Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

GCP Function Runtime Version

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: High (not acceptable risk)

Ensure that you always use the latest version of the language runtime for your Google Cloud functions in order to adhere to Google Cloud best practices and receive the newest software features and capabilities.

Security
Reliability
Operational
excellence
Cost
optimisation
Sustainability

Using the latest version of the language runtime for Google Cloud functions is crucial for security, performance, and access to the latest features and libraries. It ensures that your functions benefit from bug fixes, optimizations, and improved compatibility with other services. Staying up-to-date minimizes vulnerabilities and keeps your serverless applications running smoothly and efficiently.

Audit

To determine if your Google Cloud functions are configured to use the latest version of the language runtime, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Select the GCP project that you want to examine from the console top navigation bar.

03 Navigate to Google Cloud Functions console available at https://console.cloud.google.com/functions/.

04 Click on the name (link) of the Google Cloud functions that you want to examine, listed in the Name column.

05 Select the SOURCE tab to access the language runtime details available for the selected cluster.

06 Check the Runtime attribute value to determine language runtime version configured for the selected function. Compare the language runtime version available for your function with the updated list of language runtimes supported by Google Cloud Functions. If the Runtime attribute is not configured to use the latest language runtime version supported by Google Cloud, the selected function is using an outdated and/or decommissioned runtime.

07 Repeat steps no. 4 – 6 for each Google Cloud function created for the selected GCP project.

08 Repeat steps no. 2 – 7 for each project deployed within your Google Cloud account.

Using GCP CLI

01 Run projects list command (Windows/macOS/Linux) with custom query filters to list the ID of each project available in your Google Cloud Platform (GCP) account: 

gcloud projects list
  --format="table(projectId)"

02 The command output should return the requested GCP project ID(s): 

PROJECT_ID
cc-bigdata-project-123123
cc-iot-app-project-112233

03 Run functions list command (Windows/macOS/Linux) using the ID of the GCP project that you want to examine as the identifier parameter and custom query filters to describe the name and the region of each Google Cloud function deployed within the selected project: 

gcloud functions list 
  --project cc-bigdata-project-123123 
  --format="(NAME,REGION)"

04 The command output should return the requested function names and their regions: 

NAME                  REGION
cc-web-app-function   us-central1
cc-stream-function    us-central1

05 Run functions describe command (Windows/macOS/Linux) using the name of the Google Cloud function that you want to examine as the identifier parameter, to describe the language runtime ID available for the selected function: 

gcloud functions describe cc-web-app-function 
  --region=us-central1 
  --format="value(buildConfig.runtime)"

06 The command output should return the requested runtime ID: 

python39

Compare the runtime ID returned by the functions describe command output with the updated list of language runtime IDs supported by Google Cloud Functions. If the runtime ID returned by the command output is not associated with the latest language runtime version supported by Google Cloud, the selected function is using an outdated and/or decommissioned runtime.

07 Repeat steps no. 5 and 6 for each Google Cloud function created for the selected GCP project.

08 Repeat steps no. 3 – 7 for each GCP project deployed in your Google Cloud account.

Remediation / Resolution

To upgrade the language runtime version for your Google Cloud functions, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Select the GCP project that you want to access from the console top navigation bar.

03 Navigate to Google Cloud Functions console available at https://console.cloud.google.com/functions/.

04 Click on the name (link) of the Google Cloud functions that you want to configure, listed in the Name column.

05 Select the SOURCE tab to access the language runtime details available for the selected cluster.

06 Choose EDIT and select the latest version of the language runtime supported by Google Cloud Functions from the Runtime dropdown list.

07 Choose SAVE AND REDEPLOY to save the changes and redeploy your function.

08 Repeat steps no. 4 – 7 for each Google Cloud function that you want to configure, available for the selected GCP project.

09 Repeat steps no. 2 – 8 for each project deployed within your Google Cloud account.

Using GCP CLI

01 Run functions runtimes list command (Windows/macOS/Linux) to list the language runtimes supported by Google Cloud Functions: 

gcloud functions runtimes list 
  --region=us-central1 
  --format="value(NAME)"

02 The command output should return the list of supported language runtimes: 

dotnet3
dotnet6
go113
go116
go118
go119
go120
go121
java11
java17
nodejs10
nodejs12
nodejs14
nodejs16
nodejs18
nodejs20
php74
php81
php82
python37
python38
python39
python310
python311
ruby26
ruby27
ruby30
ruby32

03 Run functions deploy command (Windows/macOS/Linux) using the name of the Google Cloud function that you want to configure as the identifier parameter, to upgrade to the latest version of the language runtime supported by Google Cloud Functions. Use the --runtime command parameter to specify the latest language runtime version: 

gcloud functions deploy cc-web-app-function 
  --region=us-central1 
  --entry-point hello_http 
  --trigger-http 
  --runtime=python311 
  --format="value(buildConfig.runtime)"

04 The command output should return the new runtime ID: 

python311

05 Repeat steps no. 1 – 4 for each Google Cloud function that you want to configure, created for the selected GCP project.

06 Repeat steps no. 1 – 5 for each project deployed within your Google Cloud account.

References

Publication date Oct 24, 2023

Related Functions rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

GCP Function Runtime Version

Risk Level: High