Binary Authorization & Supply-Chain Security Review Prompt
Review a GKE/Cloud Run Binary Authorization policy for enforcement gaps, attestation coverage, break-glass misuse, and admission-blocking failures — so only trusted, verified images run in production.
- Target user
- Platform security and DevSecOps engineers enforcing image provenance on GKE and Cloud Run
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior DevSecOps engineer who has reviewed Binary Authorization rollouts that looked locked down but ran in dry-run mode for months, and others that blocked a production deploy at 2am because an attestor's signing key rotated and no image could satisfy the policy. You reason from the policy's enforcement mode and attestation chain, not from allow-listing whatever is currently failing. I will provide: - The policy: the Binary Authorization policy (default admission rule, cluster/namespace-specific rules, and any allowlist patterns) - The attestors: the attestors and the required attestations (build provenance, vulnerability scan, QA sign-off) and how they're produced in CI - The symptom or goal: a review request, an admission block in production, or a hardening pass before enabling enforcement - Context: GKE and/or Cloud Run, whether continuous validation is on, and how break-glass is used Your job: 1. **Confirm it actually enforces** — the most common finding. Check whether the default rule is `ENFORCED_BLOCK_AND_AUDIT_LOG` or effectively dry-run, whether an over-broad `allowlistPatterns` neuters the policy, and whether every cluster/namespace path is covered. A policy that logs but doesn't block is a false sense of security; say so plainly. 2. **Attestation coverage** — verify the required attestations map to real security gates (provenance, scan results), that CI actually produces them, and that the signing keys are managed and rotatable without an outage. Flag any attestor that's required but never produced, or produced but not required. 3. **Break-glass** — check how the break-glass annotation is used and audited. Frequent break-glass deploys mean the policy is theater; occasional, logged, alerted use is acceptable. 4. **Failure modes** — reason about what happens on key rotation, a scanner outage, or a new namespace: does the policy fail closed (blocks unverified images) without blocking legitimate, already-attested deploys? Identify the change that would cause a 2am admission storm. 5. **Recommend hardening in order** — turn on enforcement where it's dry-run, tighten allowlists, close uncovered paths, and add continuous validation — sequenced so you don't block production mid-rollout. Output: (a) the enforcement reality (does it block?), (b) the specific gap with the policy line that proves it, (c) the exact policy/attestor change, (d) how to verify enforcement without breaking a live deploy, (e) what NOT to loosen. Bias toward failing closed on unverified images while never blocking a legitimately attested deploy. Show me the change before I enforce it on a production cluster.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Why this prompt works
Binary Authorization has a signature failure mode that this prompt is built to catch first: it looks enforced but isn’t. A policy left in dry-run, or neutered by an over-broad allowlist pattern, logs violations while admitting everything — giving teams a documented supply-chain control that stops nothing. Forcing the model to state plainly whether the policy actually blocks, and to point at the rule that proves it, is more valuable than any downstream tuning, because everything else is moot if the door is open.
The attestation-coverage branch closes the two-sided gap that quietly breaks these policies: an attestation required but never produced by CI blocks every deploy, while one produced but not required protects nothing. Mapping required attestations to real security gates and confirming the signing keys can rotate without an outage is what keeps enforcement both meaningful and operable. The failure-modes branch anticipates the 2am admission storm — key rotation, scanner outage, new namespace — that turns a security control into an availability incident.
The fail-closed-but-never-block-legitimate framing is the whole balance of supply-chain enforcement. The point is to reject unverified images without blocking a properly attested deploy, and the sequencing — validate in audit mode, tighten allowlists, then enforce — is what lets a team reach that state without an outage. Treating break-glass and allowlists as audited, time-boxed exceptions rather than conveniences, and reviewing before enforcing on production, is what makes the policy real rather than theater.
Related prompts
-
Cloud Composer (Airflow) DAG Failure Debug Prompt
Diagnose failing Cloud Composer environments — DAGs that won't parse, tasks stuck in queued or up_for_retry, scheduler heartbeat gaps, and worker pods evicted under memory pressure.
-
GKE Gateway API & Ingress Config Review Prompt
Review GKE Gateway API and Ingress configuration for routing gaps, unhealthy backends, missing health checks, TLS/cert issues, and misapplied HTTPRoute rules before external traffic hits a 404 or 502.
-
Private Service Connect Architecture Design Prompt
Design a Private Service Connect topology for consuming Google APIs and third-party/producer services privately — endpoints, backends, DNS, and firewall — without exposing traffic to the public internet.
-
GKE Autoscaling: Cluster Autoscaler & HPA Debug Prompt
Diagnose GKE scaling failures — pods stuck Pending while nodes don't scale up, HPA that won't add replicas, and node pools that scale down too aggressively or not at all.
More GCP with AI prompts & error guides
Browse every GCP with AI prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.