VPC-SC scan (feature request) #256

mcapts · 2019-09-23T13:13:00Z

This is a feature request for having a scanner that checks VPC Service Controls to ensure the configuration is correct/appropriate.

Some basic checks like:

only whitelisted services are included in the perimeter
appropriate Access Levels are included in the perimeter
only projects from our organization are included in the perimeter

It may make sense to have this scan work in conjunction with an Access Context Manager scan, since Access Levels and VPC-SC are tightly coupled (and their union defines the actual security controls on the organization).

dekuhn · 2019-09-23T17:36:26Z

@blueandgold @ryanismert Can you please review this feature request. I believe we need a high level 1 pager that describes the overall scanner behavior as to when to assert a match.

dekuhn · 2019-09-24T18:35:28Z

Draft 1 pager with details to scope this work: https://docs.google.com/document/d/14wYLG1IkLXUPf6t9txhdCFiVwXtDnVjN_8QOC9IPw_o/edit

gkowalski-google · 2020-01-28T18:38:43Z

Resolved by PR #238

gkowalski-google assigned joecheuk Sep 23, 2019

gkowalski-google assigned blueandgold and unassigned joecheuk Sep 25, 2019

gkowalski-google transferred this issue from forseti-security/forseti-security Jan 28, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VPC-SC scan (feature request) #256

VPC-SC scan (feature request) #256

mcapts commented Sep 23, 2019

dekuhn commented Sep 23, 2019

dekuhn commented Sep 24, 2019

gkowalski-google commented Jan 28, 2020

VPC-SC scan (feature request) #256

VPC-SC scan (feature request) #256

Comments

mcapts commented Sep 23, 2019

dekuhn commented Sep 23, 2019

dekuhn commented Sep 24, 2019

gkowalski-google commented Jan 28, 2020