Security Foundations Blueprint - Official Google security best practices guide
CIS Google Cloud Platform Foundation Benchmark - Framework for secure GCP configuration published by the Center for Internet Security
Terraform Example Foundation - Example repo showing how the CFT Terraform modules can be composed to build a secure GCP foundation, following the Google Cloud security foundations guide.
Container Scanning Overview - Documentation for container scanning on GCP
GKE PCI-DSS Blueprint - Guide and Terraform that "demonstrate how to bootstrap a PCI environment in Google Cloud"
Community Security Analytics - Library of Bigquery and Chronicle queries for common security analytics use cases
Google Cloud - Security Bulletins - Official security bulletins
Cloud IAM - Permissions Charge Log - Public release notes and changes to GCP IAM permissions
Identity & Security Blog - Official GCP Identity and Security Cloud Blog
Forsetti Security - Resource monitoring and policy enforcement
Domain Protect GCP - Scans Google Cloud DNS across a GCP Organization for domain records vulnerable to takeover
GCP Complience Mod- Steampipe mod to "run individual configuration, compliance and security controls or full compliance benchmarks for CIS, Forseti Security and CFT Scorecard for all your GCP projects."
Cloudspoit - Complience and security scanner with GCP support
Project Lockdown - Collection of "Cloud Functions designed to react to unsecure resource creations or configurations"
Simple CSPM - A security audit tool for GCP using Google Sheets.
Firebase Scanner - Tools for scanning firebase projects
Serverless Container Registry Proxy - Serverless reverse proxy to expose public or private container registries under a custom domain
ScoutSuite - Multi-cloud security-auditing tool,with GCP support
IAM Privilege Escalation in GCP - Enumeration and exploit scripts for IAM privilege escalation
GCP Lateral Movement Detector - Script to map out which GCP instances are able to access to each other