This tool is created to help the users to assess their security posture on the Google Cloud against the CIS Benchmark. In this article we will go through the steps to setup AWS Inspec tool using Cloud Shell and Using the CLI in detail.
Go to the Cloud Shell and clone the inspec repohttps://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/inspec-gcp-cis-benchmark&page=editor&tutorial=walkthrough.md
Once you click on start button, you will see the introduction to inspec and click on Next
After this install inspec, then click on next.
Select the cloud project on which you want to scan
After this run the inspec scan
Authorize the cloud shell to make the API call
After authorization the scan will be complete
Download and install the SDK using the command below:
./google-cloud-sdk/install.shLet’s create the credentials file using the below command
gcloud auth application-default loginIf successful it will open the window, and the credentials will be saved.
Google Cloud documentation recommends using of service accounts. InSpec can use user accounts for authentication.
Create the json credential file for a service account and save in your system. After this set the ENV variable before running the Inspec tool.
export GOOGLE_APPLICATION_CREDENTIALS='path/<json credential file name>.json'To use the GCP resources in your tests follow the following steps
inspec init profile --platform gcp my-profile
inspec exec . -t gcp:// --input-file inputs.yml