Skip to content

Improve GCP Artifact Registry and org policy gates #1379

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MAUROCERON wants to merge 1 commit into
base: main
Choose a base branch
from
+192 −7
Open

Improve GCP Artifact Registry and org policy gates #1379

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 11 additions & 6 deletions skills/cloud/gcp-review/SKILL.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,11 @@ The CIS Google Cloud Platform Foundation Benchmark v2.0.0 is a consensus-driven

- Access to GCP infrastructure-as-code files (Terraform `.tf`, Deployment Manager `.yaml`/`.jinja`)
- gcloud CLI output or configuration exports (if reviewing a live environment)
- IAM policy bindings and org policy definitions
- IAM policy bindings and org policy definitions, including effective org/folder/project policy exports when available
- VPC and firewall rule definitions
- Cloud Audit Logs configuration
- Artifact Registry repositories, vulnerability-scanning findings, remote repository upstreams, and container/image digest inventory
- Workload data classification for VMs that process sensitive data in memory, to determine whether Confidential VM evidence is required

---

Expand Down Expand Up @@ -100,8 +102,8 @@ Produce the final report using the structure defined in the Output Format sectio
| Severity | Definition | Examples |
|----------|-----------|----------|
| **Critical** | Immediate risk of data breach or unauthorized access | Public GCS buckets, firewall rules allowing 0.0.0.0/0 on SSH/RDP, Cloud SQL with public IP and no SSL, user-managed SA keys with admin roles |
| **High** | Significant security gap that materially weakens posture | Default service accounts with broad scopes, missing Cloud Audit Logs, no VPC flow logs, instances with public IPs |
| **Medium** | Control gap that should be addressed in normal cycle | Missing log metric filters, DNSSEC not enabled, Shielded VM not enabled, uniform bucket access not set |
| **High** | Significant security gap that materially weakens posture | Default service accounts with broad scopes, missing Cloud Audit Logs, no VPC flow logs, instances with public IPs, production Artifact Registry images without vulnerability-scanning evidence, org policies overridden at project level |
| **Medium** | Control gap that should be addressed in normal cycle | Missing log metric filters, DNSSEC not enabled, Shielded VM not enabled, uniform bucket access not set, remote Artifact Registry upstreams not allowlisted, Confidential VM evidence missing for sensitive workloads |
| **Low** | Hardening recommendation or defense-in-depth measure | OS Login not enabled, serial port access not explicitly disabled, BigQuery tables without CMEK |
| **Informational** | Best practice observation, no direct security impact | Default network still exists (non-production), naming conventions, documentation gaps |

Expand Down Expand Up @@ -175,7 +177,7 @@ Produce the final report using the structure defined in the Output Format sectio
| 2 | Logging and Monitoring | Cloud Audit Logs (admin/data read/write), log sinks, bucket lock retention, metric filters and alerts (8 categories), DNS logging, Cloud Asset Inventory |
| 3 | Networking | Default network removal, legacy networks, DNSSEC, firewall rules (SSH/RDP from internet), VPC flow logs, SSL policies, IAP-only access |
| 4 | Virtual Machines | Default service accounts, access scopes, project SSH key blocking, OS Login, serial port, IP forwarding, CMEK disks, Shielded VM, public IPs, Confidential Computing |
| 5 | Storage | Public bucket access, uniform bucket-level access |
| 5 | Storage | Public bucket access, uniform bucket-level access, Artifact Registry vulnerability scanning, remote repository upstream restrictions |
| 6 | Cloud SQL | MySQL/PostgreSQL/SQL Server database flags, SSL enforcement, authorized networks, public IP, automated backups |
| 7 | BigQuery | Public dataset access, CMEK encryption for tables and datasets |

Expand All @@ -188,12 +190,15 @@ Produce the final report using the structure defined in the Output Format sectio

## Common Pitfalls

1. **Missing org-level policy checks.** Many CIS controls (e.g., 3.1 default network, 5.1 public access) can be enforced via org policies. Check both resource-level configuration and org policy constraints.
2. **Confusing GCP-managed vs. user-managed service account keys.** CIS 1.4 only flags user-managed keys (created via `google_service_account_key`). Keys automatically managed by GCP services are acceptable.
1. **Missing org-level policy checks.** Many CIS controls (e.g., 3.1 default network, 5.1 public access) can be enforced via org policies. Check both resource-level configuration and org policy constraints, then verify the effective policy at folder/project scope so inheritance overrides are not missed.
2. **Confusing GCP-managed vs. user-managed service account keys.** CIS 1.4 only flags user-managed keys (created via `google_service_account_key`). Keys automatically managed by GCP services are acceptable. For legacy hybrid workloads, downgrade only when a time-bound exception proves Workload Identity Federation is unavailable, rotation is <= 90 days, project-level owner/editor is absent, and a migration owner/date is recorded.
3. **VPC flow logs must be per-subnet.** CIS 3.8 requires flow logs on every subnet, not just the VPC. Each `google_compute_subnetwork` must have a `log_config` block.
4. **Cloud SQL authorized_networks vs. private IP.** CIS 6.5 flags `0.0.0.0/0` in authorized networks, but CIS 6.6 goes further and recommends disabling public IP entirely in favor of private networking.
5. **BigQuery dataset-level vs. table-level CMEK.** CIS 7.2 checks table-level encryption, while CIS 7.3 checks the dataset default. Both should be evaluated independently.
6. **Default compute service account identification.** The default SA follows the pattern `PROJECT_NUMBER-compute@developer.gserviceaccount.com`. Grep for this pattern, not just the string "default."
7. **Artifact Registry is not Cloud Storage.** GCS bucket checks do not prove container/package repository safety. Review Artifact Registry repository mode, vulnerability-scanning findings, image digests, remote upstream allowlists, and package provenance separately.
8. **Organization policy drift can hide below the root.** A root-level `enforced = true` policy can be weakened by folder/project policy, restore-default settings, or legacy `google_project_organization_policy` resources. Require effective policy exports or mark the control Not Evaluable.
9. **Confidential VM is workload-sensitive.** CIS 4.11 is most meaningful for sensitive in-memory workloads. If the machine family supports Confidential VM and the workload handles regulated or high-value data, missing `confidential_instance_config` should be evaluated explicitly.

---

Expand Down
92 changes: 91 additions & 1 deletion skills/cloud/gcp-review/benchmark-checklist.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,19 @@ resource "google_service_account_key" {

Look for any `google_service_account_key` resources. GCP-managed keys (used automatically by Compute Engine, GKE, etc.) do not require explicit creation.

**Validated Hybrid-Cloud SA Key Exception:**

Do not automatically score every user-managed key as Critical when the evidence proves a constrained legacy hybrid workload. Require all of the following before downgrading:

- Workload Identity Federation or another keyless option is unavailable for the external provider.
- Key has a documented owner, business justification, and exception expiry.
- Rotation period is 90 days or fewer and last rotation evidence is available.
- The service account is not bound to project-level `roles/owner`, `roles/editor`, or broad admin roles.
- Usage is limited by IAM Conditions, network/source controls, or workload-specific scope where possible.
- A migration plan exists to remove the key when keyless federation becomes available.

If any evidence is missing, keep the finding High/Critical and mark the exception Not Evaluable.

### CIS 1.5 -- Ensure that Service Account Has No Admin Privileges

**Grep patterns:**
Expand Down Expand Up @@ -137,6 +150,34 @@ resource "google_apikeys_key" {

Check for key creation timestamps and rotation policies.

### Organization Policy Drift Evidence Gate

Org policies can be set at organization, folder, and project scope. Before passing controls that rely on organization policy enforcement, verify the effective policy and check for lower-scope overrides.

**Grep patterns:**

```hcl
# Legacy and current org policy resources
resource "google_organization_policy"
resource "google_folder_organization_policy"
resource "google_project_organization_policy"
resource "google_org_policy_policy"

# Possible override or restore-default indicators
restore_policy
restore_default
enforce = false
enforced = false
```

**What to verify:**

- Root organization policy is enforced for the relevant constraint.
- Folder/project policies do not weaken, restore default, or contradict the root policy.
- Effective policy export is available (`gcloud org-policies describe --effective` or equivalent evidence).
- The denominator of folders/projects covered by the policy is known.
- Missing effective-policy evidence is `Not Evaluable`, not Pass.

### CIS 1.16 -- Ensure Essential Contacts Is Configured for Organization

```hcl
Expand Down Expand Up @@ -532,11 +573,24 @@ resource "google_compute_instance" {
}
```

**Evidence gate for sensitive workloads:**

- Identify VMs processing regulated, payment, healthcare, ML-feature, key-management, or other high-value in-memory data.
- Verify the machine family supports Confidential VM before scoring as Fail.
- If supported and sensitive data is processed in memory, missing `enable_confidential_compute = true` is at least Medium, and may be High for Level 2 workloads.
- If not supported, record the non-applicability reason and compensating controls.

**gcloud check:**

```bash
gcloud compute instances describe INSTANCE --zone ZONE --format="value(confidentialInstanceConfig.enableConfidentialCompute)"
```

---

## Section 5 -- Storage

Evaluate Cloud Storage configurations against CIS GCP v2.0.0 Section 5 recommendations.
Evaluate Cloud Storage and Artifact Registry configurations against CIS GCP v2.0.0 Section 5 recommendations and related container/package storage evidence gates.

### CIS 5.1 -- Ensure that Cloud Storage Bucket Is Not Anonymously or Publicly Accessible

Expand Down Expand Up @@ -572,6 +626,42 @@ resource "google_storage_bucket" {
}
```

### Artifact Registry Vulnerability Scanning Evidence Gate

Artifact Registry is the successor to Container Registry for many container and package workflows. GCS bucket checks do not prove image/package repository security.

**Grep patterns:**

```hcl
resource "google_artifact_registry_repository"
mode = "REMOTE_REPOSITORY"
format = "DOCKER"
format = "NPM"
format = "PYTHON"
```

**What to verify:**

- Production container/image repositories have automatic vulnerability scanning or Artifact Analysis findings evidence.
- Image digests, not only mutable tags, are recorded for deployed workloads.
- Vulnerability findings from Artifact Analysis/Security Command Center are reviewed and tied to remediation ownership.
- Remote repositories are restricted to approved upstream domains and do not silently proxy untrusted package sources.
- Repository IAM does not grant public or broad write access.
- Missing scanning/finding evidence for production images is High. Missing trusted-upstream policy for remote repositories is Medium/High depending on exposure.

**gcloud checks:**

```bash
# List repositories and modes
gcloud artifacts repositories list --location=LOCATION --format="table(name,format,mode)"

# List container image digests
gcloud artifacts docker images list LOCATION-docker.pkg.dev/PROJECT/REPOSITORY --include-tags

# Review Artifact Analysis occurrences for an image digest
gcloud artifacts docker images describe IMAGE_URL@sha256:DIGEST --show-package-vulnerability
```

---

## Section 6 -- Cloud SQL
Expand Down
90 changes: 90 additions & 0 deletions skills/cloud/gcp-review/tests/artifact-registry-org-policy-edge-cases.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
# Artifact Registry And Organization Policy Edge Cases

Use these cases to verify that `gcp-review` checks Artifact Registry evidence
and effective organization-policy state instead of relying only on Cloud Storage
or root-level policy declarations.

## False Positive Guard: Validated Hybrid Service Account Key

```yaml
service_account_key:
resource: google_service_account_key.legacy_onprem
workload: on-prem batch job
workload_identity_federation_available: false
rotation_period_days: 60
project_level_owner_or_editor: false
key_owner: payments-platform
exception_expiry: 2026-09-01
migration_plan: workload_identity_federation_when_provider_supported
```

Expected outcome: Medium exception, not Critical, when the key is time-bound,
rotated within 90 days, least-privileged, documented, and migration-tracked.

## Missed Variant: Artifact Registry Scanning Disabled

```yaml
artifact_registry:
repository: prod-images
format: DOCKER
automatic_vulnerability_scanning: disabled
container_image_digests:
- sha256:REDACTED
security_command_center:
container_vulnerability_findings: missing
```

Expected outcome: High for production image repositories. The storage review
must include Artifact Registry vulnerability evidence, not only GCS buckets.

## Missed Variant: Remote Repository Allows Untrusted Upstreams

```yaml
artifact_registry:
repository: npm-cache
mode: REMOTE_REPOSITORY
upstreams:
- https://registry.npmjs.org
- https://example-untrusted.invalid
policy:
trusted_upstream_allowlist: missing
package_provenance_review: missing
```

Expected outcome: Medium to High supply-chain gap. Remote repositories should
be limited to approved upstreams with provenance and malware/vulnerability
controls documented.

## Missed Variant: Project-Level Org Policy Override

```yaml
organization_policy:
root:
constraint: constraints/storage.publicAccessPrevention
enforced: true
project:
constraint: constraints/storage.publicAccessPrevention
enforced: false
restore_default: true
effective_policy_export:
collected: false
```

Expected outcome: Not Evaluable or High depending on effective export. A
root-level policy is not enough when project/folder policy can override or
restore defaults; require effective policy evidence.

## Missed Variant: Confidential Computing Missing For Sensitive Memory Workload

```yaml
compute_instance:
name: payment-risk-model
data_classification: sensitive
confidential_instance_config:
enable_confidential_compute: false
machine_family_supports_confidential_vm: true
```

Expected outcome: Medium or High depending on sensitivity. Level 2 or sensitive
memory workloads need explicit Confidential VM evidence or a documented
non-applicability reason.