Security Foundations Blueprint - Official Google security best practices guide
CIS Google Cloud Platform Foundation Benchmark - Framework for secure GCP configuration published by the Center for Internet Security
Terraform Example Foundation - Example repo showing how the CFT Terraform modules can be composed to build a secure GCP foundation, following the Google Cloud security foundations guide.
Container Scanning Overview - Documentation for container scanning on GCP
GKE PCI-DSS Blueprint - Guide and Terraform that "demonstrate how to bootstrap a PCI environment in Google Cloud"
Community Security Analytics - Library of BigQuery and Chronicle queries for common security analytics use cases
GCP Comics - Collection of comics mainly explaining GCP security concepts.
Google Cloud - Security Bulletins - Official security bulletins
Cloud IAM - Permissions Change Log - Public release notes and changes to GCP IAM permissions
Identity & Security Blog - Official GCP Identity and Security Cloud Blog
GCP API Change Log - Change log of GCP APIs
Forseti Security - Resource monitoring and policy enforcement
Domain Protect GCP - Scans Google Cloud DNS across a GCP Organization for domain records vulnerable to takeover
GCP Compliance Mod- Steampipe mod to "run individual configuration, compliance and security controls or full compliance benchmarks for CIS, Forseti Security and CFT Scorecard for all your GCP projects."
Cloudspoit - Compliance and security scanner with GCP support
Project Lockdown - Collection of "Cloud Functions designed to react to unsecure resource creations or configurations"
Simple CSPM - A security audit tool for GCP using Google Sheets.
Firebase Scanner - Tools for scanning firebase projects
Serverless Container Registry Proxy - Serverless reverse proxy to expose public or private container registries under a custom domain
ScoutSuite - Multi-cloud security-auditing tool, with GCP support
IAM Privilege Escalation in GCP - Enumeration and exploit scripts for IAM privilege escalation
GCP Lateral Movement Detector - Script to map out which GCP instances are able to access to each other
IAM Analyzer - Compare and analyze two IAM roles
Starbase - Tool for building a GraphDB of your cloud infrastructure. Supports GCP.
GCP Scanner - Resource scanner to evaluate access levels of known credentials