turbot/gcp_compliance

GCP Compliance Mod

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, Forseti Security and CFT Scorecard for all your GCP projects.

image

References

GCP provides on-demand cloud computing platforms and APIs to authenticated customers on a metered pay-as-you-go basis.

CFT Scorecard provides a set of security best-practice checks to detect misconfigurations and violations in Google Cloud resources and projects.

CIS GCP Benchmarks provide a predefined set of compliance and security best-practice checks for GCP projects.

Forseti Security Benchmark provides a set of security best practice checks for GCP projects so that you can take action to secure resources and minimize security risks.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

Steampipe Mods are collections of named queries, and codified controls that can be used to test current configuration of your cloud resources against a desired configuration.

Documentation

Get started

Install the GCP plugin with Steampipe:

steampipe plugin install gcp

Clone:

git clone https://github.com/turbot/steampipe-mod-gcp-compliance.git
cd steampipe-mod-gcp-compliance

Run all benchmarks:

steampipe check all

Run a single benchmark:

steampipe check benchmark.cis_v120

Run a specific control:

steampipe check control.cis_v120_2_1

Credentials

This mod uses the credentials configured in the Steampipe GCP plugin.

Configuration

No extra configuration is required.

Get involved