GCP Artifact Registry repositories are anonymously or publicly accessible
Description
Code Example
shell
{
"gcloud artifacts repositories remove-iam-policy-binding REPOSITORY \\
--member=MEMBER \\
--role=ROLE",
}Remediation
- GCP Console*
To remove anonymous or public access for your Artifact Registry repository:
. Log in to the GCP Console at https://console.cloud.google.com.
. Navigate to https://console.cloud.google.com/artifacts [Repositories].
. Select the target * Artifact Registry* repository.
. Expand the Info Panel by selecting * Show Info Panel*.
. To remove a specific role assignment, select allUsers* or * allAuthenticatedUsers*, and then click * Remove member*.
- CLI Command*
To remove anonymous or public access for your Artifact Registry repositories use the following command:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0959 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_GCP_101 |