forked from GoogleCloudPlatform/inspec-gcp-cis-benchmark
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathinspec.yml
65 lines (64 loc) · 2.3 KB
/
inspec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# Copyright 2019 The inspec-gcp-cis-benchmark Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: inspec-gcp-cis-benchmark
title: "Inspec GCP CIS 1.1 Benchmark"
maintainer:
copyright: Google
copyright_email: [email protected]
license: Apache-2.0
summary: "Inspec Google Cloud Platform Center for Internet Security Benchmark v1.1 Profile"
version: "1.1.0-3"
supports:
- platform: gcp
depends:
- name: inspec-gcp
url: https://github.com/inspec/inspec-gcp/archive/v1.5.0.tar.gz
- name: inspec-gcp-helpers
url: https://github.com/GoogleCloudPlatform/inspec-gcp-helpers/archive/v1.0.5.tar.gz
inputs:
- name: gcp_project_id
description: 'The GCP project identifier.'
type: string
value: "replace_with_your_gcp_project_id"
- name: cis_version
description: 'The short version of the GCP CIS Benchmark'
value: '1.0'
type: string
- name: cis_url
description: 'The URL to the GCP CIS Benchmark'
value: 'https://www.cisecurity.org/benchmark/google_cloud_computing_platform/'
type: string
- name: sa_key_older_than_seconds
description: 'How many seconds SA keys should not be older than'
value: 7776000
type: numeric
- name: kms_rotation_period_seconds
description: 'How many seconds KMS Keys should be last rotated (90 days)'
value: 7776000
type: numeric
- name: bucket_logging_ignore_regex
description: 'Ignore this bucket by regex from requiring logging to be enabled'
# example = "-logging"
value: "replace-with-bucket-name-or-partial-match"
type: string
- name: gcp_gke_locations
description: 'The list of regions and/or zone names where GKE clusters are running. An empty array searches all locations'
type: array
value:
- ""
- name: gce_zones
description: 'The list of zone names where GCE instances are running. An empty array searches all locations'
type: array
value:
- ""