Secure Google Cloud with cnspec
Secure your Google Cloud environment by scanning for vulnerabilities and misconfigurations with cnspec.
cnspec secures your Google Cloud environment by finding vulnerabilities and misconfigurations across 25+ Google Cloud services, including Compute Engine, Cloud Storage, IAM, BigQuery, GKE, Cloud SQL, Pub/Sub, and many more. With 350+ queryable resources, you can query and secure virtually anything in your Google Cloud project.
Assess your Google Cloud project
Secure a Google Cloud Project: Scan an entire Google Cloud project, organization, or folder against best practices for Compute Engine, Cloud Storage, IAM, BigQuery, GKE, Cloud SQL, and dozens of other services.
Scan instances using snapshots
- Scan Google Cloud Instances Using Snapshots: Assess Compute Engine instances without affecting your production workload.
- Cross-Project Snapshot Scanning: Scan snapshots that reside in a different project than your scanner VM.
Shift security left with IaC scanning
Mondoo's security policies include variants for both live Google Cloud resources and the infrastructure as code that defines them. The same checks that cnspec runs against your project also run against your Terraform code. One tool, one policy, consistent security from code to cloud.
- Scan Terraform Configurations: Evaluate Terraform HCL files against Google Cloud security policies during development or in CI/CD pipelines.
- Build Secure VM Images with Packer: Scan Packer builds for vulnerabilities and misconfigurations before images reach production.
Advanced authentication
Workload Identity Federation: Use Workload Identity Federation (WIF) to scan resources in other Google Cloud projects without exporting keys.
Continuously scan with Mondoo Platform
Go beyond one-off scans. Use Mondoo Platform and the Mondoo Google Cloud Integration to continuously monitor your projects. Get a real-time security dashboard, track your posture over time, and catch new misconfigurations as your infrastructure changes.