Googledeploymentmanager queries

GoogleDeploymentManager Queries List

This page contains all queries from GoogleDeploymentManager.

Query	Severity	Category	Description	Help
DNSSEC Using RSASHA1 6d7b121a-a2ed-4e37-bd2f-80d9df1dfd35	High	Encryption	DNSSEC should not use the RSASHA1 algorithm	Documentation
Private Cluster Disabled 48c61fbd-09c9-46cc-a521-012e0c325412	High	Insecure Configurations	Kubernetes Clusters must be created with Private Clusters enabled, meaning the 'privateClusterConfig' must be defined and the attributes 'enablePrivateEndpoint' and 'enablePrivateNodes' must be true.	Documentation
Not Proper Email Account In Use a21b8df3-c840-4b3d-a41a-10fb2afda171	High	Insecure Configurations	Gmail accounts are being used instead of corporate credentials	Documentation
Compute Instance Is Publicly Accessible 8212e2d7-e683-49bc-bf78-d6799075c5a7	High	Networking and Firewall	Compute instances shouldn't be accessible from the Internet.	Documentation
Cloud Storage Bucket Versioning Disabled ad0875c1-0b39-4890-9149-173158ba3bba	High	Observability	Cloud Storage Bucket should be enabled	Documentation
Disk Encryption Disabled fc040fb6-4c23-4c0d-b12a-39edac35debb	Medium	Encryption	VM disks for critical VMs must be encrypted with Customer Supplied Encryption Keys (CSEK) or with Customer-managed encryption keys (CMEK), which means the attribute 'diskEncryptionKey' must be defined and its sub attributes 'rawKey' or 'kmsKeyName' must also be defined	Documentation
Cloud DNS Without DNSSEC 313d6deb-3b67-4948-b41d-35b699c2492e	Medium	Insecure Configurations	DNSSEC must be enabled for Cloud DNS	Documentation
Google Storage Bucket Level Access Disabled 1239f54b-33de-482a-8132-faebe288e6a6	Medium	Insecure Configurations	Google Storage Bucket Level Access should be enabled	Documentation
IP Forwarding Enabled 7c98538a-81c6-444b-bf04-e60bc3ceeec0	Medium	Networking and Firewall	Instances must not have IP forwarding enabled, which means the attribute 'canIpForward' must not be true	Documentation