Skip to content

feat(gcp): add check to detect Compute Engine configuration changes #9698

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
HugoPBrito merged 12 commits into from
Jan 12, 2026
Merged

feat(gcp): add check to detect Compute Engine configuration changes #9698

HugoPBrito merged 12 commits into from
Jan 12, 2026

Conversation

@lydiavilchez
Copy link
Contributor

@lydiavilchez lydiavilchez commented Dec 29, 2025

Context

New security check for GCP to detect recent Compute Engine configuration changes by inspecting Cloud Audit Logs. This check helps operators identify unexpected or unauthorized modifications to Compute Engine resources such as instances, disks, and networks.

Description

This PR adds a new GCP check that inspects Cloud Audit Logs (Admin Activity) for recent Compute Engine configuration changes within a configurable lookback window. The check reports:

  • PASS: No Compute Engine configuration changes detected in the lookback period
  • FAIL: Configuration changes detected - includes details of changes (resource, actor, timestamp)

Steps to review

  1. Review the AuditLogEntry model in logging_service.py
  2. Review the _get_compute_audit_entries() method:
    • Log filter construction
    • Pagination handling
    • Data extraction from log entries
  3. Review the check logic in logging_compute_audit_log_changes_detected.py
  4. Review the metadata.json for accuracy
  5. Review the fixture data in gcp_fixtures.py

Checklist

UI

  • All issue/task requirements work as expected on the UI
  • Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
  • Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
  • Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
  • Ensure new entries are added to CHANGELOG.md, if applicable.

API

  • Verify if API specs need to be regenerated.
  • Check if version updates are required (e.g., specs, Poetry, etc.).
  • Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@lydiavilchez lydiavilchez requested review from a team as code owners December 29, 2025 18:29
@github-actions github-actions bot added provider/gcp Issues/PRs related with the Google Cloud Platform provider metadata-review labels Dec 29, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 29, 2025
edited
Loading

Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 29, 2025
edited
Loading

✅ All necessary CHANGELOG.md files have been updated.

@codecov
Copy link

codecov bot commented Dec 29, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.00%. Comparing base (78ce4d8) to head (03d7dbf).
⚠️ Report is 53 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9698      +/-   ##
==========================================
+ Coverage   92.82%   93.00%   +0.18%     
==========================================
  Files         130      133       +3     
  Lines        3178     3275      +97     
==========================================
+ Hits         2950     3046      +96     
- Misses        228      229       +1
Flag Coverage Δ
prowler-py3.10-gcp 93.00% <100.00%> (+0.24%) ⬆️
prowler-py3.11-gcp 92.94% <100.00%> (+0.18%) ⬆️
prowler-py3.12-gcp 92.94% <100.00%> (+0.18%) ⬆️
prowler-py3.9-gcp 92.94% <100.00%> (+0.12%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
prowler 93.00% <100.00%> (+0.18%) ⬆️
api ∅ <ø> (∅)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 29, 2025
edited
Loading

🔒 Container Security Scan

Image: prowler:9025b0d
Last scan: 2026-01-12 11:10:18 UTC

📊 Vulnerability Summary

Severity Count
🔴 Critical 3
Total 3

3 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

  • Review the detailed scan results
  • Update affected packages to patched versions
  • Consider using a different base image if updates are unavailable

📋 Resources:

HugoPBrito
HugoPBrito requested changes Jan 5, 2026
View reviewed changes
Copy link
Member

@HugoPBrito HugoPBrito left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is more a logging check, despite checking compute service. Please see other logging checks and adapt it to follow the same scheme.

@HugoPBrito HugoPBrito merged commit 62a8540 into master Jan 12, 2026
38 checks passed
@HugoPBrito HugoPBrito deleted the PROWLER-364-gcp-compute-new-check-detect-configuration-changes branch January 12, 2026 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HugoPBrito HugoPBrito HugoPBrito approved these changes

Assignees

No one assigned

Labels

documentation metadata-review provider/gcp Issues/PRs related with the Google Cloud Platform provider

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lydiavilchez @HugoPBrito @danibarranqueroo