Container platforms within Google Cloud can make use of the Binary Authorization Policy, which would set software-level supply chain security for container images being used. This can help protect environments by reducing the risk of using unauthorized or vulnerable/malicious software. As with many policies, there is a default rule which can be configured with several different evaluation modes. It is best practice to ensure that the default is not set to 'always allow'. To learn more, see the GCP documentation.
References:
https://cloud.google.com/binary-authorization/docs/overview
In GCP Console -
In Terraform -
References:
https://cloud.google.com/binary-authorization/docs/setting-up
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/binary_authorization_policy#evaluation_mode