Forseti 1.0 was first launched at Google Cloud Next ‘17 about a year
ago. Since then, over 100 businesses and organizations have adopted Forseti,
helping to secure Google Cloud Platform (GCP) environments large and small.
We received great feedback on how we could improve Forseti, and insight
into new features you’d like to see. To make those improvements possible
and take Forseti to the next level, we’re making fundamental architectural
changes to Forseti. As a direct result of all our contributors’ hard work,
we are now ready to share some of the exciting new changes in Forseti 2.0!
New Features
- New Explain component to help you understand the effective roles and
permissions that Cloud IAM policies grant to your GCP resources.
- New command-line interface (CLI) client to operate all the Forseti components on demand.
- Parallelized inventory process.
- Easier to add new inventory types: Bucket Cloud IAM Policies, API Configurations,
Audit Logging Configurations, Networks, Subnetworks, and G Suite Users.
- New scanners for service account key rotation, audit log configuration,
and enabled APIs.
- Cloud IAM policy scanner now audits bucket Cloud IAM policies.
- A more intuitive installation process with better default rule files.
Architecture Improvements
- Centralized table for all GCP inventory data, with optimized schema and
indexes for easier and faster queries.
- New authentication library that negates the use of a separate G Suite service
account and exported key.
- Forseti Compute Engine VMs now run on the latest Ubuntu 18.04.
If you’d like to upgrade from version 1.0, see the
Forseti v2 upgrade guide.
If you’re new to Forseti and want to get started, see the
Forseti v2 installation guide.
As always, we are eager for you to get involved and add your ideas to take
Forseti to even greater heights!