Hello,
After AWS and Azure, SonarCloud now supports GCP and detects security problems in Terraform for GCP files. The domains covered by the 14 new GCP specific rules are:
-
Encryption at Rest and at Transit:
- S6401: Creating keys without a rotation period is security-sensitive
- S6402: Creating DNS zones without DNSSEC enabled is security-sensitive
- S6403: Creating GCP SQL instances without requiring TLS is security-sensitive
- S6405: Enabling project-wide SSH keys to access VM instances is security-sensitive
- S6407: Creating App Engine handlers without requiring TLS is security-sensitive
- S6410: Google Cloud load balancers SSL policies should not offer weak cipher suites
-
Public Access, Permission and Access Control:
- S6400: Granting highly privileged GCP resource rights is security-sensitive
- S6321: Administration services access should be restricted to specific IP addresses
- S6404: Granting public access to GCP resources is security-sensitive
- S6302: Having policies that grant all privileges is security-sensitive
- S6409: Enabling Attribute-Based Access Control for Kubernetes is security-sensitive
- S6406: Excessive Granting Of GCP IAM Permissions Is Security-Sensitive
- S6408: Creating custom roles allowing privilege escalation is security-sensitive
- S6329: Allowing public network access to cloud resources is security-sensitive
Next step? We will detect security problems in Kubernetes config files.
Alex