Cloud Lock

Back to Governance

Defaults

built-in

Base security configuration applied to all projects

40% 2/5 checks passing

Access Control

Status	Check	Description	Evidence	Last Evaluated
✗	No default service account usage no_default_sa	Verify workloads are not using the default compute or App Engine service accounts	Active default service accounts: 862909324833-compute@developer.gserviceaccount.com	2026-05-19 16:15

Encryption

Status	Check	Description	Evidence	Last Evaluated
✗	SSL enforcement on Cloud SQL sql_ssl_required	Verify that Cloud SQL instances require SSL connections	Instances not requiring SSL: pioneer-demo-cl-db, pioneer-production-cl-db, pioneer-demo-wb-db, pioneer-production-wb-db, pioneer-staging-cl-db, pioneer-production-ow-db, pioneer-demo-ow-db, pioneer-staging-wb-db, pioneer-staging-ow-db	2026-05-19 16:15
✗	Storage bucket versioning enabled bucket_versioning	Ensure Cloud Storage buckets have object versioning enabled for data protection	Buckets without versioning: pioneer-demo-ow-open-webui-uploads, pioneer-demo-wb-active-storage, pioneer-production-ow-open-webui-uploads, pioneer-production-cl-storage, pioneer-staging-cl-storage, pioneer-insurance-open-webui-tfstate, pioneer-demo-cl-storage, pioneer-insurance-cloud-lock-tfstate, pioneer-insurance-ops-state-backup, pioneer-production-wb-active-storage, pioneer-insurance-workbench-tfstate, pioneer-staging-ow-open-webui-uploads, pioneer-staging-wb-active-storage	2026-05-19 16:15

Logging

Status	Check	Description	Evidence	Last Evaluated
✓	Logging sink configured logging_sink_exists	Ensure audit logs are exported to a centralized logging sink	5 logging sink(s) configured: audit-log-sink, all-logs-sink, error-log-sink, _Default, _Required	2026-05-19 16:15

Network

Status	Check	Description	Evidence	Last Evaluated
✓	Firewall rules configured firewall_rules_exist	Verify that VPC firewall rules are defined and not using default-allow-all	62 firewall rule(s) configured.	2026-05-19 16:15