It is not recommended to have Service Account User role attached to your service accounts, as that role enables access to all service accounts within the project.
To fulfill PCI compliance requirements for additional security features and to provide you with centralized and automated SSH key pair management, enable OS Login in project-wide metadata.
To control the traffic on the load balancer, such as deny or allow specified IP addresses, ensure that all backend services have an attached security policy.
Backend service is not configured to log HTTP(S) traffic.
To monitor and debug web traffic via logging data to Cloud Monitoring service, ensure that your load balancing backend services are configured to log HTTP(S) traffic.
Kubernetes cluster with default service account used for node pools: node-pool3, node-pool2, default-pool...
To reduce the attack surface in case of a malicious attack against the cluster, ensure that no Kubernetes cluster nodes are using the default service account.
As alpha clusters expire after thirty days and do not receive security updates, create a new cluster with the alpha feature disabled, migrate all data from the old cluster with the alpha feature, and then delete the old cluster.
VM instance has Auto-Delete behavior rule enabled for the persistent disk: instance-1.
To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances.
VM instance has Auto-Delete behavior rule enabled for the persistent disk: instance-2.
To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances.
VM instance has Auto-Delete behavior rule enabled for the persistent disk: persistent-disk-0.
To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances.
VM instance has Auto-Delete behavior rule enabled for the persistent disk: persistent-disk-0.
To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances.
VM instance has Auto-Delete behavior rule enabled for the persistent disk: persistent-disk-0.
To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances.
VM instance has Auto-Delete behavior rule enabled for the persistent disks: mysql-5-7-secured-by-sg-1-vm-disk1, sg-tde-mysql-shielded-vm-tmpl-boot-disk.
To protect the VM data from being deleted when the associated VM instance is deleted and to meet security and compliance requirements, that Auto-Delete is disabled for all persistent disks associated with your VM instances.
SQL database instance has automatic storage increase limit set zero (no limit for storage growth).
To prevent your SQL instance disk size from growing too large and increase service costs, ensure your SQL database instances are configured with an optimal automatic storage increase limit.
SQL database instance has automatic storage increase limit set zero (no limit for storage growth).
To prevent your SQL instance disk size from growing too large and increase service costs, ensure your SQL database instances are configured with an optimal automatic storage increase limit.
SQL database instance has automatic storage increase limit set zero (no limit for storage growth).
To prevent your SQL instance disk size from growing too large and increase service costs, ensure your SQL database instances are configured with an optimal automatic storage increase limit.
KMS cryptographic key has inadequate protection level: Protection level unspecified.
Ensure the protection level for cryptographic keys is set to Software (Customer-managed encryption key, or CMEK), Hardware Security Module (HSM), or External key manager.