GCP Container Registry repositories are anonymously or publicly accessible
Description
Code Example
shell
{
"gsutil iam ch -d PRINCIPAL gs://BUCKET-NAME
",
}Remediation
- GCP Console*
To remove anonymous or public access to your GCR repositories:
. Log in to the GCP Console at https://console.cloud.google.com.
. Navigate to https://console.cloud.google.com/gcr/settings [GCR Settings].
. Under Public access locate the repositories that say * PUBLIC* under the Visibility column.
. Select the dropdown and switch to * PRIVATE*.
- CLI Command*
To remove anonymous or public access to your GCR repositories use the `gsutil` command:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0994 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV2_GCP_9 |