This quickstart describes how to get started with Forseti Scanner. Forseti Scanner uses a JSON or YAML rules definition file to audit your Google Cloud Platform (GCP) resources, such as organizations or projects. After running the audit, Forseti Scanner outputs rule violations to Cloud SQL and optionally writes it to Cloud Storage bucket.

Configuring Scanner

Forseti Scanner runs in batch mode, executing each scanner serially for each run. To modify the scanner settings:

  1. Open forseti-security/configs/server/forseti_conf_server.yaml.
  2. Navigate to the scanner > scanners section.
  3. Edit the enabled property for the appropriate scanners. true enables the scanner, and false disables the scanner.

When you’re finished making changes, run the configuration reload command to update the configuration of the server.

You can learn how to run the Forseti Scanner.

What’s next