{"id":21196209,"url":"https://github.com/somethingnew2-0/simplecspm","last_synced_at":"2025-07-10T05:30:32.908Z","repository":{"id":41977979,"uuid":"412298238","full_name":"somethingnew2-0/SimpleCSPM","owner":"somethingnew2-0","description":"GCP CSPM using Google Sheets","archived":false,"fork":false,"pushed_at":"2025-04-04T19:07:52.000Z","size":172,"stargazers_count":35,"open_issues_count":0,"forks_count":5,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-04T20:22:49.182Z","etag":null,"topics":["cspm","gcp","google","google-cloud-platform","googlesheets","security","sheets"],"latest_commit_sha":null,"homepage":"https://simplecspm.com","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/somethingnew2-0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-01T02:27:23.000Z","updated_at":"2025-04-04T19:07:56.000Z","dependencies_parsed_at":"2024-06-13T08:46:56.015Z","dependency_job_id":null,"html_url":"https://github.com/somethingnew2-0/SimpleCSPM","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/somethingnew2-0/SimpleCSPM","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/somethingnew2-0%2FSimpleCSPM","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/somethingnew2-0%2FSimpleCSPM/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/somethingnew2-0%2FSimpleCSPM/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/somethingnew2-0%2FSimpleCSPM/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/somethingnew2-0","download_url":"https://codeload.github.com/somethingnew2-0/SimpleCSPM/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/somethingnew2-0%2FSimpleCSPM/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264535988,"owners_count":23624404,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cspm","gcp","google","google-cloud-platform","googlesheets","security","sheets"],"created_at":"2024-11-20T19:34:47.944Z","updated_at":"2025-07-10T05:30:32.643Z","avatar_url":"https://github.com/somethingnew2-0.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"---\nlayout: default\ntitle: Simple CSPM\ndescription: A simple security tool for auditing Google Cloud using Google Sheets\nnav_order: 1\npermalink: /\n---\n\n⛅️ Simple CSPM \u003ca class=\"github-button\" href=\"https://github.com/somethingnew2-0/SimpleCSPM\" data-size=\"large\" data-show-count=\"true\" aria-label=\"Star somethingnew2-0/SimpleCSPM on GitHub\"\u003eStar\u003c/a\u003e\n====\n{: .no_toc }\n- TOC\n{:toc}\n\nSimpleCSPM is a security tool for auditing Google Cloud using Google Sheets.\n\nQuickly find all your publicly exposed buckets, VMs, functions, and more.\nCreate recommended Organization Policies to prevent future accidental or malicious exposure.\nReduce your attack surface by discovering unused service accounts, permissions, firewall rules, and even entire projects.\n\nThis project runs a Google App Script inside of Google Sheets to daily collect useful audit\ndata from several sources in Google Cloud Platform (GCP) for Cloud Security Posture Management.\n\nGoogle Sheets is used for maximum customizability and minimum operational maintenance requirements\nusing \"serverless\" Google App Scripts.\n\n\u003ciframe style=\"width: 736px; height: 250px;\" src=\"https://docs.google.com/spreadsheets/d/e/2PACX-1vTkPIAMyEEiZSFZWtxhjoQnpMv9KmG1ZVwC5I_xV7uyolz8XpjbK_VgnKIiJhGyqsBwXRYkUxAL6qt8/pubhtml?widget=true\u0026amp;headers=false\"\u003e\u003c/iframe\u003e\n\nThe following sources in GCP are used to collect data:\n* Cloud Asset Inventory\n    * Search All Assets\n    * Search IAM Policies\n* Recommenders\n* Insights\n* API Keys API\n\nI'm [Peter C (@itspeterc)](https://twitter.com/itspeterc), feel free to star this repository\nand follow me on Twitter for more cloud security insights!\n\nShout out to [Matthew Bryant (@IAmMandatory)](https://twitter.com/IAmMandatory) and his DEF CON 29 talk on\n[Hacking G Suite: The Power of Dark Apps Script Magic](https://www.youtube.com/watch?v=6AsVUS79gLw) for inspiring this project.\n\n## Install\n1. Make a copy of [this Google Sheet](https://docs.google.com/spreadsheets/d/1MY9ajTdWVM_D65fHbVPGyDZL_a10Ne4_ZDSWGP3uCsA/edit?usp=sharing) by clicking \"File\" -\u003e \"Make a Copy\"\n2. Update your GCP project to run from setting on the \"Main\" sheet\n3. Add the following GCP IAM roles for your user on your GCP project to run from\n    * roles/serviceusage.serviceUsageAdmin\n4. [Enable \"Service Usage API\"](https://console.cloud.google.com/apis/api/serviceusage.googleapis.com/overview) on your GCP Project to run from\n5. Add the following GCP IAM roles for your user on your GCP organization\n    * *roles/cloudasset.viewer*\n    * *roles/recommender.iamViewer*\n    * *roles/recommender.projectUtilViewer*\n    * *roles/recommender.cloudAssetInsightsViewer*\n    * *roles/recommender.firewallViewer*\n    * *roles/serviceusage.apiKeysViewer*\n    * *roles/securitycenter.findingsViewer*\n6. Click \"Run Audit\"\n7. Approve Google Sheets Permissions to Run\n8. Click \"Run Audit\" Again\n\n## Customize\nAfter making your own copy of the Google Sheet, click \"Extensions\" -\u003e \"Apps Script\" to modify\nthe javascript App Script code also included in this repository as [Code.gs](https://github.com/somethingnew2-0/SimpleCSPM/blob/main/Code.js).\n\n\n## Audit Data not yet Collected\n* Cloud Security Command Center (CSCC) Findings\n* VM Manager Vulnerabilities\n\n## Other Free and Open-Source Alternatives\n* [OpenCSPM](https://github.com/OpenCSPM/opencspm)\n* [Forseti](https://forsetisecurity.org)\n* [Cloud Custodian](https://cloudcustodian.io)\n\n\u003cscript async defer src=\"https://buttons.github.io/buttons.js\"\u003e\u003c/script\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsomethingnew2-0%2Fsimplecspm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsomethingnew2-0%2Fsimplecspm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsomethingnew2-0%2Fsimplecspm/lists"}