We just raised $3.5M and we are hiring!

Google Cloud Policies

With GCP Policies, you can use CloudQuery to automatically check compliance and security of Google Cloud resources.

$ cloudquery policy run gcp
Category
compliance
Version
v0.0.4
License
MPL-2.0
License
MPL-2.0

gcp_cis_v1.2.0_gcp-cis-section-1_1.1.sql

gcp_cis_v1.2.0_gcp-cis-section-1_1.11.sql

queries_bigquery_datasets_publicly_accessible.sql

queries_bigquery_datasets_without_default_cmek.sql

queries_bigquery_tables_not_encrypted_with_cmek.sql

queries_compute_allow_traffic_behind_iap.sql

queries_compute_default_network_exist.sql

queries_compute_disks_encrypted_with_csek.sql

queries_compute_dnssec_disabled.sql

queries_compute_flow_logs_disabled_in_vpc.sql

queries_compute_instance_ip_forwarding_enabled.sql

queries_compute_instances_with_default_service_account.sql

queries_compute_instances_with_default_service_account_with_full_access.sql

queries_compute_instances_with_public_ip.sql

queries_compute_instances_with_shielded_vm_disabled.sql

queries_compute_instances_without_block_project_wide_ssh_keys.sql

queries_compute_instances_without_confidential_computing.sql

queries_compute_legacy_network_exist.sql

queries_compute_oslogin_disabled.sql

queries_compute_rdp_access_permitted.sql

queries_compute_serial_port_connection_enabled.sql

queries_compute_ssh_access_permitted.sql

queries_compute_ssl_proxy_with_weak_cipher.sql

queries_dns_key_signing_with_rsasha1.sql

queries_dns_zone_signing_with_rsasha1.sql

queries_iam_managed_service_account_keys.sql

queries_iam_seperation_of_duties.sql

queries_iam_service_account_admin_priv.sql

queries_iam_service_account_keys_not_rotated.sql

queries_iam_users_with_service_account_token_creator_role.sql

queries_kms_keys_not_rotated_within_90_days.sql

queries_kms_publicly_accessible.sql

queries_logging_audit_config_changes_without_log_metric_filter_alerts.sql

queries_logging_custom_role_changes_without_log_metric_filter_alerts.sql

queries_logging_dns_logging_disabled.sql

queries_logging_log_buckets_retention_policy_disabled.sql

queries_logging_not_configured_across_services_and_users.sql

queries_logging_project_ownership_changes_without_log_metric_filter_alerts.sql

queries_logging_sinks_not_configured_for_all_log_entries.sql

queries_logging_sql_instance_changes_without_log_metric_filter_alerts.sql

queries_logging_storage_iam_changes_without_log_metric_filter_alerts.sql

queries_logging_vpc_firewall_changes_without_log_metric_filter_alerts.sql

queries_logging_vpc_network_changes_without_log_metric_filter_alerts.sql

queries_logging_vpc_route_changes_without_log_metric_filter_alerts.sql

queries_manual.sql

queries_sql_db_instance_publicly_accessible.sql

queries_sql_db_instance_with_public_ip.sql

queries_sql_db_instance_without_ssl.sql

queries_sql_mysql_local_inline_flag_on.sql

queries_sql_mysql_skip_show_database_flag_off.sql

queries_sql_postgresql_log_checkpoints_flag_off.sql

queries_sql_postgresql_log_connections_flag_off.sql

queries_sql_postgresql_log_disconnections_flag_off.sql

queries_sql_postgresql_log_duration_flag_off.sql

queries_sql_postgresql_log_error_verbosity_flag_not_strict.sql

queries_sql_postgresql_log_executor_stats_flag_on.sql

queries_sql_postgresql_log_hostname_flag_off.sql

queries_sql_postgresql_log_lock_waits_flag_off.sql

queries_sql_postgresql_log_min_duration_statement_flag_on.sql

queries_sql_postgresql_log_min_error_statement_flag_less_error.sql

queries_sql_postgresql_log_parser_stats_flag_on.sql

queries_sql_postgresql_log_planner_stats_flag_on.sql

queries_sql_postgresql_log_statement_stats_flag_on.sql

queries_sql_postgresql_log_temp_files_flag_off.sql

queries_sql_sqlserver_contained_database_authentication_flag_on.sql

queries_sql_sqlserver_cross_db_ownership_chaining_flag_on.sql

queries_sql_sqlserver_external_scripts_enabled_flag_on.sql

queries_sql_sqlserver_remote_access_flag_on.sql

queries_sql_sqlserver_user_connections_flag_not_set.sql

queries_sql_sqlserver_user_options_flag_set.sql

queries_storage_buckets_publicly_accessible.sql

queries_storage_buckets_without_uniform_bucket_level_access.sql

Query

SELECT 'needs to list folders and organizations which is currently not supported'