From 953bcc5064a4fba32fd17b4757238fedbe14d6c7 Mon Sep 17 00:00:00 2001 From: MAUROCERON <128849045+MAUROCERON@users.noreply.github.com> Date: Sat, 6 Jun 2026 05:30:20 -0500 Subject: [PATCH] Improve GCP artifact registry and org policy gates --- skills/cloud/gcp-review/SKILL.md | 17 ++-- .../cloud/gcp-review/benchmark-checklist.md | 92 ++++++++++++++++++- ...artifact-registry-org-policy-edge-cases.md | 90 ++++++++++++++++++ 3 files changed, 192 insertions(+), 7 deletions(-) create mode 100644 skills/cloud/gcp-review/tests/artifact-registry-org-policy-edge-cases.md diff --git a/skills/cloud/gcp-review/SKILL.md b/skills/cloud/gcp-review/SKILL.md index 8c61f49e..48980029 100644 --- a/skills/cloud/gcp-review/SKILL.md +++ b/skills/cloud/gcp-review/SKILL.md @@ -51,9 +51,11 @@ The CIS Google Cloud Platform Foundation Benchmark v2.0.0 is a consensus-driven - Access to GCP infrastructure-as-code files (Terraform `.tf`, Deployment Manager `.yaml`/`.jinja`) - gcloud CLI output or configuration exports (if reviewing a live environment) -- IAM policy bindings and org policy definitions +- IAM policy bindings and org policy definitions, including effective org/folder/project policy exports when available - VPC and firewall rule definitions - Cloud Audit Logs configuration +- Artifact Registry repositories, vulnerability-scanning findings, remote repository upstreams, and container/image digest inventory +- Workload data classification for VMs that process sensitive data in memory, to determine whether Confidential VM evidence is required --- @@ -100,8 +102,8 @@ Produce the final report using the structure defined in the Output Format sectio | Severity | Definition | Examples | |----------|-----------|----------| | **Critical** | Immediate risk of data breach or unauthorized access | Public GCS buckets, firewall rules allowing 0.0.0.0/0 on SSH/RDP, Cloud SQL with public IP and no SSL, user-managed SA keys with admin roles | -| **High** | Significant security gap that materially weakens posture | Default service accounts with broad scopes, missing Cloud Audit Logs, no VPC flow logs, instances with public IPs | -| **Medium** | Control gap that should be addressed in normal cycle | Missing log metric filters, DNSSEC not enabled, Shielded VM not enabled, uniform bucket access not set | +| **High** | Significant security gap that materially weakens posture | Default service accounts with broad scopes, missing Cloud Audit Logs, no VPC flow logs, instances with public IPs, production Artifact Registry images without vulnerability-scanning evidence, org policies overridden at project level | +| **Medium** | Control gap that should be addressed in normal cycle | Missing log metric filters, DNSSEC not enabled, Shielded VM not enabled, uniform bucket access not set, remote Artifact Registry upstreams not allowlisted, Confidential VM evidence missing for sensitive workloads | | **Low** | Hardening recommendation or defense-in-depth measure | OS Login not enabled, serial port access not explicitly disabled, BigQuery tables without CMEK | | **Informational** | Best practice observation, no direct security impact | Default network still exists (non-production), naming conventions, documentation gaps | @@ -175,7 +177,7 @@ Produce the final report using the structure defined in the Output Format sectio | 2 | Logging and Monitoring | Cloud Audit Logs (admin/data read/write), log sinks, bucket lock retention, metric filters and alerts (8 categories), DNS logging, Cloud Asset Inventory | | 3 | Networking | Default network removal, legacy networks, DNSSEC, firewall rules (SSH/RDP from internet), VPC flow logs, SSL policies, IAP-only access | | 4 | Virtual Machines | Default service accounts, access scopes, project SSH key blocking, OS Login, serial port, IP forwarding, CMEK disks, Shielded VM, public IPs, Confidential Computing | -| 5 | Storage | Public bucket access, uniform bucket-level access | +| 5 | Storage | Public bucket access, uniform bucket-level access, Artifact Registry vulnerability scanning, remote repository upstream restrictions | | 6 | Cloud SQL | MySQL/PostgreSQL/SQL Server database flags, SSL enforcement, authorized networks, public IP, automated backups | | 7 | BigQuery | Public dataset access, CMEK encryption for tables and datasets | @@ -188,12 +190,15 @@ Produce the final report using the structure defined in the Output Format sectio ## Common Pitfalls -1. **Missing org-level policy checks.** Many CIS controls (e.g., 3.1 default network, 5.1 public access) can be enforced via org policies. Check both resource-level configuration and org policy constraints. -2. **Confusing GCP-managed vs. user-managed service account keys.** CIS 1.4 only flags user-managed keys (created via `google_service_account_key`). Keys automatically managed by GCP services are acceptable. +1. **Missing org-level policy checks.** Many CIS controls (e.g., 3.1 default network, 5.1 public access) can be enforced via org policies. Check both resource-level configuration and org policy constraints, then verify the effective policy at folder/project scope so inheritance overrides are not missed. +2. **Confusing GCP-managed vs. user-managed service account keys.** CIS 1.4 only flags user-managed keys (created via `google_service_account_key`). Keys automatically managed by GCP services are acceptable. For legacy hybrid workloads, downgrade only when a time-bound exception proves Workload Identity Federation is unavailable, rotation is <= 90 days, project-level owner/editor is absent, and a migration owner/date is recorded. 3. **VPC flow logs must be per-subnet.** CIS 3.8 requires flow logs on every subnet, not just the VPC. Each `google_compute_subnetwork` must have a `log_config` block. 4. **Cloud SQL authorized_networks vs. private IP.** CIS 6.5 flags `0.0.0.0/0` in authorized networks, but CIS 6.6 goes further and recommends disabling public IP entirely in favor of private networking. 5. **BigQuery dataset-level vs. table-level CMEK.** CIS 7.2 checks table-level encryption, while CIS 7.3 checks the dataset default. Both should be evaluated independently. 6. **Default compute service account identification.** The default SA follows the pattern `PROJECT_NUMBER-compute@developer.gserviceaccount.com`. Grep for this pattern, not just the string "default." +7. **Artifact Registry is not Cloud Storage.** GCS bucket checks do not prove container/package repository safety. Review Artifact Registry repository mode, vulnerability-scanning findings, image digests, remote upstream allowlists, and package provenance separately. +8. **Organization policy drift can hide below the root.** A root-level `enforced = true` policy can be weakened by folder/project policy, restore-default settings, or legacy `google_project_organization_policy` resources. Require effective policy exports or mark the control Not Evaluable. +9. **Confidential VM is workload-sensitive.** CIS 4.11 is most meaningful for sensitive in-memory workloads. If the machine family supports Confidential VM and the workload handles regulated or high-value data, missing `confidential_instance_config` should be evaluated explicitly. --- diff --git a/skills/cloud/gcp-review/benchmark-checklist.md b/skills/cloud/gcp-review/benchmark-checklist.md index 204ab38f..120b873a 100644 --- a/skills/cloud/gcp-review/benchmark-checklist.md +++ b/skills/cloud/gcp-review/benchmark-checklist.md @@ -41,6 +41,19 @@ resource "google_service_account_key" { Look for any `google_service_account_key` resources. GCP-managed keys (used automatically by Compute Engine, GKE, etc.) do not require explicit creation. +**Validated Hybrid-Cloud SA Key Exception:** + +Do not automatically score every user-managed key as Critical when the evidence proves a constrained legacy hybrid workload. Require all of the following before downgrading: + +- Workload Identity Federation or another keyless option is unavailable for the external provider. +- Key has a documented owner, business justification, and exception expiry. +- Rotation period is 90 days or fewer and last rotation evidence is available. +- The service account is not bound to project-level `roles/owner`, `roles/editor`, or broad admin roles. +- Usage is limited by IAM Conditions, network/source controls, or workload-specific scope where possible. +- A migration plan exists to remove the key when keyless federation becomes available. + +If any evidence is missing, keep the finding High/Critical and mark the exception Not Evaluable. + ### CIS 1.5 -- Ensure that Service Account Has No Admin Privileges **Grep patterns:** @@ -137,6 +150,34 @@ resource "google_apikeys_key" { Check for key creation timestamps and rotation policies. +### Organization Policy Drift Evidence Gate + +Org policies can be set at organization, folder, and project scope. Before passing controls that rely on organization policy enforcement, verify the effective policy and check for lower-scope overrides. + +**Grep patterns:** + +```hcl +# Legacy and current org policy resources +resource "google_organization_policy" +resource "google_folder_organization_policy" +resource "google_project_organization_policy" +resource "google_org_policy_policy" + +# Possible override or restore-default indicators +restore_policy +restore_default +enforce = false +enforced = false +``` + +**What to verify:** + +- Root organization policy is enforced for the relevant constraint. +- Folder/project policies do not weaken, restore default, or contradict the root policy. +- Effective policy export is available (`gcloud org-policies describe --effective` or equivalent evidence). +- The denominator of folders/projects covered by the policy is known. +- Missing effective-policy evidence is `Not Evaluable`, not Pass. + ### CIS 1.16 -- Ensure Essential Contacts Is Configured for Organization ```hcl @@ -532,11 +573,24 @@ resource "google_compute_instance" { } ``` +**Evidence gate for sensitive workloads:** + +- Identify VMs processing regulated, payment, healthcare, ML-feature, key-management, or other high-value in-memory data. +- Verify the machine family supports Confidential VM before scoring as Fail. +- If supported and sensitive data is processed in memory, missing `enable_confidential_compute = true` is at least Medium, and may be High for Level 2 workloads. +- If not supported, record the non-applicability reason and compensating controls. + +**gcloud check:** + +```bash +gcloud compute instances describe INSTANCE --zone ZONE --format="value(confidentialInstanceConfig.enableConfidentialCompute)" +``` + --- ## Section 5 -- Storage -Evaluate Cloud Storage configurations against CIS GCP v2.0.0 Section 5 recommendations. +Evaluate Cloud Storage and Artifact Registry configurations against CIS GCP v2.0.0 Section 5 recommendations and related container/package storage evidence gates. ### CIS 5.1 -- Ensure that Cloud Storage Bucket Is Not Anonymously or Publicly Accessible @@ -572,6 +626,42 @@ resource "google_storage_bucket" { } ``` +### Artifact Registry Vulnerability Scanning Evidence Gate + +Artifact Registry is the successor to Container Registry for many container and package workflows. GCS bucket checks do not prove image/package repository security. + +**Grep patterns:** + +```hcl +resource "google_artifact_registry_repository" +mode = "REMOTE_REPOSITORY" +format = "DOCKER" +format = "NPM" +format = "PYTHON" +``` + +**What to verify:** + +- Production container/image repositories have automatic vulnerability scanning or Artifact Analysis findings evidence. +- Image digests, not only mutable tags, are recorded for deployed workloads. +- Vulnerability findings from Artifact Analysis/Security Command Center are reviewed and tied to remediation ownership. +- Remote repositories are restricted to approved upstream domains and do not silently proxy untrusted package sources. +- Repository IAM does not grant public or broad write access. +- Missing scanning/finding evidence for production images is High. Missing trusted-upstream policy for remote repositories is Medium/High depending on exposure. + +**gcloud checks:** + +```bash +# List repositories and modes +gcloud artifacts repositories list --location=LOCATION --format="table(name,format,mode)" + +# List container image digests +gcloud artifacts docker images list LOCATION-docker.pkg.dev/PROJECT/REPOSITORY --include-tags + +# Review Artifact Analysis occurrences for an image digest +gcloud artifacts docker images describe IMAGE_URL@sha256:DIGEST --show-package-vulnerability +``` + --- ## Section 6 -- Cloud SQL diff --git a/skills/cloud/gcp-review/tests/artifact-registry-org-policy-edge-cases.md b/skills/cloud/gcp-review/tests/artifact-registry-org-policy-edge-cases.md new file mode 100644 index 00000000..03a83986 --- /dev/null +++ b/skills/cloud/gcp-review/tests/artifact-registry-org-policy-edge-cases.md @@ -0,0 +1,90 @@ +# Artifact Registry And Organization Policy Edge Cases + +Use these cases to verify that `gcp-review` checks Artifact Registry evidence +and effective organization-policy state instead of relying only on Cloud Storage +or root-level policy declarations. + +## False Positive Guard: Validated Hybrid Service Account Key + +```yaml +service_account_key: + resource: google_service_account_key.legacy_onprem + workload: on-prem batch job + workload_identity_federation_available: false + rotation_period_days: 60 + project_level_owner_or_editor: false + key_owner: payments-platform + exception_expiry: 2026-09-01 + migration_plan: workload_identity_federation_when_provider_supported +``` + +Expected outcome: Medium exception, not Critical, when the key is time-bound, +rotated within 90 days, least-privileged, documented, and migration-tracked. + +## Missed Variant: Artifact Registry Scanning Disabled + +```yaml +artifact_registry: + repository: prod-images + format: DOCKER + automatic_vulnerability_scanning: disabled + container_image_digests: + - sha256:REDACTED +security_command_center: + container_vulnerability_findings: missing +``` + +Expected outcome: High for production image repositories. The storage review +must include Artifact Registry vulnerability evidence, not only GCS buckets. + +## Missed Variant: Remote Repository Allows Untrusted Upstreams + +```yaml +artifact_registry: + repository: npm-cache + mode: REMOTE_REPOSITORY + upstreams: + - https://registry.npmjs.org + - https://example-untrusted.invalid +policy: + trusted_upstream_allowlist: missing + package_provenance_review: missing +``` + +Expected outcome: Medium to High supply-chain gap. Remote repositories should +be limited to approved upstreams with provenance and malware/vulnerability +controls documented. + +## Missed Variant: Project-Level Org Policy Override + +```yaml +organization_policy: + root: + constraint: constraints/storage.publicAccessPrevention + enforced: true + project: + constraint: constraints/storage.publicAccessPrevention + enforced: false + restore_default: true +effective_policy_export: + collected: false +``` + +Expected outcome: Not Evaluable or High depending on effective export. A +root-level policy is not enough when project/folder policy can override or +restore defaults; require effective policy evidence. + +## Missed Variant: Confidential Computing Missing For Sensitive Memory Workload + +```yaml +compute_instance: + name: payment-risk-model + data_classification: sensitive + confidential_instance_config: + enable_confidential_compute: false + machine_family_supports_confidential_vm: true +``` + +Expected outcome: Medium or High depending on sensitivity. Level 2 or sensitive +memory workloads need explicit Confidential VM evidence or a documented +non-applicability reason.