Assess Google Cloud Security with cnspec
Secure your Google Cloud environment by scanning for vulnerabilities and misconfigurations with cnspec.
cnspec secures your Google Cloud environment by finding vulnerabilities and misconfigurations across 40+ GCP services, including Compute Engine, Cloud Storage, IAM, BigQuery, GKE, Cloud SQL, Pub/Sub, and many more. With 250+ queryable resources, you can query and secure virtually anything in your GCP project.
Assess your GCP project
Assess a GCP Project: Scan your entire Google Cloud project, organization, or folder for security best practices across Compute Engine, Cloud Storage, IAM, BigQuery, GKE, Cloud SQL, and dozens more services.
Scan instances using snapshots
- Scan GCP Instances Using Snapshots: Assess Compute Engine instances without affecting your production workload.
- Cross-Project Snapshot Scanning: Scan snapshots that reside in a different project than your scanner VM.
Shift security left with IaC scanning
Mondoo's security policies include variants for both live GCP resources and the infrastructure as code that defines them. The same security checks that cnspec runs against your GCP project can also run against your Terraform code. One tool, one policy, consistent security from code to cloud.
- Scan Terraform Configurations: Evaluate Terraform HCL files against GCP security policies during development or in CI/CD pipelines.
- Build Secure VM Images with Packer: Scan Packer builds for vulnerabilities and misconfigurations before images reach production.
Advanced authentication
Workload Identity Federation: Use Workload Identity Federation to scan resources in other GCP projects without exporting keys.
Continuously scan with Mondoo Platform
Go beyond one-off scans. Use Mondoo Platform and the Mondoo GCP Integration to continuously monitor your GCP projects. Get a real-time security dashboard, track your posture over time, and catch new misconfigurations as your infrastructure changes.