Skip to main content

Google Cloud Platform proof types

Note

Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance in meeting the requirements to integrate with Hyperproof and collect the proof you need.

When you create a Hypersync between Hyperproof and Google Cloud Platform (GCP), you can automatically collect the following proof types:

Google Cloud Platform notes on proof types

  • Compute Engine

    • List of Disk Encryption Settings

      Note

      Requires the compute.disks.list permission.

  • Kubernetes Engine

    • List of Pod Security Policies

      Note

      This proof type is compatible only with Kubernetes version 1.22 or higher. If you use a lower version of Kubernetes, the proof will not be generated.

      Kubernetes has deprecated PodSecurityPolicies in version 1.21. See this Kubernetes article for information on migrating from PodSecurityPolicies to the built-in PodSecurity admission controller. Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller.

  • VPC

    • List of Subnets

      Note

      Requires the compute.subnetworks.list permission. Additionally, to view the linked webpage in the proof, compute.networks.list and compute.networks.get are also needed.

    • List of Networks

      Note

      Requires the compute.networks.list permission.

Important

For the Hypersync to work, the following resources also have to be enabled in the GCP Project: Compute Engine APICloud Resource Manager API, and Identity and Access Management (IAM) API. These are project-level settings, and they can be found by searching in GCP. It’s highly recommended that these settings be turned on prior to creating the Hypersync otherwise an unspecified error may occur.

Additional documentation

The Google Cloud Platform Hypersync can be used to collect data from a single project or all projects within an organization or resource folder.

Note

You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need. Additionally, you can create multiple Hypersyncs for a single control or label.

Connection configuration

During the connection process, you need to copy and paste your JSON private key file. If you don’t have a JSON private key file, follow the steps below. Note that creating a private key file requires Service Account Admin access (roles/iam.serviceAccountAdmin). If you don’t have access, contact your organization’s GCP administrator.

  1. Open GCP.

  2. From the left navigation menu, hover over IAM & Admin and select Service Accounts.

  3. Click Create Service Account.

  4. Name the account.

  5. Assign the account the roles of Security Reviewer and Cloud Asset Service Agent, then click Continue.

  6. Optionally, add additional users to grant them permissions within the service account.

  7. Click Done, and then click the service account you just created.

  8. Select the Keys tab.

  9. Click Add Key, and then select Create new key.

  10. Select the JSON radio button, then click Create. The JSON file is automatically downloaded to your computer.

In this section: