performing-gcp-security-assessment-with-forseti
Installation
SKILL.md
Performing GCP Security Assessment with Forseti
When to Use
- When conducting periodic security assessments of GCP organizations and projects
- When onboarding new GCP projects and establishing security baselines
- When compliance mandates CIS GCP Foundations Benchmark evaluation
- When auditing IAM bindings, firewall rules, and storage ACLs across multiple GCP projects
- When building continuous security monitoring for GCP infrastructure
Do not use as a replacement for GCP Security Command Center Premium for real-time threat detection, for application-level vulnerability scanning (use Web Security Scanner), or for GKE-specific security (use GKE Security Posture).
Prerequisites
- GCP Organization with Organization Admin or Security Admin IAM role
- gcloud CLI authenticated with sufficient permissions (
roles/securitycenter.admin,roles/iam.securityReviewer) - Security Command Center (SCC) enabled at the organization level
- ScoutSuite installed for multi-cloud comparison (
pip install scoutsuite) - Python 3.8+ for custom audit scripts using google-cloud-asset and google-cloud-securitycenter libraries