{"results":[{"id":"ar-access-scopes-can-restrict-beyond-iam","text":"Compute Engine VM access scopes can further restrict Artifact Registry access beyond IAM roles — the default `read-only` scope blocks writes even if the SA has Writer role; `cloud-platform` scope is needed for push.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"ar-cloud-build-default-read-write","text":"Cloud Build's default service account has read/write access to Artifact Registry.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"ar-cmek-encryption-supported","text":"Artifact Registry supports CMEK encryption via Cloud KMS (Google-managed encryption by default), and organization policy can enforce CMEK.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"ar-default-compute-sa-read-only","text":"Compute Engine, GKE, and Cloud Run default service accounts get read-only access to Artifact Registry by default.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"ar-orgs-after-may-2024-no-auto-editor","text":"Organizations created after May 3, 2024 enforce `iam.automaticIamGrantsForDefaultServiceAccounts` by default, preventing automatic Editor role grants to default service accounts.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudbuild-both-pool-types-scale-to-zero","text":"Both Cloud Build default and private pools are fully managed, pay-per-build-minute, and auto-scale to zero.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudbuild-default-machine-e2-standard-2","text":"Cloud Build default machine type is `E2_STANDARD_2` (2 CPUs); max disk size is 4000 GB.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudbuild-default-pool-max-concurrency-30","text":"Cloud Build default pool max concurrency is 30; private pool supports 100+.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudbuild-default-timeout-60min-max-24h","text":"Cloud Build default build timeout is 60 minutes; maximum is 24 hours (format: duration with `s` suffix).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudbuild-global-region-default-pool-only","text":"Cloud Build `global` region uses default pools; specifying a specific region requires a private pool in that region.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudbuild-logs-default-both-logging-and-gcs","text":"Cloud Build logs go to both Cloud Logging and Cloud Storage by default; `logging: GCS_ONLY` stores only in GCS.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudbuild-private-pool-64-machine-types","text":"Cloud Build private pools support 64 machine types compared to 5 for default pools.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudbuild-private-pool-disable-public-ip","text":"Private pools can disable public IPs and provide static internal IP ranges; default pools cannot.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudbuild-queue-ttl-default-3600s","text":"Cloud Build `queueTtl` defaults to 3600s (1 hour) and ticks from `createTime`, while `timeout` ticks from `startTime`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudbuild-shallow-clone-by-default","text":"Cloud Build performs a shallow clone (single commit) by default; must use `git fetch --unshallow` build step for full history.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudbuild-steps-serial-by-default","text":"Cloud Build steps run serially by default; use `id` and `waitFor` fields for parallel execution (`waitFor: ['-']` starts immediately).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudrun-billing-fully-optimizable","text":"Cloud Run billing is fully optimizable through request-based pay-per-use default, CUD discounts shared across Cloud Run, GKE, and Compute Engine, and zero-cost for IAM-denied requests.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudrun-concurrency-default-80x-vcpus","text":"Cloud Run default concurrency is 80× the number of vCPUs when deployed via gcloud/Terraform (new services only); 80 when deployed via Console.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudrun-concurrency-scales-with-resources","text":"Cloud Run concurrency scales naturally with vCPU allocation (default 80x vCPUs, max 1000 per instance), providing predictable request distribution across instances.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudrun-default-invoke-roles","text":"Only four default roles can invoke a Cloud Run service: Project Owner, Project Editor, Cloud Run Admin, and Cloud Run Invoker (`roles/run.invoker`).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":85,"limit":20,"offset":0}