G-Scout is a tool for auditing Google Cloud Platform configurations. By making API calls, applying security rules, and generating HTML files based on the output, G-Scout makes it easy to analyze the security of a GCP environment.
There are two ways for the project owner to grant API permissions:
GOOGLE_APPLICATION_CREDENTIALS
to the path of the JSON file downloaded. Or use the SDK to run gcloud auth application-default login
.To run the application:
virtualenv -p python2 venv
source venv/bin/activate
pip install -r requirements.txt
python gscout.py -h
The HTML report output will be in the "Report Output" folder.
When specifying the project name you can also use a wildcard to run G-Scout on multiple projects, for example: python gscout.py --project-name "dev-*"
.
You can also run G-Scout on all projects in an organization like this: python gscout.py --organization "organization id"
, where the id will be a number you can find next to the organization name in the GCP console.
To create a custom rule, add it to the rules.py file. A Rule object takes a name, a category, and a filter function. The function will be passed a json object corresponding to the category. To see an example for each category (some of which are altered from the standard API response), see the entity_samples.json file.
Running python x_project.py
will create a file showing all results across all projects G-Scout has been run on for each finding specified. Change the items in the list of rule names in x_project.py
to specify which rules to generate the files for.