[REVIEW] gcp-review: add Cloud Run ingress and identity evidence gates

[z707693052]

Skill Being Reviewed

Skill name: gcp-review
Skill path: skills/cloud/gcp-review/

False Positive Analysis

Benign public Cloud Run API that should not be failed solely because it is reachable from the internet:

resource "google_cloud_run_v2_service" "public_api" {
  name     = "public-api"
  location = "us-central1"
  ingress  = "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER"

  template {
    service_account = google_service_account.public_api.email

    containers {
      image = "us-docker.pkg.dev/example/prod/public-api@sha256:def456"
    }
  }
}

resource "google_cloud_run_v2_service_iam_member" "public_invoker" {
  project  = google_cloud_run_v2_service.public_api.project
  location = google_cloud_run_v2_service.public_api.location
  name     = google_cloud_run_v2_service.public_api.name
  role     = "roles/run.invoker"
  member   = "allUsers"
}

Why this is a false positive:

Some Cloud Run services are intentionally public APIs. Google documents that Cloud Run ingress and IAM are separate layers, and that Internal and Cloud Load Balancing can force internet traffic through an external Application Load Balancer where Cloud Armor, IAP, CDN, or other edge controls can apply. A review should not automatically fail an explicit public API if the public path, invoker decision, least-privilege runtime service account, immutable image, and audit evidence are documented.

Coverage Gaps

Missed variant 1: sensitive Cloud Run service directly reachable from the internet

resource "google_cloud_run_v2_service" "admin_api" {
  name     = "admin-api"
  location = "us-central1"
  ingress  = "INGRESS_TRAFFIC_ALL"
}

Why it should be caught:

The current GCP skill covers generic IAM, VPC, Cloud SQL, storage, and VM exposure, but does not require Cloud Run-specific ingress evidence. A service can expose a public run.app URL without any VM public IP or firewall rule.

Missed variant 2: public invoker IAM on non-public service

resource "google_cloud_run_v2_service_iam_member" "noauth" {
  name     = google_cloud_run_v2_service.admin_api.name
  location = google_cloud_run_v2_service.admin_api.location
  role     = "roles/run.invoker"
  member   = "allUsers"
}

Why it should be caught:

Cloud Run public access is often granted through roles/run.invoker on allUsers. The skill's existing public IAM examples focus on GCS, BigQuery, and KMS, so a Cloud Run service can become unauthenticated without appearing in the current checklist.

Missed variant 3: default service account or broad runtime identity

resource "google_cloud_run_v2_service" "worker" {
  name     = "worker"
  location = "us-central1"

  template {
    containers {
      image = "us-docker.pkg.dev/example/prod/worker:latest"
    }
  }
}

Why it should be caught:

Google recommends user-managed service accounts for Cloud Run service identity. If no service account is configured, Cloud Run can use the Compute Engine default service account, which may still have broad permissions in older projects.

Missed variant 4: private dependency access without VPC egress evidence

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  annotations:
    run.googleapis.com/ingress: all
spec:
  template:
    spec:
      containers:
        - image: us-docker.pkg.dev/example/prod/app:latest

Why it should be caught:

Cloud Run can access private dependencies through Direct VPC egress or Serverless VPC Access connectors. The review should record egress mode, Shared VPC permissions, firewall evidence, Cloud NAT, and whether all-traffic is justified.

Missed variant 5: mutable images and missing Binary Authorization evidence

resource "google_cloud_run_v2_service" "payments" {
  template {
    containers {
      image = "us-docker.pkg.dev/example/prod/payments:latest"
    }
  }
}

Why it should be caught:

Cloud Run can use Binary Authorization to enforce trusted images. Production services should have image digest/provenance evidence, vulnerability scanning, and breakglass audit evidence where Binary Authorization is used.

Edge Cases

• Public Cloud Run services can be legitimate; the report should distinguish intended public APIs from accidental public admin/internal services.
• INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER is not the same as direct public run.app reachability; edge controls and serverless NEG/load balancer evidence matter.
• Service-to-service calls may use IAM authentication even when network ingress is internal; both layers should be recorded.
• Direct VPC egress and Serverless VPC Access connectors solve egress, not inbound private access; reviewers should avoid treating them as inbound controls.
• Binary Authorization breakglass can be legitimate during incidents but needs approval, justification, expiration, and audit evidence.

Remediation Quality

• Fix resolves the vulnerability
• Fix doesn't introduce new security issues
• Fix doesn't break functionality
• Issues found: Add supplemental Cloud Run gates to gcp-review for ingress mode, public invoker IAM, service identity, VPC egress, Shared VPC permissions, Binary Authorization, image provenance, and audit evidence.

Comparison to Other Tools

Tool	Catches this?	Notes
Google Cloud Security Command Center	Partial	Can surface some public exposure or misconfiguration, but IaC review still needs intended ingress, identity, and release evidence.
Policy Controller / Config Validator	Partial	Can enforce selected Terraform/YAML policies when configured, but coverage depends on custom constraints.
Terraform scanners	Partial	Often flag allUsers or mutable tags but miss the combined Cloud Run request path, IAM, VPC egress, and Binary Authorization evidence chain.
Manual architecture review	Yes	Can tie ingress, invoker IAM, service identity, private dependency access, and release provenance together.

Overall Assessment

Strengths:

• The skill has solid CIS GCP coverage across IAM, logging, networking, VMs, storage, Cloud SQL, and BigQuery.
• Existing public IAM and service account guidance provides a good base for Cloud Run-specific checks.
• The report structure can accommodate supplemental findings without changing CIS scoring.

Needs improvement:

• Add Cloud Run service/job discovery for Terraform, Knative YAML, and gcloud exports.
• Record ingress and invoker IAM separately so public APIs are not over- or under-flagged.
• Require service identity, VPC egress, Shared VPC permission, and Binary Authorization evidence for production serverless workloads.
• Add Not Evaluable states when only static manifests are available and runtime IAM/audit evidence is missing.

Priority recommendations:

1. Add a supplemental Cloud Run checklist with GCP-RUN-* controls reported separately from CIS GCP scores.
2. Add output fields for resource, region, ingress, invoker IAM, service identity, VPC egress, Binary Authorization, image provenance, and audit evidence.
3. Include Terraform and Knative YAML examples for both benign and vulnerable configurations.
4. Calibrate severity by data sensitivity, public reachability, invoker scope, runtime identity privilege, and deployment provenance.

References

• Cloud Run ingress controls: https://cloud.google.com/run/docs/securing/ingress
• Cloud Run IAM access control: https://cloud.google.com/run/docs/securing/managing-access
• Cloud Run public unauthenticated access: https://cloud.google.com/run/docs/authenticating/public
• Cloud Run service identity: https://cloud.google.com/run/docs/securing/service-identity
• Cloud Run Direct VPC egress: https://cloud.google.com/run/docs/configuring/vpc-direct-vpc
• Cloud Run VPC connectors: https://cloud.google.com/run/docs/configuring/vpc-connectors
• Cloud Run Binary Authorization: https://cloud.google.com/run/docs/securing/binary-authorization
• Terraform google_cloud_run_v2_service: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service

Bounty Info

• I have read and agree to the CONTRIBUTING.md bounty terms
• Preferred payment method: PayPal or Base USDC, details to be provided privately after acceptance

[lcwLcw123]

/attempt #1208

[lcwLcw123]

Implementation PR submitted: #1229

Bounty requested: Improver Moderate ($100) if accepted.

Summary:

• Added Cloud Run Ingress and Identity Evidence as a supplemental GCP review step.
• Added Cloud Run Evidence output fields for service, region, ingress, invoker IAM, service identity, VPC egress, image provenance, edge controls, audit evidence, and findings.
• Added findings classification for public INGRESS_TRAFFIC_ALL, unauthenticated roles/run.invoker, default/broad runtime identities, missing image provenance, missing Binary Authorization evidence, and missing VPC egress evidence.
• Extended benchmark-checklist.md with GCP-RUN-1 through GCP-RUN-5 checks.
• Added fixtures for a benign public API routed through internal load balancer ingress with user-managed service identity and a vulnerable public admin API using default identity and mutable tag.

Validation performed:

• Red-first marker check failed before edits for the new Cloud Run gate terms.
• Marker checks for Cloud Run Evidence, GCP-RUN controls, Cloud Run ingress constants, roles/run.invoker, service identity, Binary Authorization, Direct VPC egress, VPC connector, and allUsers evidence.
• git diff --check
• git diff --cached --check
• Required frontmatter sweep across skills/**/SKILL.md
• Markdown fence balance check for gcp-review markdown
• ASCII byte scan for changed and untracked files
• Prompt-injection phrase scan for changed gcp-review files
• Official source URL checks returned 200 for Cloud Run ingress, IAM access control, service identity, Direct VPC egress, and Binary Authorization docs.

Preferred payment method: GitHub Sponsors; PayPal can be provided privately if preferred.