Google Cloud Rules
Google Cloud Platform CLI for compute, storage, networking, Kubernetes Engine, and cloud resource management.
3 rules
Enable Cloud Audit Logging
Beginner
Enable Cloud Audit Logs on all GCP projects for admin activity, data access, and system events — required for security monitoring, incident response, and compliance.
globs: **/*.tf, **/*.yaml, **/*.yml, **/gcloud/**, **/logging/**
audit-logging, security-monitoring, compliance, cloud-logging
View Rule
Never Export Service Account Keys
Intermediate
GCP service account JSON key files must never be created or exported — use Workload Identity Federation, attached service accounts, or Application Default Credentials instead.
globs: **/*.tf, **/*.yaml, **/*.yml, **/*.json, **/gcloud/**, **/.github/**
service-account-keys, workload-identity, security, credentials
View Rule
Mandatory Project and Resource Labels
Beginner
Every GCP project and resource must have mandatory labels for cost attribution, ownership tracking, and environment identification — enforced via Organization Policies.
globs: **/*.tf, **/*.yaml, **/*.yml, **/gcloud/**
labels, cost-attribution, governance, naming-conventions
View Rule