-bigdata-project-123123] region [us-central1]
OK Building and deploying... Done.
	OK Uploading sources...
	OK Building Container...
	Logs are available at [https://console.cloud.google.com/cloud-build/builds...].
	OK Creating Revision...
Done.
Service [cc-project5-service] revision [cc-project5-service-00003-abc] has been deployed and is serving 100 percent of traffic.

03 Repeat steps no. 1 and 2 for each Cloud Run service that you want to configure, available in the selected project.

04 Repeat steps no. 1 – 3 for each GCP project deployed in your Google Cloud account.