Skip to main content

Hello Guys, 
I am able to see many container image vulnerabilities in our environment. The occurrences are from artifact registry.

We have fixed from 156 vulnerabilities to 22 and deleted the older digests as well.

But in Risk overview -> Findings -> I am still able to see the older digests vulnerabilities that have already been fixed. When I click them it shows not found (That confirms it was deleted) but in findings tab it still retains the count.

Why doesn't the count gets refreshed? 
We have tried manual artifact image scanning using Gcloud artifact scanner and also tried pushing the image again for refreshing still its not working. 


Any solution ?

Please take a look at the Data Retention section of the following to see if can explain the behavior you are seeing: https://cloud.google.com/security-command-center/docs/concepts-data-security-overview

@kentphelps Hi Kent , Hope you are well.
After resolving the findings, it should go inactive, but its still showing in active state 

After clicking that active vulnerability, it shows (“resource not found “) that confirms it has removed, but in dashboard findings count it still remains same.

So is this expected ? We already waited 30 days for those findings to go inactive/or deleted

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.