gcp-security-scanner
GCP security configuration scanning and hardening using Security Command Center, Forseti, and ScoutSuite
Best use case
gcp-security-scanner is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
GCP security configuration scanning and hardening using Security Command Center, Forseti, and ScoutSuite
Teams using gcp-security-scanner should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/gcp-security-scanner/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How gcp-security-scanner Compares
| Feature / Agent | gcp-security-scanner | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
GCP security configuration scanning and hardening using Security Command Center, Forseti, and ScoutSuite
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# GCP Security Scanner Skill
## Purpose
Automated Google Cloud Platform security configuration scanning and hardening to identify misconfigurations, compliance violations, and security risks across GCP projects and organizations.
## Capabilities
### Security Command Center Integration
- Leverage GCP Security Command Center findings
- Review vulnerability and threat findings
- Check Security Health Analytics results
- Monitor Event Threat Detection alerts
- Track Container Threat Detection findings
- Generate compliance reports
### IAM Security Analysis
- Analyze IAM policies for over-permissive access
- Check service account key usage and rotation
- Identify excessive permissions
- Review organization policy constraints
- Detect cross-project access
- Audit IAM recommender suggestions
### VPC Firewall Analysis
- Review firewall rules for overly permissive access
- Check for open management ports
- Validate VPC Service Controls
- Review Shared VPC configurations
- Check Private Google Access settings
- Analyze VPC flow logs configuration
### Cloud Storage Security
- Identify publicly accessible buckets
- Check bucket IAM policies
- Validate uniform bucket-level access
- Review bucket encryption settings
- Check access logging configuration
- Verify retention policies
### Cloud KMS Configuration
- Review key ring and key configurations
- Check key rotation policies
- Validate IAM policies on keys
- Review HSM key protection levels
- Check external key manager usage
- Audit key access patterns
### Audit Logging Verification
- Validate Cloud Audit Logs configuration
- Check data access logging
- Review admin activity logging
- Verify log export configuration
- Check Cloud Logging retention
- Validate alert policies
### Organization Policy Assessment
- Review organization policy constraints
- Check service restriction policies
- Validate resource location constraints
- Review VM external IP restrictions
- Check service account creation policies
## GCP Services Covered
| Category | Services |
|----------|----------|
| Identity | IAM, Cloud Identity, Workforce Identity |
| Compute | Compute Engine, GKE, Cloud Run, Functions |
| Storage | Cloud Storage, Persistent Disks |
| Database | Cloud SQL, Spanner, BigQuery, Firestore |
| Network | VPC, Firewall, Cloud Armor, Cloud CDN |
| Security | Security Command Center, Cloud KMS, BeyondCorp |
| Monitoring | Cloud Logging, Cloud Monitoring, Cloud Audit Logs |
## Integrations
- **Security Command Center**: GCP native CSPM
- **Forseti Security**: Open-source GCP security toolkit
- **ScoutSuite**: Multi-cloud security auditing
- **Cloud Asset Inventory**: Resource visibility
- **IAM Recommender**: Permission optimization
## Target Processes
- Cloud Security Architecture Review
- Compliance Monitoring
- GCP Project Hardening
- Security Posture Assessment
## Input Schema
```json
{
"type": "object",
"properties": {
"scanType": {
"type": "string",
"enum": ["full", "cis", "pci", "hipaa", "iso27001", "custom"],
"description": "Type of security scan"
},
"projects": {
"type": "array",
"items": { "type": "string" },
"description": "GCP project IDs to scan"
},
"organization": {
"type": "string",
"description": "GCP organization ID for org-wide scanning"
},
"services": {
"type": "array",
"items": { "type": "string" },
"description": "Specific services to scan"
},
"severityThreshold": {
"type": "string",
"enum": ["critical", "high", "medium", "low"]
},
"complianceFrameworks": {
"type": "array",
"items": {
"type": "string",
"enum": ["CIS", "PCI-DSS", "HIPAA", "ISO27001", "SOC2", "NIST"]
}
},
"includeSCC": {
"type": "boolean",
"description": "Include Security Command Center findings"
}
},
"required": ["scanType"]
}
```
## Output Schema
```json
{
"type": "object",
"properties": {
"scanId": {
"type": "string"
},
"scanTimestamp": {
"type": "string",
"format": "date-time"
},
"projectsScanned": {
"type": "array"
},
"organizationId": {
"type": "string"
},
"summary": {
"type": "object",
"properties": {
"totalChecks": { "type": "integer" },
"passed": { "type": "integer" },
"failed": { "type": "integer" },
"warnings": { "type": "integer" }
}
},
"findingsBySeverity": {
"type": "object",
"properties": {
"critical": { "type": "integer" },
"high": { "type": "integer" },
"medium": { "type": "integer" },
"low": { "type": "integer" }
}
},
"findings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"checkId": { "type": "string" },
"severity": { "type": "string" },
"service": { "type": "string" },
"project": { "type": "string" },
"resourceName": { "type": "string" },
"description": { "type": "string" },
"remediation": { "type": "string" },
"complianceMapping": { "type": "array" }
}
}
},
"sccFindings": {
"type": "array"
},
"organizationPolicyStatus": {
"type": "object"
},
"recommendations": {
"type": "array",
"items": { "type": "string" }
}
}
}
```
## Usage Example
```javascript
skill: {
name: 'gcp-security-scanner',
context: {
scanType: 'cis',
projects: ['my-project-id'],
complianceFrameworks: ['CIS', 'SOC2'],
includeSCC: true,
severityThreshold: 'medium'
}
}
```Related Skills
web-security
OWASP Top 10, security headers, CSP, XSS prevention, and vulnerability prevention.
security-scanner
Run security scans including SAST, dependency scanning, and secret detection
security-sandbox
Isolated analysis environment management for malware and exploit testing. Create and manage isolated VMs, configure Cuckoo Sandbox, set up REMnux/FlareVM environments, manage Docker-based analysis containers, and capture filesystem and process changes.
Offensive Security Skill
Offensive security tools and techniques integration
hardware-security
Hardware and embedded security research capabilities. Interface with JTAG debuggers, analyze SPI/I2C communications, dump and analyze firmware, support fault injection, side-channel analysis, and hardware exploitation research.
cloud-security-testing
Multi-cloud security assessment and penetration testing capabilities. Execute Prowler/ScoutSuite assessments, analyze IAM policies, identify cloud misconfigurations, test permissions, and enumerate cloud resources across AWS/GCP/Azure.
Burp Suite/Web Security Skill
Web application security testing with Burp Suite integration
aiml-security
AI/ML model security testing and adversarial research capabilities. Generate adversarial examples, test model robustness, perform model extraction attacks, test for data poisoning, analyze model fairness, and support ART framework integration.
vendor-security-questionnaire
Automated vendor security assessment through questionnaire generation, response parsing, and risk scoring
secret-detection-scanner
Detect secrets, credentials, and sensitive data in code and configurations. Scan git history for secrets, detect API keys, tokens, passwords, check environment files, monitor CI/CD logs for exposure, generate remediation steps, and track secret rotation status.
owasp-security-scanner
Automated OWASP Top 10 vulnerability detection and assessment. Run OWASP ZAP automated scans, detect injection vulnerabilities, identify broken authentication patterns, check for sensitive data exposure, analyze security misconfigurations, and generate OWASP-compliant reports.
multi-cloud-security-posture
Unified cloud security posture management across AWS, Azure, and GCP with normalized metrics and CIS benchmark comparison