Cloud scan setup: GCP

Configuration: You must perform this deployment using an administrator account.

Monitoring: A technical point of contact is required to remediate vulnerabilities throughout the year.

Below are the deployment steps, detailed with screenshots at each stage:

1. Select Google Cloud Platform

2. Access your Cloud Console

3. Enable Cloud Resource Manager API

4. Create a service account

5. Authorize the service account

6. Provide the identifier

7. Complete

1. Select Google Cloud Platform

Go to the Cloud Scan tab, then Settings, then click New provider, and select Google Cloud Platform.

2. Access your Cloud Console

Go to the Google Cloud Console and log in using an administrator account.

3. Enable Cloud Resource Manager API

Below is a summary of the steps required to enable Cloud Resource Manager API:

• Go to the APIs & Services menu in the left-hand navigation and click Library

• Search for Cloud Resource Manager API in the search bar and click on it

• Click Enable

4. Create a service account

Below is a summary of the steps required to create a service account:

• Click IAM & Admin in the left-hand menu, then Service Accounts

• Click Create Service Account

• Enter stoik-scanner as the Service account name, then click Create and continue

• Add the following 3 roles:

  • Viewer

  • Security Reviewer

  • Stackdriver Account Viewer

  

• Leave step 3 empty and click Done

5. Authorize the service account

Below is a summary of the steps required to authorize a service account:

• Click on the service account you just created, then click Principals with access

• Select your service account and click Grant access

• Enter [email protected] in the New principals field

• Assign the Service Account Token Creator role, then click Save

6. Provide the identifier

• Click Details in GCP

• Enter the email address of the created service account in the Stoïk Protect console

7. Complete

• Click Finish in the Stoïk Protect console

• Refresh the Stoïk page if needed