This Google Cloud Platform security best practice is part of the DevSecOps and CI/CD security domain.
Customers can create and manage alerting policies with Stackdriver Monitoring (using the console or the Stackdriver Monitoring API). Also export logs to SIEMs and detect any threats or anomalies.
Automated code analysis tools with specific components for monitoring for security issues shall be used.
Customer can integrate with GCP → Security Command Center, Google App Engine → Cloud Security Scanner and Google Kubernetes Engine → Container Registry Scanning.
Container Registry scans for vulnerabilities and identifies package vulnerabilities for your container images. This page describes how you can view the vulnerabilities using Google Cloud Platform Console, the gcloud command-line tool, and Container Analysis API.
Cloud Security Command Center integrates with Google Cloud Platform security tools like Cloud Security Scanner, the Cloud Data Loss Prevention (DLP) API, and third-party security solutions from Cloudflare, CrowdStrike, Dome9, Palo Alto Networks, Qualys, and RedLock.