-
Notifications
You must be signed in to change notification settings - Fork 13
Conversation
jupiterone/questions/questions.yaml
Outdated
- name: bad | ||
query: | | ||
find google_sql_mysql_instance with localInfile!='off' | ||
query: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mikiodehartj1 Is it intentional that these don't have queries?
Added questions from CIS GCP Benchmark v1.3 and 2.0 + Mappings to v1.1 questions. Additionally, added comments to help visually organize the code.
jupiterone/questions/questions.yaml
Outdated
description: | ||
It is recommended that the principle of 'Separation of Duties' is enforced while assigning service-account related roles to users. | ||
- name: good | ||
query: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have queries for these?
jupiterone/questions/questions.yaml
Outdated
title: Ensure API Keys Only Exist for Active Services | ||
description: | ||
API Keys should only be used for services in cases where other authentication methods are unavailable. Unused keys with their permissions in tact may still exist within a project. Keys are insecure because they can be viewed publicly, such as from within a browser, or they can be accessed on a device where the key resides. It is recommended to use standard authentication flow instead. | ||
queries: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another
cc8624a
to
010cea1
Compare
# - id: integration-question-google- | ||
# title: | ||
# description: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mikiodehartj1 if you want to fill these in I can comment this one back in
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
id: integration-question-google-dataproc-encryption
title: Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key
description: When you use Dataproc, cluster and job data is stored on Persistent Disks (PDs) associated with the Compute Engine VMs in your cluster and in a Cloud Storage staging bucket. This PD and bucket data is encrypted using a Google-generated data encryption key (DEK) and key encryption key (KEK). The CMEK feature allows you to create, use, and revoke the key encryption key (KEK). Google still controls the data encryption key (DEK).
requirements: | ||
- '6.2.5' | ||
|
||
#6.2.5 (GCP v 2.0 Only) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
comment says 2.0 only but it's listed for 1.3 also, is that ok?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a mistake. Line 1941-1943 should be deleted.
🚀 PR was released in |
Added questions from CIS GCP Benchmark v1.3 and 2.0 + Mappings to v1.1 questions. Additionally, added comments to help visually organize the code.