{"id":15222010,"url":"https://github.com/googlecloudplatform/gatekeeper-securitycenter","last_synced_at":"2025-10-20T01:30:24.880Z","repository":{"id":40514692,"uuid":"314068099","full_name":"GoogleCloudPlatform/gatekeeper-securitycenter","owner":"GoogleCloudPlatform","description":"Report OPA Gatekeeper audit violations in Security Command Center.","archived":false,"fork":false,"pushed_at":"2024-08-15T15:21:19.000Z","size":347,"stargazers_count":42,"open_issues_count":1,"forks_count":16,"subscribers_count":16,"default_branch":"main","last_synced_at":"2024-10-29T18:37:32.789Z","etag":null,"topics":["cloud-security-command-center","gatekeeper","gcp","gke","google-cloud","google-cloud-platform","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GoogleCloudPlatform.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-11-18T21:58:35.000Z","updated_at":"2024-10-24T14:49:42.000Z","dependencies_parsed_at":"2022-07-22T15:02:22.402Z","dependency_job_id":"d261d57e-70ec-4b28-9bf8-1b7651a9ccaf","html_url":"https://github.com/GoogleCloudPlatform/gatekeeper-securitycenter","commit_stats":null,"previous_names":[],"tags_count":53,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fgatekeeper-securitycenter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fgatekeeper-securitycenter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fgatekeeper-securitycenter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fgatekeeper-securitycenter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GoogleCloudPlatform","download_url":"https://codeload.github.com/GoogleCloudPlatform/gatekeeper-securitycenter/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237243005,"owners_count":19278060,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-security-command-center","gatekeeper","gcp","gke","google-cloud","google-cloud-platform","kubernetes"],"created_at":"2024-09-28T15:09:49.502Z","updated_at":"2025-10-20T01:30:24.428Z","avatar_url":"https://github.com/GoogleCloudPlatform.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gatekeeper-securitycenter\n\n`gatekeeper-securitycenter` allows you to use Security Command Center as a\ndashboard for Kubernetes resource policy violations.\n\n`gatekeeper-securitycenter` is:\n\n-   a Kubernetes controller that creates\n    [Security Command Center](https://cloud.google.com/security-command-center/docs)\n    [findings](https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.sources.findings)\n    for violations reported by the\n    [audit controller](https://cloud.google.com/anthos-config-management/docs/how-to/auditing-constraints)\n    in\n    [Open Policy Agent (OPA) Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/).\n\n-   a command-line tool that creates Security Command Center\n    [sources](https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.sources)\n    and manages the IAM policies of the sources.\n\n![Architecture](docs/architecture.svg)\n\n`gatekeeper-securitycenter` works with both\n[Security Command Center Standard tier](https://cloud.google.com/security-command-center/pricing#standard_tier_pricing)\nand\n[Security Command Center Premium tier](https://cloud.google.com/security-command-center/pricing#premium_tier_pricing).\n\nIf you use\n[Policy Controller](https://cloud.google.com/anthos-config-management/docs/concepts/policy-controller)\nfrom Google Cloud, consider using its\n[in-built integration with Security Command Center](https://cloud.google.com/blog/products/identity-security/expanding-gke-posture-policy-controller-violations-now-in-security-command-center).\n\n## Prerequisites\n\nBefore installing the `gatekeeper-securitycenter` controller, create all the\nfollowing resources:\n\n-   a Kubernetes cluster, for instance a Google Kubernetes Engine (GKE) cluster\n-   OPA Gatekeeper installed in the Kubernetes cluster\n-   a Security Command Center source\n-   a Google service account with the\n    [Security Center Findings Editor](https://cloud.google.com/security-command-center/docs/access-control)\n    role on the Security Command Center source.\n\nTo create these prerequisite resources, choose one of these options:\n\n1.  Use the shell scripts in the [`scripts`](scripts) directory. These scripts\n    create resources using the `gcloud` command-line tool from the\n    [Google Cloud SDK](https://cloud.google.com/sdk).\n\n2.  Follow the step-by-step instructions in the accompanying\n    [tutorial](https://github.com/GoogleCloudPlatform/gatekeeper-securitycenter/blob/main/docs/tutorial.md).\n\nIf you use Security Command Center Standard tier, you must have an appropriate\nCloud IAM role for Security Command Center at the organization level, such as\n[Security Center Admin Editor](https://cloud.google.com/security-command-center/docs/access-control).\nYour organization administrator can\n[grant you this role](https://cloud.google.com/resource-manager/docs/access-control-org).\n\nIf your user account is not associated with an\n[organization](https://cloud.google.com/resource-manager/docs/creating-managing-organization)\non Google Cloud, you can create an organization resource by signing up for\neither [Cloud Identity](https://cloud.google.com/identity) or\n[Google Workspace](https://workspace.google.com/) (formerly G Suite) using a\ndomain you own. Cloud Identity offers a\n[free edition](https://gsuite.google.com/signup/gcpidentity/welcome).\n\n## Downloading the `gatekeeper-securitycenter` command-line tool\n\nDownload the binary for your platform:\n\n```sh\nVERSION=v0.4.3\ncurl -Lo gatekeeper-securitycenter \"https://github.com/GoogleCloudPlatform/gatekeeper-securitycenter/releases/download/${VERSION}/gatekeeper-securitycenter_$(uname -s)_$(uname -m)\"\nchmod +x gatekeeper-securitycenter\n```\n\n## Installing the `gatekeeper-securitycenter` controller\n\nInstall the `gatekeeper-securitycenter` controller in your cluster by following\nthe [documentation in the manifest directory](manifests/README.md).\n\n## Documentation\n\n-   [Tutorial](https://github.com/GoogleCloudPlatform/gatekeeper-securitycenter/blob/main/docs/tutorial.md)\n\n-   [Building `gatekeeper-securitycenter`](docs/build.md)\n\n-   [Developing `gatekeeper-securitycenter`](docs/development.md)\n\n-   [Releasing `gatekeeper-securitycenter`](docs/release.md)\n\n## Disclaimer\n\nThis is not an officially supported Google product.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgooglecloudplatform%2Fgatekeeper-securitycenter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgooglecloudplatform%2Fgatekeeper-securitycenter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgooglecloudplatform%2Fgatekeeper-securitycenter/lists"}