Cloud Security Rules

RULE	SERVICE GROUP
C MySQL database instance has a passwordless default root user	Cloud SQL
H App Engine application does not enforce HTTPS	App Engine
H Backend service is not enforcing HTTPS	Compute Engine
H BigQuery dataset is publicly accessible	BigQuery
H Cloud Functions Egress Is not Restricted to Private IP Ranges	Cloud Functions
H Cloud Storage bucket is publicly accessible	Cloud Storage
H Cloud Storage Buckets allow AllUsers and AllAuthenticatedUsers	Cloud Storage
H Compute instance uses the default service account	Compute Engine
H Encryption key is exposed in instance template configuration	Compute Engine
H GKE control plane is publicly accessible	Container
H In transit encryption is disabled for Memory store instances	Redis
H KMS key is openly accessible	Cloud KMS
H Logging is disabled on Kubernetes engine clusters	Kubernetes (Container) Engine
H Memory store has Redis AUTH disabled	Redis
H Persistent disk is not encrypted at rest	Compute Engine
H Sensitive certificate key material is stored in state file	Secrets Manager
H Service account has admin privileges	IAM
H SSL is not enabled on CloudSQL instance	Cloud SQL
H The log_connections setting is disabled on Postgresql DB	Cloud SQL
H Unrestricted RDP access	Compute Engine
M Artifact registries are open to public	Artifact Registry
M Artifact Registry not using Customer-Managed Encryption Keys (CMEK)	Artifact Registry
M At least one project-level logging sink does not contain an empty filter	Monitor
M Backend service logging is disabled	Compute Engine
M BigQuery Dataset is not encrypted with Customer-Managed Encryption Key	BigQuery
M Cloud Functions are not encrypted with customer-managed encryption keys	Cloud Functions
M Cloud Functions ingress is not set to internal-only traffic	Cloud Functions
M Cloud IAM not configured for CloudSQL instance	Cloud SQL
M Cloud SQL instance backup is disabled	Cloud SQL
M Cloud SQL instance is publicly accessible	Cloud SQL

AWS

Azure

Google

Kubernetes