GCP Compute Engine

Overview
Critical
0
High
20
Medium
28
Low
18
Informational
0
Security issues (66)
Severity Non-Compliance Region Resource Issue Remediation Read more Action
High CIS 4.3 us-west4 instance-1 VM instance does not block project-wide SSH keys. To maintain the principle of least privilege and prevent potential privilege escalation, ensure VM instances are not configured to allow project-wide SSH keys and use instance-level SSH keys instead. More info
High PCI DSS 4.2.1 us-west4 instance-1 VM instance has no Two-Factor Authentication (2FA) enabled for OS Login. To fulfill PCI compliance requirements for additional security features for any required service, ensure that VM instances have OS login feature enabled and configured with 2FA. More info
Low us-west4 instance-1 VM instance has no deletion protection. To prevent accidental VM deletion, ensure that VM instances have deletion protection enabled. More info
Low CIS 4.9 PCI DSS 4.2.1 us-west4 instance-1 VM instance has public access enabled. In order to minimize exposure to the Internet, ensure your VM instances are not configured to have external IP addresses. More info
Low us-west4 instance-1 VM instance has Auto-Delete behavior rule enabled for the persistent disk: instance-1. To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances. More info
High PCI DSS 3.5 HIPAA (Encryption) us-west4 instance-1 VM instance has no persistent disks encrypted with Customer-Managed Keys (CMKs). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, ensure that the persistent disks attached to your VM instances are encrypted with CMKs. More info
Medium us-west4 instance-2 VM instance has Automatic Restart disabled. To allow Compute Engine restart the instance if it crashes or is stopped, Ensure automatic restart is enabled for all VM instances. More info
High CIS 4.3 us-west4 instance-2 VM instance does not block project-wide SSH keys. To maintain the principle of least privilege and prevent potential privilege escalation, ensure VM instances are not configured to allow project-wide SSH keys and use instance-level SSH keys instead. More info
High PCI DSS 4.2.1 us-west4 instance-2 VM instance has no Two-Factor Authentication (2FA) enabled for OS Login. To fulfill PCI compliance requirements for additional security features for any required service, ensure that VM instances have OS login feature enabled and configured with 2FA. More info
Low us-west4 instance-2 VM instance has no deletion protection. To prevent accidental VM deletion, ensure that VM instances have deletion protection enabled. More info
Low CIS 4.9 PCI DSS 4.2.1 us-west4 instance-2 VM instance has public access enabled. In order to minimize exposure to the Internet, ensure your VM instances are not configured to have external IP addresses. More info
Low us-west4 instance-2 VM instance has Auto-Delete behavior rule enabled for the persistent disk: instance-2. To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances. More info
High PCI DSS 3.5 HIPAA (Encryption) us-west4 instance-2 VM instance has no persistent disks encrypted with Customer-Managed Keys (CMKs). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, ensure that the persistent disks attached to your VM instances are encrypted with CMKs. More info
Medium CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) us-west4 instance-1 Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. More info
Medium us-west4 instance-1 Disk has no snapshot schedule configured. To periodically backup data from your persistent disks, ensure that Compute disks have scheduled snapshots configured. More info
Medium us-west4 instance-1 Disk has regional disk replication disabled. For high availability in case of a zonal outage, ensure that Compute disks have regional disk replication feature enabled. More info
Medium us-west4 instance-2 Disk has no snapshot schedule configured. To periodically backup data from your persistent disks, ensure that Compute disks have scheduled snapshots configured. More info
Medium us-west4 instance-2 Disk has regional disk replication disabled. For high availability in case of a zonal outage, ensure that Compute disks have regional disk replication feature enabled. More info
Medium CIS 4.5 us-central1 instance-group-1-ptb0 VM instance has serial port access enabled. Due to security and compliance regulations, ensure the serial port access is disabled for all your VM instances. More info
High CIS 4.3 us-central1 instance-group-1-ptb0 VM instance does not block project-wide SSH keys. To maintain the principle of least privilege and prevent potential privilege escalation, ensure VM instances are not configured to allow project-wide SSH keys and use instance-level SSH keys instead. More info
High us-central1 instance-group-1-ptb0 VM instance maintenance behavior is not set to "Migrate". To prevent your production applications from experiencing disruptions during maintenance events, ensure VM instances have "On Host Maintenance" configuration set to "Migrate". More info
High us-central1 instance-group-1-ptb0 VM instance is preemptible. To prevent your instances from being terminated in case Compute Engine requires using their resources for other tasks, ensure VM instances are not preemptible. More info
Medium CIS 4.6 PCI DSS 4.2.1 us-central1 instance-group-1-ptb0 VM instance has IP forwarding enabled. For security and compliance reasons, as instances with IP Forwarding enabled act as routers/packet forwarders, delete the VM instances with IP forwarding enabled and redeploy them with IP forwarding disabled. More info
Medium CIS 4.8 us-central1 instance-group-1-ptb0 VM instance has Shielded VM security feature disabled. For protection against rootkits and bootkits, ensure that your VM instances are configured to use Shielded VM security feature. More info
High PCI DSS 4.2.1 us-central1 gke-cluster-1-default-pool-fc104738-2sxd VM instance has no Two-Factor Authentication (2FA) enabled for OS Login. To fulfill PCI compliance requirements for additional security features for any required service, ensure that VM instances have OS login feature enabled and configured with 2FA. More info
Low us-central1 gke-cluster-1-default-pool-fc104738-2sxd VM instance has no deletion protection. To prevent accidental VM deletion, ensure that VM instances have deletion protection enabled. More info
Low us-central1 gke-cluster-1-default-pool-fc104738-2sxd VM instance has Auto-Delete behavior rule enabled for the persistent disk: persistent-disk-0. To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances. More info
High PCI DSS 3.5 HIPAA (Encryption) us-central1 gke-cluster-1-default-pool-fc104738-2sxd VM instance has no persistent disks encrypted with Customer-Managed Keys (CMKs). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, ensure that the persistent disks attached to your VM instances are encrypted with CMKs. More info
High CIS 4.3 us-central1 gke-cluster-1-default-pool-fc104738-427b VM instance does not block project-wide SSH keys. To maintain the principle of least privilege and prevent potential privilege escalation, ensure VM instances are not configured to allow project-wide SSH keys and use instance-level SSH keys instead. More info
High PCI DSS 4.2.1 us-central1 gke-cluster-1-default-pool-fc104738-427b VM instance has no Two-Factor Authentication (2FA) enabled for OS Login. To fulfill PCI compliance requirements for additional security features for any required service, ensure that VM instances have OS login feature enabled and configured with 2FA. More info
Low us-central1 gke-cluster-1-default-pool-fc104738-427b VM instance has no deletion protection. To prevent accidental VM deletion, ensure that VM instances have deletion protection enabled. More info
Low us-central1 gke-cluster-1-default-pool-fc104738-427b VM instance has Auto-Delete behavior rule enabled for the persistent disk: persistent-disk-0. To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances. More info
High PCI DSS 3.5 HIPAA (Encryption) us-central1 gke-cluster-1-default-pool-fc104738-427b VM instance has no persistent disks encrypted with Customer-Managed Keys (CMKs). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, ensure that the persistent disks attached to your VM instances are encrypted with CMKs. More info
High CIS 4.3 us-central1 gke-cluster-1-default-pool-fc104738-dlsn VM instance does not block project-wide SSH keys. To maintain the principle of least privilege and prevent potential privilege escalation, ensure VM instances are not configured to allow project-wide SSH keys and use instance-level SSH keys instead. More info
High PCI DSS 4.2.1 us-central1 gke-cluster-1-default-pool-fc104738-dlsn VM instance has no Two-Factor Authentication (2FA) enabled for OS Login. To fulfill PCI compliance requirements for additional security features for any required service, ensure that VM instances have OS login feature enabled and configured with 2FA. More info
Low us-central1 gke-cluster-1-default-pool-fc104738-dlsn VM instance has no deletion protection. To prevent accidental VM deletion, ensure that VM instances have deletion protection enabled. More info
Low us-central1 gke-cluster-1-default-pool-fc104738-dlsn VM instance has Auto-Delete behavior rule enabled for the persistent disk: persistent-disk-0. To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances. More info
High PCI DSS 3.5 HIPAA (Encryption) us-central1 gke-cluster-1-default-pool-fc104738-dlsn VM instance has no persistent disks encrypted with Customer-Managed Keys (CMKs). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, ensure that the persistent disks attached to your VM instances are encrypted with CMKs. More info
High CIS 4.3 us-central1 mysql-5-7-secured-by-sg-1-vm VM instance does not block project-wide SSH keys. To maintain the principle of least privilege and prevent potential privilege escalation, ensure VM instances are not configured to allow project-wide SSH keys and use instance-level SSH keys instead. More info
High PCI DSS 4.2.1 us-central1 mysql-5-7-secured-by-sg-1-vm VM instance has no Two-Factor Authentication (2FA) enabled for OS Login. To fulfill PCI compliance requirements for additional security features for any required service, ensure that VM instances have OS login feature enabled and configured with 2FA. More info
Low us-central1 mysql-5-7-secured-by-sg-1-vm VM instance has no deletion protection. To prevent accidental VM deletion, ensure that VM instances have deletion protection enabled. More info
Low CIS 4.9 PCI DSS 4.2.1 us-central1 mysql-5-7-secured-by-sg-1-vm VM instance has public access enabled. In order to minimize exposure to the Internet, ensure your VM instances are not configured to have external IP addresses. More info
Low us-central1 mysql-5-7-secured-by-sg-1-vm VM instance has Auto-Delete behavior rule enabled for the persistent disks: mysql-5-7-secured-by-sg-1-vm-disk1, sg-tde-mysql-shielded-vm-tmpl-boot-disk. To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances. More info
High PCI DSS 3.5 HIPAA (Encryption) us-central1 mysql-5-7-secured-by-sg-1-vm VM instance has no persistent disks encrypted with Customer-Managed Keys (CMKs). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, ensure that the persistent disks attached to your VM instances are encrypted with CMKs. More info
Low us-central1 gke-cluster-1-default-pool-fc104738-grp Instance group does not have autoscale enabled. To increase efficiency and improve cost management for resources, ensures instance groups have autoscale enabled. More info
Medium CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) us-central1 disk-1 Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. More info
Medium us-central1 disk-1 Disk is not in use. To avoid unnecessary billing, ensure there are no unused Compute disks. More info
Medium us-central1 instance-group-1-ptb0 Disk has no snapshot schedule configured. To periodically backup data from your persistent disks, ensure that Compute disks have scheduled snapshots configured. More info
Medium us-central1 instance-group-1-ptb0 Disk has regional disk replication disabled. For high availability in case of a zonal outage, ensure that Compute disks have regional disk replication feature enabled. More info
Medium CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) us-central1 gke-cluster-1-default-pool-fc104738-2sxd Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. More info
Medium us-central1 gke-cluster-1-default-pool-fc104738-2sxd Disk has no snapshot schedule configured. To periodically backup data from your persistent disks, ensure that Compute disks have scheduled snapshots configured. More info
Medium us-central1 gke-cluster-1-default-pool-fc104738-2sxd Disk has regional disk replication disabled. For high availability in case of a zonal outage, ensure that Compute disks have regional disk replication feature enabled. More info
Medium CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) us-central1 gke-cluster-1-default-pool-fc104738-427b Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. More info
Medium us-central1 gke-cluster-1-default-pool-fc104738-427b Disk has no snapshot schedule configured. To periodically backup data from your persistent disks, ensure that Compute disks have scheduled snapshots configured. More info
Medium us-central1 gke-cluster-1-default-pool-fc104738-427b Disk has regional disk replication disabled. For high availability in case of a zonal outage, ensure that Compute disks have regional disk replication feature enabled. More info
Medium CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) us-central1 gke-cluster-1-default-pool-fc104738-dlsn Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. More info
Medium us-central1 gke-cluster-1-default-pool-fc104738-dlsn Disk has no snapshot schedule configured. To periodically backup data from your persistent disks, ensure that Compute disks have scheduled snapshots configured. More info
Medium us-central1 gke-cluster-1-default-pool-fc104738-dlsn Disk has regional disk replication disabled. For high availability in case of a zonal outage, ensure that Compute disks have regional disk replication feature enabled. More info
Medium CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) us-central1 mysql-5-7-secured-by-sg-1-vm Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. More info
Medium us-central1 mysql-5-7-secured-by-sg-1-vm Disk has no snapshot schedule configured. To periodically backup data from your persistent disks, ensure that Compute disks have scheduled snapshots configured. More info
Medium us-central1 mysql-5-7-secured-by-sg-1-vm Disk has regional disk replication disabled. For high availability in case of a zonal outage, ensure that Compute disks have regional disk replication feature enabled. More info
Medium CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) us-central1 mysql-5-7-secured-by-sg-1-vm-disk1 Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. More info
Medium us-central1 mysql-5-7-secured-by-sg-1-vm-disk1 Disk has no snapshot schedule configured. To periodically backup data from your persistent disks, ensure that Compute disks have scheduled snapshots configured. More info
Medium us-central1 mysql-5-7-secured-by-sg-1-vm-disk1 Disk has regional disk replication disabled. For high availability in case of a zonal outage, ensure that Compute disks have regional disk replication feature enabled. More info
Low global disk-1-us-central1-20220214160418-0t1dqh9c Disk snapshot is more than 59 days old. In order to optimize storage costs, identify and remove old VM persistent disk snapshots. More info
Low global snapshot-1 Disk snapshot is more than 33 days old. In order to optimize storage costs, identify and remove old VM persistent disk snapshots. More info
VM Instances (7)
VM Instance Zone Status In use by Internal IPs External IPs Security issues
instance-1us-west4-b Running10.182.0.334.125.121.173 3 High + 3 others (details)
instance-2us-west4-b Running10.182.0.534.125.174.162 3 High + 4 others (details)
instance-group-1-ptb0us-central1-a Runninginstance-group-110.128.0.5 3 High + 3 others (details)
gke-cluster-1-default-pool-fc104738-2sxdus-central1-c Runninggke-cluster-1-default-pool-fc104738-grp10.128.0.2034.133.212.100 2 High + 2 others (details)
gke-cluster-1-default-pool-fc104738-427bus-central1-c Runninggke-cluster-1-default-pool-fc104738-grp10.128.0.1934.132.115.236 3 High + 2 others (details)
gke-cluster-1-default-pool-fc104738-dlsnus-central1-c Runninggke-cluster-1-default-pool-fc104738-grp10.128.0.1834.123.164.160 3 High + 2 others (details)
mysql-5-7-secured-by-sg-1-vmus-central1-f Running10.128.0.1734.134.155.250 3 High + 3 others (details)
Disks (9)
Disk Zone Status Size Disk type In use by Snapshot schedule Security issues
instance-1us-west4-b Ready10 GBBalanced persistent diskinstance-1 3 Medium (details)
instance-2us-west4-b Ready10 GBBalanced persistent diskinstance-2 2 Medium (details)
disk-1 Ready10 GBBalanced persistent diskschedule-1 2 Medium (details)
instance-group-1-ptb0us-central1-a Ready10 GBBalanced persistent diskinstance-group-1-ptb0 2 Medium (details)
gke-cluster-1-default-pool-fc104738-2sxdus-central1-c Ready100 GBStandard persistent diskgke-cluster-1-default-pool-fc104738-2sxd 3 Medium (details)
gke-cluster-1-default-pool-fc104738-427bus-central1-c Ready100 GBStandard persistent diskgke-cluster-1-default-pool-fc104738-427b 3 Medium (details)
gke-cluster-1-default-pool-fc104738-dlsnus-central1-c Ready100 GBStandard persistent diskgke-cluster-1-default-pool-fc104738-dlsn 3 Medium (details)
mysql-5-7-secured-by-sg-1-vmus-central1-f Ready10 GBStandard persistent diskmysql-5-7-secured-by-sg-1-vm 3 Medium (details)
mysql-5-7-secured-by-sg-1-vm-disk1us-central1-f Ready10 GBStandard persistent diskmysql-5-7-secured-by-sg-1-vm 3 Medium (details)
Snapshots (3)
Snapshot Location Status Disk size Snapshot size Created Source disk Security issues
disk-1-us-central1-20220214160418-0t1dqh9cus Ready10 GBzero bytes disk-1 1 Low (details)
snapshot-1us-west4 Ready10 GB386.37 MB instance-1 1 Low (details)
snapshot-2asia-east2 Ready10 GB385.88 MB instance-1
Images (1)
Image Location Status Created Disk size Archive size Security issues
nested-virtus Ready 255 GB671.35 MB
Instance Groups (2)
Instance Group Zone Created Number of instances Security issues
instance-group-1us-central1-a 1
gke-cluster-1-default-pool-fc104738-grpus-central1-c 3 1 Low (details)