compute

Checks

• disk-encryption-customer-key Disks should be encrypted with customer managed encryption keys

• disk-encryption-no-plaintext-key The encryption key used to encrypt a compute disk has been specified in plaintext.

• enable-shielded-vm-im Instances should have Shielded VM integrity monitoring enabled

• enable-shielded-vm-vtpm Instances should have Shielded VM VTPM enabled

• enable-vpc-flow-logs VPC flow logs should be enabled for all subnetworks

• no-default-service-account Instances should not use the default service account

• no-ip-forwarding Instances should not have IP forwarding enabled

• no-oslogin-override Instances should not override the project setting for OS Login

• no-project-wide-ssh-keys Disable project-wide SSH keys for all instances

• no-public-egress An outbound firewall rule allows traffic to /0.

• no-public-ingress An inbound firewall rule allows traffic from /0.

• no-public-ip Instances should not have public IP addresses

• no-serial-port Disable serial port connectivity for all instances

• project-level-oslogin OS Login should be enabled at project level

• use-secure-tls-policy SSL policies should enforce secure versions of TLS

• vm-disk-encryption-customer-key VM disks should be encrypted with Customer Supplied Encryption Keys