CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
        • Aws
        • Azure
        • Gcp
          • Best practice
          • Security
        • Lang
      • Typescript
      • Yaml
    Gcp

    Security

    gcp-sql-public-database

    Ensure that Cloud SQL database Instances are not open to the world
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-gke-client-certificate-disabled

    Ensure client certificate authentication to Kubernetes Engine Clusters is disabled
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-folder-member-default-service-account-iam-member

    Ensure Default Service account is not used at a folder level
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-gke-enabled-vpc-flow-logs

    Enable VPC Flow Logs and Intranode Visibility
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-compute-serial-ports

    Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-org-member-default-service-account-iam-binding

    Ensure default service account is not used at an organization level
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-sub-network-private-google-enabled

    Ensure that private_ip_google_access is enabled for Subnet
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-project-member-default-service-account-iam-binding

    Ensure Default Service account is not used at a project level
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-vertexai-private-instance

    Ensure Vertex AI instances are private
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-insecure-load-balancer-tls-version

    Detected GCP Load Balancer to be using an insecure version of TLS. To fix this set your “min_tls_version” to “TLS_1_2”
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    gcp-gke-pod-security-policy-enabled

    Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-bigtable-instance-encrypted-with-cmk

    Ensure Big Table Instances are encrypted with Customer Supplied Encryption Keys (CSEK)
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    gcp-bigquery-dataset-encrypted-with-cmk

    Ensure that BigQuery datasets are not anonymously or publicly accessible
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    gcp-dataproc-cluster-public-ip

    Ensure Dataproc Clusters do not have public IPs
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-memory-store-for-redis-intransit-encryption

    Ensure Memorystore for Redis uses intransit encryption
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-folder-member-default-service-account-iam-binding

    Ensure Default Service account is not used at a folder level
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-dataflow-job-encrypted-with-cmk

    Ensure data flow jobs are encrypted with Customer Supplied Encryption Keys (CSEK)
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    gcp-gke-cluster-logging

    Ensure logging is set to Enabled on Kubernetes Engine Clusters
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    gcp-gke-legacy-instance-metadata-disabled

    Ensure legacy Compute Engine instance metadata APIs are Disabled
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-bigquery-table-encrypted-with-cmk

    Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK)
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    gcp-bigquery-private-table-iam-member

    Ensure that BigQuery Tables are not anonymously or publicly accessible
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-gke-public-control-plane

    Ensure GKE Control Plane is not public
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-gke-nodepool-integrity-monitoring

    Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-storage-bucket-uniform-access

    Ensure that Cloud Storage buckets have uniform bucket-level access enabled
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-pubsub-private-topic-iam-member

    Ensure that Pub/Sub Topics are not anonymously or publicly accessible
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-compute-boot-disk-encryption

    Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-311: Missing Encryption of Sensitive Data
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A04:2021 - Insecure Design

    gcp-kms-prevent-destroy

    Ensure KMS keys are protected from deletion
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-gke-legacy-auth-enabled

    Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-compute-os-login

    Ensure that no instance in the project overrides the project setting for enabling OSLogin (OSLogin needs to be enabled in project metadata for all instances)
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-compute-ip-forward

    Ensure that IP forwarding is not enabled on Instances. This lets the instance act as a traffic router and receive traffic not intended for it, which may route traffic through unintended passages.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-dataproc-cluster-encrypted-with-cmk

    Ensure Dataproc cluster is encrypted with Customer Supplied Encryption Keys (CSEK)
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    gcp-vertexai-dataset-encrypted-with-cmk

    Ensure Vertex AI datasets uses a CMK (Customer Manager Key)
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    gcp-compute-template-ip-forward

    Ensure that IP forwarding is not enabled on Instances. This lets the instance act as a traffic router and receive traffic not intended for it, which may route traffic through unintended passages.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-gke-monitoring-enabled

    Ensure monitoring is set to Enabled on Kubernetes Engine Clusters
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-compute-project-os-login

    Ensure oslogin is enabled for a Project
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-datafusion-private-instance

    Ensure Data fusion instances are private
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-compute-template-public-ip

    Ensure that Compute instances do not have public IP addresses
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-artifact-registry-encrypted-with-cmk

    Ensure Artifact Registry Repositories are encrypted with Customer Supplied Encryption Keys (CSEK)
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    gcp-datafusion-stack-driver-monitoring

    Ensure Datafusion has stack driver monitoring enabled.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    gcp-compute-firewall-unrestricted-ingress-22

    Ensure Google compute firewall ingress does not allow unrestricted SSH access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-gke-network-policy-enabled

    Ensure Network Policy is enabled on Kubernetes Engine Clusters
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-memory-store-for-redis-auth-enabled

    Ensure Memorystore for Redis has AUTH enabled
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-gke-basic-auth

    Ensure GKE basic auth is disabled
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-project-service-account-user-iam-binding

    Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-compute-firewall-unrestricted-ingress-3306

    Ensure Google compute firewall ingress does not allow unrestricted MySQL access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-pubsub-encrypted-with-cmk

    Ensure PubSub Topics are encrypted with Customer Supplied Encryption Keys (CSEK)
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    gcp-org-member-default-service-account-iam-member

    Ensure default service account is not used at an organization level
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-folder-impersonation-roles-iam-member

    Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-compute-firewall-unrestricted-ingress-21

    Ensure Google compute firewall ingress does not allow unrestricted FTP access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-gke-kubernetes-rbac-google-groups

    Manage Kubernetes RBAC users with Google Groups for GKE
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-dns-key-specs-rsasha1

    Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    gcp-compute-disk-encryption

    Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-311: Missing Encryption of Sensitive Data
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A04:2021 - Insecure Design

    gcp-sql-database-require-ssl

    Ensure all Cloud SQL database instance requires all incoming connections to use SSL
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    gcp-build-workers-private

    Ensure Cloud build workers are private
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-gke-private-cluster-config

    Ensure Kubernetes Cluster is created with Private cluster enabled
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-compute-public-ip

    Ensure that Compute instances do not have public IP addresses
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-spanner-database-encrypted-with-cmk

    Ensure Spanner Database is encrypted with Customer Supplied Encryption Keys (CSEK)
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    gcp-compute-firewall-unrestricted-ingress-3389

    Ensure Google compute firewall ingress does not allow unrestricted RDP access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-compute-firewall-unrestricted-ingress-20

    Ensure Google compute firewall ingress does not allow unrestricted FTP access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-compute-ssl-policy

    Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    gcp-dataflow-private-job

    Ensure Dataflow jobs are private
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-artifact-registry-private-repo-iam-binding

    Ensure that Artifact Registry repositories are not anonymously or publicly accessible
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-compute-firewall-unrestricted-ingress-80

    Ensure Google compute firewall ingress does not allow unrestricted HTTP access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-project-member-default-service-account-iam-member

    Ensure Default Service account is not used at a project level
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-artifact-registry-private-repo-iam-member

    Ensure that Artifact Registry repositories are not anonymously or publicly accessible
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-vertexai-metadata-store-encrypted-with-cmk

    Ensure Vertex AI Metadata Store uses a CMK (Customer Manager Key)
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    gcp-gke-secure-boot-for-shielded-nodes

    Ensure Secure Boot for Shielded GKE Nodes is Enabled

    gcp-cloud-storage-logging

    Ensure bucket logs access.
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-778: Insufficient Logging
    OWASP:
    - A10:2017 - Insufficient Logging & Monitoring
    - A09:2021 - Security Logging and Monitoring Failures

    gcp-storage-bucket-not-public-iam-binding

    Ensure that Container Registry repositories are not anonymously or publicly accessible
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-dataproc-private-cluster-iam-binding

    Ensure that Dataproc clusters are not anonymously or publicly accessible
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-project-service-account-user-iam-member

    Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-project-default-network

    Ensure that the default network does not exist in a project. Set auto_create_network to false.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-gke-master-authz-networks-enabled

    Ensure master authorized networks is set to enabled in GKE clusters
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-dataproc-private-cluster-iam-member

    Ensure that Dataproc clusters are not anonymously or publicly accessible
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-datafusion-stack-driver-logging

    Ensure Datafusion has stack driver logging enabled.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-org-impersonation-roles-iam-binding

    Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-run-private-service-iam-binding

    Ensure that GCP Cloud Run services are not anonymously or publicly accessible
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-sub-network-logging-enabled

    Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-bigquery-private-table-iam-binding

    Ensure that BigQuery Tables are not anonymously or publicly accessible
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-folder-impersonation-roles-iam-binding

    Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-pubsub-private-topic-iam-binding

    Ensure that Pub/Sub Topics are not anonymously or publicly accessible
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-storage-bucket-not-public-iam-member

    Ensure that Container Registry repositories are not anonymously or publicly accessible
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-gke-ensure-integrity-monitoring

    Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-sqlserver-no-public-ip

    Ensure Cloud SQL database does not have public IP
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-run-private-service-iam-member

    Ensure that GCP Cloud Run services are not anonymously or publicly accessible
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    gcp-org-impersonation-roles-iam-member

    Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Best practiceSecurity
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.