Vulnerability findings index

This document helps you find vulnerability findings that are available in Security Command Center. Use the filter to search for vulnerability finding categories, monitored cloud resources, or detection services to get more details.

Name	Resource category	Detection service
`API key APIs unrestricted`	API	Security Health Analytics
`API key apps unrestricted`	API	Security Health Analytics
`API key exists`	API	Security Health Analytics
`API key not rotated`	API	Security Health Analytics
`Cloud Asset API disabled`	Cloud Asset Inventory	Security Health Analytics
`Public Compute image`	Compute Engine	Security Health Analytics
`Confidential Computing disabled`	Compute Engine	Security Health Analytics
`Compute project wide SSH keys allowed`	Compute Engine	Security Health Analytics
`Compute Secure Boot disabled`	Compute Engine	Security Health Analytics
`Compute serial ports enabled`	Compute Engine	Security Health Analytics
`Default service account used`	Compute Engine	Security Health Analytics
`Disk CMEK disabled`	Compute Engine	Security Health Analytics
`Disk CSEK disabled`	Compute Engine	Security Health Analytics
`Full API access`	Compute Engine	Security Health Analytics
`HTTP load balancer`	Compute Engine	Security Health Analytics
`Instance OS Login disabled`	Compute Engine	Security Health Analytics
`IP forwarding enabled`	Compute Engine	Security Health Analytics
`OS login disabled`	Compute Engine	Security Health Analytics
`Public IP address`	Compute Engine	Security Health Analytics
`Shielded VM disabled`	Compute Engine	Security Health Analytics
`Weak SSL policy`	Compute Engine	Security Health Analytics
`Alpha cluster enabled`	Google Kubernetes Engine	Security Health Analytics
`Auto repair disabled`	Google Kubernetes Engine	Security Health Analytics
`Auto upgrade disabled`	Google Kubernetes Engine	Security Health Analytics
`Binary authorization disabled`	Google Kubernetes Engine	Security Health Analytics
`Cluster logging disabled`	Google Kubernetes Engine	Security Health Analytics
`Cluster monitoring disabled`	Google Kubernetes Engine	Security Health Analytics
`Cluster private Google access disabled`	Google Kubernetes Engine	Security Health Analytics
`Cluster secrets encryption disabled`	Google Kubernetes Engine	Security Health Analytics
`Cluster shielded nodes disabled`	Google Kubernetes Engine	Security Health Analytics
`COS not used`	Google Kubernetes Engine	Security Health Analytics
`Integrity monitoring disabled`	Google Kubernetes Engine	Security Health Analytics
`Intranode visibility disabled`	Google Kubernetes Engine	Security Health Analytics
`IP alias disabled`	Google Kubernetes Engine	Security Health Analytics
`Legacy authorization enabled`	Google Kubernetes Engine	Security Health Analytics
`Legacy metadata enabled`	Google Kubernetes Engine	Security Health Analytics
`Master authorized networks disabled`	Google Kubernetes Engine	Security Health Analytics
`Network policy disabled`	Google Kubernetes Engine	Security Health Analytics
`Nodepool boot CMEK disabled`	Google Kubernetes Engine	Security Health Analytics
`Nodepool secure boot disabled`	Google Kubernetes Engine	Security Health Analytics
`Over privileged account`	Google Kubernetes Engine	Security Health Analytics
`Over privileged scopes`	Google Kubernetes Engine	Security Health Analytics
`Pod security policy disabled`	Google Kubernetes Engine	Security Health Analytics
`Private cluster disabled`	Google Kubernetes Engine	Security Health Analytics
`Release channel disabled`	Google Kubernetes Engine	Security Health Analytics
`Web UI enabled`	Google Kubernetes Engine	Security Health Analytics
`Workload Identity disabled`	Google Kubernetes Engine	Security Health Analytics
`Dataproc CMEK disabled`	Managed Service for Apache Spark	Security Health Analytics
`Dataproc image outdated`	Managed Service for Apache Spark	Security Health Analytics
`BigQuery table CMEK disabled`	BigQuery	Security Health Analytics
`Dataset CMEK disabled`	BigQuery	Security Health Analytics
`Public dataset`	BigQuery	Security Health Analytics
`DNSSEC disabled`	Cloud DNS	Security Health Analytics
`RSASHA1 for signing`	Cloud DNS	Security Health Analytics
`Egress deny rule not set`	Firewall	Security Health Analytics
`Firewall rule logging disabled`	Firewall	Security Health Analytics
`Open Cassandra port`	Firewall	Security Health Analytics
`Open ciscosecure websm port`	Firewall	Security Health Analytics
`Open directory services port`	Firewall	Security Health Analytics
`Open DNS port`	Firewall	Security Health Analytics
`Open elasticsearch port`	Firewall	Security Health Analytics
`Open firewall`	Firewall	Security Health Analytics
`Open FTP port`	Firewall	Security Health Analytics
`Open HTTP port`	Firewall	Security Health Analytics
`Open LDAP port`	Firewall	Security Health Analytics
`Open Memcached port`	Firewall	Security Health Analytics
`Open MongoDB port`	Firewall	Security Health Analytics
`Open MySQL port`	Firewall	Security Health Analytics
`Open NetBIOS port`	Firewall	Security Health Analytics
`Open OracleDB port`	Firewall	Security Health Analytics
`Open pop3 port`	Firewall	Security Health Analytics
`Open PostgreSQL port`	Firewall	Security Health Analytics
`Open RDP port`	Firewall	Security Health Analytics
`Open Redis port`	Firewall	Security Health Analytics
`Open SMTP port`	Firewall	Security Health Analytics
`Open SSH port`	Firewall	Security Health Analytics
`Open Telnet port`	Firewall	Security Health Analytics
`Access Transparency disabled`	IAM	Security Health Analytics
`Admin service account`	IAM	Security Health Analytics
`Essential Contacts Not Configured`	IAM	Security Health Analytics
`KMS role separation`	IAM	Security Health Analytics
`Non org IAM member`	IAM	Security Health Analytics
`Open group IAM member`	IAM	Security Health Analytics
`Over privileged service account user`	IAM	Security Health Analytics
`Primitive roles used`	IAM	Security Health Analytics
`Redis role used on org`	IAM	Security Health Analytics
`Service account role separation`	IAM	Security Health Analytics
`Service account key not rotated`	IAM	Security Health Analytics
`User managed service account key`	IAM	Security Health Analytics
`KMS key not rotated`	Cloud KMS	Security Health Analytics
`KMS project has owner`	Cloud KMS	Security Health Analytics
`KMS public key`	Cloud KMS	Security Health Analytics
`Too many KMS users`	Cloud KMS	Security Health Analytics
`Audit logging disabled`	Logging	Security Health Analytics
`Bucket logging disabled`	Logging	Security Health Analytics
`Locked retention policy not set`	Logging	Security Health Analytics
`Log not exported`	Logging	Security Health Analytics
`Object versioning disabled`	Logging	Security Health Analytics
`Audit config not monitored`	Monitoring	Security Health Analytics
`Bucket IAM not monitored`	Monitoring	Security Health Analytics
`Custom role not monitored`	Monitoring	Security Health Analytics
`Firewall not monitored`	Monitoring	Security Health Analytics
`Network not monitored`	Monitoring	Security Health Analytics
`Owner not monitored`	Monitoring	Security Health Analytics
`Route not monitored`	Monitoring	Security Health Analytics
`MFA not enforced`	Authentication	Security Health Analytics
`Default network`	Network	Security Health Analytics
`DNS logging disabled`	Network	Security Health Analytics
`Legacy network`	Network	Security Health Analytics
`Load balancer logging disabled`	Network	Security Health Analytics
`Org policy Confidential VM policy`	Organization policy	Security Health Analytics
`Org policy location restriction`	Organization policy	Security Health Analytics
`Pubsub CMEK disabled`	Pub/Sub	Security Health Analytics
`AlloyDB auto backup disabled`	AlloyDB	Security Health Analytics
`AlloyDB backups disabled`	AlloyDB	Security Health Analytics
`AlloyDB CMEK disabled`	AlloyDB	Security Health Analytics
`AlloyDB log min error statement severity`	AlloyDB	Security Health Analytics
`AlloyDB log min messages`	AlloyDB	Security Health Analytics
`AlloyDB log error verbosity`	AlloyDB	Security Health Analytics
`AlloyDB public IP`	AlloyDB	Security Health Analytics
`AlloyDB SSL not enforced`	AlloyDB	Security Health Analytics
`Auto backup disabled`	Cloud SQL	Security Health Analytics
`Public SQL instance`	Cloud SQL	Security Health Analytics
`SSL not enforced`	Cloud SQL	Security Health Analytics
`SQL CMEK disabled`	Cloud SQL	Security Health Analytics
`SQL contained database authentication`	Cloud SQL	Security Health Analytics
`SQL cross DB ownership chaining`	Cloud SQL	Security Health Analytics
`SQL external scripts enabled`	Cloud SQL	Security Health Analytics
`SQL local infile`	Cloud SQL	Security Health Analytics
`SQL log checkpoints disabled`	Cloud SQL	Security Health Analytics
`SQL log connections disabled`	Cloud SQL	Security Health Analytics
`SQL log disconnections disabled`	Cloud SQL	Security Health Analytics
`SQL log duration disabled`	Cloud SQL	Security Health Analytics
`SQL log error verbosity`	Cloud SQL	Security Health Analytics
`SQL log lock waits disabled`	Cloud SQL	Security Health Analytics
`SQL log min duration statement enabled`	Cloud SQL	Security Health Analytics
`SQL log min error statement`	Cloud SQL	Security Health Analytics
`SQL log min error statement severity`	Cloud SQL	Security Health Analytics
`SQL log min messages`	Cloud SQL	Security Health Analytics
`SQL log executor stats enabled`	Cloud SQL	Security Health Analytics
`SQL log hostname enabled`	Cloud SQL	Security Health Analytics
`SQL log parser stats enabled`	Cloud SQL	Security Health Analytics
`SQL log planner stats enabled`	Cloud SQL	Security Health Analytics
`SQL log statement`	Cloud SQL	Security Health Analytics
`SQL log statement stats enabled`	Cloud SQL	Security Health Analytics
`SQL log temp files`	Cloud SQL	Security Health Analytics
`SQL no root password`	Cloud SQL	Security Health Analytics
`SQL public IP`	Cloud SQL	Security Health Analytics
`SQL remote access enabled`	Cloud SQL	Security Health Analytics
`SQL skip show database disabled`	Cloud SQL	Security Health Analytics
`SQL trace flag 3625`	Cloud SQL	Security Health Analytics
`SQL user connections configured`	Cloud SQL	Security Health Analytics
`SQL user options configured`	Cloud SQL	Security Health Analytics
`SQL weak root password`	Cloud SQL	Security Health Analytics
`Bucket CMEK disabled`	Cloud Storage	Security Health Analytics
`Bucket policy only disabled`	Cloud Storage	Security Health Analytics
`Public bucket ACL`	Cloud Storage	Security Health Analytics
`Public log bucket`	Cloud Storage	Security Health Analytics
`Flow logs disabled`	Subnetwork	Security Health Analytics
`Flow logs settings not recommended`	Subnetwork	Security Health Analytics
`Private Google access disabled`	Subnetwork	Security Health Analytics
`AWS findings`	AWS	Security Health Analytics
`Accessible Git repository`	Web application	Web Security Scanner
`Accessible SVN repository`	Web application	Web Security Scanner
`Accessible ENV File`	Web application	Web Security Scanner
`Cacheable password input`	Web application	Web Security Scanner
`Clear text password`	Web application	Web Security Scanner
`Insecure allow origin ends with validation`	Web application	Web Security Scanner
`Insecure allow origin starts with validation`	Web application	Web Security Scanner
`Invalid content type`	Web application	Web Security Scanner
`Invalid header`	Web application	Web Security Scanner
`Mismatching security header values`	Web application	Web Security Scanner
`Misspelled security header name`	Web application	Web Security Scanner
`Mixed content`	Web application	Web Security Scanner
`Outdated library`	Web application	Web Security Scanner
`Server side request forgery`	Web application	Web Security Scanner
`Session ID leak`	Web application	Web Security Scanner
`SQL injection`	Web application	Web Security Scanner
`Struts insecure deserialization`	Web application	Web Security Scanner
`XSS`	Web application	Web Security Scanner
`XSS angular callback`	Web application	Web Security Scanner
`XSS error`	Web application	Web Security Scanner
`XXE reflected file leakage`	Web application	Web Security Scanner
`Prototype pollution`	Web application	Web Security Scanner
`Hsts Misconfiguration`	Web application	Web Security Scanner
`Content Security Policy Header Missing`	Web application	Web Security Scanner
`Content Security Policy Header Misconfigured`	Web application	Web Security Scanner
`Cross-Origin-Opener-Policy Header Missing`	Web application	Web Security Scanner
`Clickjacking Protection Missing`	Web application	Web Security Scanner
`IAM role has excessive permissions`	IAM	IAM recommender
`Service agent role replaced with basic role`	IAM	IAM recommender
`Service agent granted basic role`	IAM	IAM recommender
`Unused IAM role`	IAM	IAM recommender
`Assumed identity has excessive permissions`	IAM	Cloud Infrastructure Entitlement Management
`Group has excessive permissions`	IAM	Cloud Infrastructure Entitlement Management
`User has excessive permissions`	IAM	Cloud Infrastructure Entitlement Management
`User is inactive`	IAM	Cloud Infrastructure Entitlement Management
`Group is inactive`	IAM	Cloud Infrastructure Entitlement Management
`Assumed identity is inactive`	IAM	Cloud Infrastructure Entitlement Management
`Overly permissive trust policy enforced on assumed identity`	IAM	Cloud Infrastructure Entitlement Management
`Assumed identity has lateral movement risk`	IAM	Cloud Infrastructure Entitlement Management
`Floor settings violation`	Model Armor	Model Armor
`SHA Canned Module Drifted`	Security posture	Security posture
`SHA Custom Module Drifted`	Security posture	Security posture
`SHA Custom Module Deleted`	Security posture	Security posture
`Org Policy Canned Constraint Drifted`	Security posture	Security posture
`Org Policy Canned Constraint Deleted`	Security posture	Security posture
`Org Policy Custom Constraint Drifted`	Security posture	Security posture
`Org Policy Custom Constraint Deleted`	Security posture	Security posture
`Disable VPC External IPv6`	Security posture	Security posture
`Disable VPC Internal IPv6`	Security posture	Security posture
`Require OS Login`	Security posture	Security posture
`Restrict Authorized Networks`	Security posture	Security posture
`Require VPC Connector`	Security posture	Security posture
`Disabled Serial Port Access`	Security posture	Security posture
`Skip Default Network Creation`	Security posture	Security posture
`Allowed Ingress`	Security posture	Security posture
`Uniform Bucket Level Access`	Security posture	Security posture
`Allowed VPC Egress`	Security posture	Security posture
`OS vulnerability`	Compute Engine	VM Manager
`Container image vulnerability`	Artifact Registry	Artifact Registry vulnerability assessment
`Software vulnerability`	Agent Platform	AI Protection
`Public sensitive data`	Data asset	Sensitive Data Protection
`Secrets in environment variables`	Serverless compute	Sensitive Data Protection
`Secrets in storage`	Data asset	Sensitive Data Protection
`Gemini model not protected by Model Armor`	Model Armor	Model Armor
`Gemini model detected`	Model Armor	Model Armor

Vulnerability findings index Stay organized with collections Save and categorize content based on your preferences.

What's next

Vulnerability findings index