The GCP Audit project automates many of the audits found in the Center for Internet Security (CIS) Google Cloud Platform Foundation Benchmark. There is one script per benchmark. The script is named after the corresponding benchmark. The scripts can enumerate all projects in an organization and scan each project, or the user can pass in the project as a parameter.
How to Use GCP Audit (Cloud Shell)
How to Use GCP Audit (Local Terminal)
If you would like to use an Ubuntu virtual machine, install Ubuntu on VirtualBox or other hypervisor. Ubuntu runs better on VirtualBox if the Guest Additions are installed. If VirtualBox is not installed, install VirtualBox.
This video shows how to install the gcloud CLI on Ubuntu Linux. Otherwise, follow the instructions for your distribution
git clone https://github.com/webpwnized/gcp-audit.git
-
If you would like to use an Ubuntu virtual machine, install Ubuntu on VirtualBox or other hypervisor.
-
Ubuntu runs better on VirtualBox if the Guest Additions are installed.
-
If VirtualBox is not installed, install VirtualBox.