Low severity CSPM issues (53)
Severity Non-Compliance Region Resource Issue Remediation Read more Action
IAM & Admin Low global 853160546542-compute@developer.gserviceaccount.com Service account uses a primitive role. For critical production environments, limit the use of primitive roles such as Owner, Editor, or Viewer for Cloud IAM members. More info
IAM & Admin Low global Service accounts User account prevasio@gmail.com uses a primitive role. For critical production environments, limit the use of primitive roles such as Owner, Editor, or Viewer for Cloud IAM members. More info
IAM & Admin Low global Service accounts Service account 853160546542@cloudservices.gserviceaccount.com uses a primitive role. For critical production environments, limit the use of primitive roles such as Owner, Editor, or Viewer for Cloud IAM members. More info
IAM & Admin Low global prevasio@sylvan-surf-339107.iam.gserviceaccount.com Service account uses a primitive role. For critical production environments, limit the use of primitive roles such as Owner, Editor, or Viewer for Cloud IAM members. More info
IAM & Admin Low global sylvan-surf-339107@appspot.gserviceaccount.com Service account uses a primitive role. For critical production environments, limit the use of primitive roles such as Owner, Editor, or Viewer for Cloud IAM members. More info
IAM & Admin Low CIS 1.6 global service-853160546542@gcp-sa-firestore.iam.gserviceaccount.com User account has a Service Account Token Creator role. For best security practices, ensure that no IAM users have Service Account Token Creator role More info
IAM & Admin Low global service-853160546542@gcp-sa-firestore.iam.gserviceaccount.com User account has a Service Account User role. It is not recommended to have Service Account User role attached to your service accounts, as that role enables access to all service accounts within the project. More info
IAM & Admin Low CIS 1.7 PCI DSS (Networking) HIPAA (Networking) global d7cdf0e28512f79b6b5ac175bea7285a266e984b User-managed key has not been rotated in 224 days. Ensure that the user-managed keys associated with your service accounts are rotated every 90 days or less. More info
IAM & Admin Low global sylvan-surf-339107 Project has no usage export feature enabled. To export detailed reports about the lifetime and usage of your resources to a storage bucket, enable usage export feature for your projects. More info
IAM & Admin Low global sylvan-surf-339107 Project has OS login disabled. To fulfill PCI compliance requirements for additional security features and to provide you with centralized and automated SSH key pair management, enable OS Login in project-wide metadata. More info
Logging Low global Logging Log alert for audit configuration changes was not found. To fulfill HIPAA and PCI DSS audit requirements for logging, ensure that log alerts exist for audit configuration changes. More info
Logging Low global Logging Log alert for custom role creation or modification was not found. To fulfill HIPAA and PCI DSS audit requirements for logging, ensure that log alerts exist for custom role creation or modification. More info
Logging Low global Logging Log alert for project ownership assignments and changes was not found. To fulfill HIPAA and PCI DSS audit requirements for logging, ensure that log alerts exist for project ownership assignments and changes. More info
Logging Low global Logging Log alert for SQL configuration changes was not found. To fulfill HIPAA and PCI DSS audit requirements for logging, ensure that log alerts exist for SQL configuration changes. More info
Logging Low global Logging Log alert for storage permission changes was not found. To fulfill HIPAA and PCI DSS audit requirements for logging, ensure that log alerts exist for storage permission changes. More info
Logging Low global Logging Log alert for firewall rule changes was not found. To fulfill HIPAA and PCI DSS audit requirements for logging, ensure that log alerts exist for firewall rule changes. More info
Logging Low global Logging Log alert for VPC network changes was not found. To fulfill HIPAA and PCI DSS audit requirements for logging, ensure that log alerts exist for VPC network changes. More info
Logging Low global Logging Log alert for VPC network route changes was not found. To fulfill HIPAA and PCI DSS audit requirements for logging, ensure that log alerts exist for VPC network route changes. More info
Logging Low CIS 2.2 global my-test-7 Log bucket "prevasio-test-bucket" versioning is disabled. Ensure the log sink is configured properly; in case of using a storage bucket, make sure it has a destination and an empty filter. More info
Network Services Low global my-loadbalancer-service Backend service has no security policy attached. To control the traffic on the load balancer, such as deny or allow specified IP addresses, ensure that all backend services have an attached security policy. More info
Network Services Low global my-loadbalancer-service Backend service is not configured to log HTTP(S) traffic. To monitor and debug web traffic via logging data to Cloud Monitoring service, ensure that your load balancing backend services are configured to log HTTP(S) traffic. More info
Kubernetes Engine Low global cluster-1 Kubernetes cluster has an alias for IP ranges disabled. To assign ranges of internal IP addresses as alias to a network interface, make sure your Kubernetes clusters have an alias for IP ranges enabled. More info
Kubernetes Engine Low global cluster-1 Kubernetes cluster with default service account used for node pools: node-pool3, node-pool2, default-pool... To reduce the attack surface in case of a malicious attack against the cluster, ensure that no Kubernetes cluster nodes are using the default service account. More info
Kubernetes Engine Low global cluster-1 Kubernetes cluster has alpha feature enabled. As alpha clusters expire after thirty days and do not receive security updates, create a new cluster with the alpha feature disabled, migrate all data from the old cluster with the alpha feature, and then delete the old cluster. More info
Kubernetes Engine Low global cluster-1 Kubernetes cluster does not have any labels. To be better organize your Kubernetes clusters, it is recommended to add labels to Kubernetes clusters. More info
Compute Engine Low us-west4 instance-1 VM instance has no deletion protection. To prevent accidental VM deletion, ensure that VM instances have deletion protection enabled. More info
Compute Engine Low CIS 4.9 PCI DSS 4.2.1 us-west4 instance-1 VM instance has public access enabled. In order to minimize exposure to the Internet, ensure your VM instances are not configured to have external IP addresses. More info
Compute Engine Low us-west4 instance-1 VM instance has Auto-Delete behavior rule enabled for the persistent disk: instance-1. To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances. More info
Compute Engine Low us-west4 instance-2 VM instance has no deletion protection. To prevent accidental VM deletion, ensure that VM instances have deletion protection enabled. More info
Compute Engine Low CIS 4.9 PCI DSS 4.2.1 us-west4 instance-2 VM instance has public access enabled. In order to minimize exposure to the Internet, ensure your VM instances are not configured to have external IP addresses. More info
Compute Engine Low us-west4 instance-2 VM instance has Auto-Delete behavior rule enabled for the persistent disk: instance-2. To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances. More info
Compute Engine Low us-central1 gke-cluster-1-default-pool-fc104738-2sxd VM instance has no deletion protection. To prevent accidental VM deletion, ensure that VM instances have deletion protection enabled. More info
Compute Engine Low us-central1 gke-cluster-1-default-pool-fc104738-2sxd VM instance has Auto-Delete behavior rule enabled for the persistent disk: persistent-disk-0. To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances. More info
Compute Engine Low us-central1 gke-cluster-1-default-pool-fc104738-427b VM instance has no deletion protection. To prevent accidental VM deletion, ensure that VM instances have deletion protection enabled. More info
Compute Engine Low us-central1 gke-cluster-1-default-pool-fc104738-427b VM instance has Auto-Delete behavior rule enabled for the persistent disk: persistent-disk-0. To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances. More info
Compute Engine Low us-central1 gke-cluster-1-default-pool-fc104738-dlsn VM instance has no deletion protection. To prevent accidental VM deletion, ensure that VM instances have deletion protection enabled. More info
Compute Engine Low us-central1 gke-cluster-1-default-pool-fc104738-dlsn VM instance has Auto-Delete behavior rule enabled for the persistent disk: persistent-disk-0. To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances. More info
Compute Engine Low us-central1 mysql-5-7-secured-by-sg-1-vm VM instance has no deletion protection. To prevent accidental VM deletion, ensure that VM instances have deletion protection enabled. More info
Compute Engine Low CIS 4.9 PCI DSS 4.2.1 us-central1 mysql-5-7-secured-by-sg-1-vm VM instance has public access enabled. In order to minimize exposure to the Internet, ensure your VM instances are not configured to have external IP addresses. More info
Compute Engine Low us-central1 mysql-5-7-secured-by-sg-1-vm VM instance has Auto-Delete behavior rule enabled for the persistent disks: mysql-5-7-secured-by-sg-1-vm-disk1, sg-tde-mysql-shielded-vm-tmpl-boot-disk. To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances. More info
Compute Engine Low us-central1 gke-cluster-1-default-pool-fc104738-grp Instance group does not have autoscale enabled. To increase efficiency and improve cost management for resources, ensures instance groups have autoscale enabled. More info
Compute Engine Low global disk-1-us-central1-20220214160418-0t1dqh9c Disk snapshot is more than 59 days old. In order to optimize storage costs, identify and remove old VM persistent disk snapshots. More info
Compute Engine Low global snapshot-1 Disk snapshot is more than 33 days old. In order to optimize storage costs, identify and remove old VM persistent disk snapshots. More info
VPC Network Low CIS 2.12 global default VPC network does not have DNS logging enabled. To follow best security practices and networking requirements, make sure your VPC Networks use DNS Server Policy with logging enabled. More info
VPC Network Low CIS 2.12 global vpc-network-test VPC network does not have DNS logging enabled. To follow best security practices and networking requirements, make sure your VPC Networks use DNS Server Policy with logging enabled. More info
Dataflow Low global my-dataflow-job Dataflow job is in Running state for 667 hours. Cancel or stop Dataflow jobs that fail to reach terminal state for more than 6 hours. More info
Cloud Functions Low us-central1 function-1 HTTP function allows all ingress traffic. Make sure your Google Cloud functions do not allow external ingress traffic from the Internet. More info
SQL Low global my-sql-instance SQL database instance has automatic storage increase limit set zero (no limit for storage growth). To prevent your SQL instance disk size from growing too large and increase service costs, ensure your SQL database instances are configured with an optimal automatic storage increase limit. More info
SQL Low global my-sql-instance3 SQL database instance has automatic storage increase limit set zero (no limit for storage growth). To prevent your SQL instance disk size from growing too large and increase service costs, ensure your SQL database instances are configured with an optimal automatic storage increase limit. More info
SQL Low global my-sql-instance4 SQL database instance has automatic storage increase limit set zero (no limit for storage growth). To prevent your SQL instance disk size from growing too large and increase service costs, ensure your SQL database instances are configured with an optimal automatic storage increase limit. More info
Deployments Low global mysql-5-7-secured-by-sg-1 Deployment was created 32 days ago. Check and delete deployments that were created more than 7 days ago More info
Pub/Sub Low global my-subscription Pub/Sub subscription has no dead-letter topic enabled. To store undelivered messages for later access, make sure your Pub/Sub subscriptions have dead-letter topics enabled. More info
Key Management Low global my-key-2 KMS cryptographic key has inadequate protection level: Protection level unspecified. Ensure the protection level for cryptographic keys is set to Software (Customer-managed encryption key, or CMEK), Hardware Security Module (HSM), or External key manager. More info
Low severity private container images (0)
Repository Image name Image tag Region Image size Pushed at Latest Vulnerabilities Alerts Action
Low severity public container images (0)
Repository Image name Image tag Region Image size Pushed at Latest Vulnerabilities Alerts Action