We previously announced the End-of-Life for Forseti 1.0
in October 2018. We have extended that timeline, and this is the last notice
that Forseti 1.0 will be removed from availability on March 15, 2019.
We strongly encourage any remaining Forseti 1.0 users to migrate to
Forseti 2.0 as there are many new features to help you to stay secure on
Google Cloud Platform (GCP).
New Features
- New CLI client to operate all Forseti components on demand
- Parallelized inventory process
- New inventories available: Bucket IAM Policies, API Configurations,
Audit Logging Configurations, Networks, Subnetworks, and G Suite Users, and
many more
- New scanners for service account key rotation, audit log configuration,
enabled APIs, location, KMS, and Kubernetes
- IAM policy scanner now audits bucket and other sub-project resource IAM
policies
- New Explain
component to help you understand the effective roles and permissions that
affect your GCP resources from the granted IAM policies
Architecture Improvements
- Centralized table for all GCP inventory data, with optimized schema and
indexes for easier and faster queries
- Faster inventory process with Cloud Asset Inventory
- Integration with Cloud Security Command Center (Cloud SCC) beta
- Negates the use of a separate G Suite service account and exported key
- Forseti VMs on Google Compute Engine (GCE) now run on the latest Ubuntu 18.04
- A more intuitive installation process using Terraform, and with better
default rule files
To upgrade from Forseti version 1.0, please see the Forseti v2 upgrade guide.
If you are new to Forseti, please see the Forseti v2 installation guide
to get started.
Thank you,
The Forseti Security team at Google