@kentphelps Hi Kent , Hope you are well.
After resolving the findings, it should go inactive, but its still showing in active state
After clicking that active vulnerability, it shows (“resource not found “) that confirms it has removed, but in dashboard findings count it still remains same.
So is this expected ? We already waited 30 days for those findings to go inactive/or deleted
I am running into the same issue…
I had a vulnerability finding in one of my GKE containers so I updated the affected dependency, built and published a new image to artifact registry and updated my deployment on GKE to that new image and yet the finding is still active within SCC. What’s really odd is that the finding in question is still in reference to my older, unpatched image tag (finding field: kubernetes.objects.elem.containers.elem.uri), despite that version not being deployed in GKE anymore.
My question is, why won’t this finding go away if the issue is resolved ?
For reference, this is the finding in question (minus sensitive and irrelevant fields):
{
"finding": {
"name": "organizations/REDACTED/sources/REDACTED/locations/global/findings/REDACTED",
"parent": "organizations/REDACTED/sources/REDACTED/locations/global",
"resourceName": "//container.googleapis.com/projects/PROJECT_NAME/locations/europe-west1/clusters/foc-k8s",
"state": "ACTIVE",
"category": "OS_VULNERABILITY",
"eventTime": "2025-09-04T06:40:45.172Z",
"createTime": "2025-09-04T06:50:28.128Z",
"severity": "HIGH",
"canonicalName": "projects/PROJECT_ID/sources/REDACTED/locations/global/findings/REDACTED",
"mute": "UNDEFINED",
"findingClass": "VULNERABILITY",
"muteUpdateTime": "1970-01-01T00:00:00Z",
"muteInitiator": "",
"muteInfo": {
"staticMute": {
"state": "UNDEFINED",
"applyTime": "1970-01-01T00:00:00Z"
},
"dynamicMuteRecords": []
},
"kubernetes": {
"pods": [],
"nodes": [],
"nodePools": [],
"roles": [],
"bindings": [],
"accessReviews": [],
"objects": [
{
"group": "",
"kind": "Deployment",
"ns": "default",
"name": "SERVICE_NAME",
"containers": [
{
"name": "SERVICE_NAME",
"uri": "europe-west1-docker.pkg.dev/PROJECT_NAME/internal/SERVICE_NAME:v5.6.0",
"imageId": "europe-west1-docker.pkg.dev/PROJECT_NAME/internal/SERVICE_NAME@sha256:REDACTED",
"labels": [],
"createTime": "1970-01-01T00:00:00Z"
}
]
}
]
},
"parentDisplayName": "Vulnerability Assessment",
"moduleName": "",
"vulnerability": {
"cve": {
"id": "REDACTED"
}
},
"files": [
{
"path": "var/lib/dpkg/status",
"size": "0",
"sha256": "",
"hashedSize": "0",
"partiallyHashed": false,
"contents": "",
"diskPath": {
"partitionUuid": "",
"relativePath": ""
},
"operations": []
}
],
"deactivationReason": {
"reason": "REASON_UNSPECIFIED"
},
"domains": [
{
"category": "VULNERABILITY"
}
],
"affectedResources": {
"count": "0"
},
"caiResource": "//container.googleapis.com/projects/PROJECT_NAME/locations/europe-west1/clusters/foc-k8s",
"remediationDetails": {
"remediationIntent": "",
"repositoryUri": "",
"pullRequestUri": "",
"remediationExplanation": "",
"remediationState": "REMEDIATION_STATE_UNSPECIFIED",
"remediationError": "",
"prGenerationTime": "1970-01-01T00:00:00Z",
"owner": ""
}
},
"resource": {
"name": "//container.googleapis.com/projects/PROJECT_NAME/locations/europe-west1/clusters/foc-k8s",
"displayName": "foc-k8s",
"type": "google.container.Cluster",
"cloudProvider": "GOOGLE_CLOUD_PLATFORM",
"service": "container.googleapis.com",
"location": "europe-west1",
"gcpMetadata": {
"project": "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID",
"projectDisplayName": "PROJECT_NAME",
"parent": "//cloudresourcemanager.googleapis.com/projects/PROJECT_ID",
"parentDisplayName": "PROJECT_NAME",
"folders": [],
"organization": "organizations/REDACTED"
},
"resourcePathString": "organizations/REDACTED/projects/PROJECT_ID"
}
}
My fixed image tag is 5.6.1 but as you can see it’s still referencing 5.6.0 despite that container not existing for almost a whole day.
