gcp-security-scanner

# GCP Security Scanner Skill ## Purpose Automated Google Cloud Platform security configuration scanning and hardening to identify misconfigurations, compliance violations, and security risks across GCP projects and organizations. ## Capabilities ### Security Command Center Integration - Leverage GCP Security Command Center findings - Review vulnerability and threat findings - Check Security Health Analytics results - Monitor Event Threat Detection alerts - Track Container Threat Detection findings - Generate compliance reports ### IAM Security Analysis - Analyze IAM policies for over-permissive access - Check service account key usage and rotation - Identify excessive permissions - Review organization policy constraints - Detect cross-project access - Audit IAM recommender suggestions ### VPC Firewall Analysis - Review firewall rules for overly permissive access - Check for open management ports - Validate VPC Service Controls - Review Shared VPC configurations - Check Private Google Access settings - Analyze VPC flow logs configuration ### Cloud Storage Security - Identify publicly accessible buckets - Check bucket IAM policies - Validate uniform bucket-level access - Review bucket encryption settings - Check access logging configuration - Verify retention policies ### Cloud KMS Configuration - Review key ring and key configurations - Check key rotation policies - Validate IAM policies on keys - Review HSM key protection levels - Check external key manager usage - Au...