Introducing Custom Governance Beta
Marten van Wezel
Hello Forseti Community,
We know things have been quiet, and this was not just due to covid (hopefully you have been well) - we now want to share some exciting developments!
Over the past two years we’ve often heard that customers want Google to offer an officially supported version of Forseti that is easier to use. For the past 9 months we’ve been working to bring Forseti-like capabilities to a new product called Custom Governance:
Plug and play your existing config validator constraints whilst removing scalability concerns for big organizations.
BigQuery SQL-based policies enabling joining Resources, IAM Policies, Organization Policies and VPC SC policies.
Rich UI for authoring and testing policies and viewing violations with snapshots of assets and policies
Notification channels: Cloud Security Command Center, Cloud Storage(csv) and BigQuery
Deploy to a customer’s GKE cluster using Marketplace or Terraform
Official Google Cloud Support: sitting under our Terms of Service, which includes the ability to use Google Support to help troubleshoot any issues.
If you or your customers would like access, you’re welcome to fill out the allowlisting form (more details on install below).
What about Forseti?
If you’re a passionate user of OSS Forseti, don’t worry. Forseti isn’t going away, and the team will continue to provide management and help for the community. We hope you’ll find Custom Governance an upgrade worth making.
Roadmap and Plans?
Pubsub export and real-time scanning should be with us soon. We are still working on our longer-term plans, more detail when we have it. In the meantime your feedback on CG will be critically important for us to determine our priorities.
What about Security Health Analytics (SHA)?
Security Health Analytics, part of CSCC, is a managed, turn-key solution for customers whose needs match well with defined standards like CIS. Custom Governance provides additional scanning coverage for those who want finer-grained control, customization and advanced dashboarding, however CG results can be also consumed in CSCC.
Feedback!
We would love to hear how this product can solve problems for you, and especially if not, or not completely, then what do the gaps look like? What would you like to see us focus on? Please reach out to let us know.
Resources?
Please check out the feature demo video for Custom Governance.
Visit our playground instance at https://cg-demo-team.dev/ (available after filling the allowlisting form).
Documentation (available after completing the allowlisting form).
Mailgroups: Announcements and Discussion (hosted on Google Groups)
Chat
We will be present at the Forseti Slack Channel during our office hours - every Tuesday between 9am and 10am PST, and otherwise we will try to respond within 1 business day.
Installation
Please fill out this allowlisting form to get access to the resources.
Marketplace installation (Click-to-Deploy approach and command line approach)
Please read the Installation guide on installing the application from the GCP Marketplace listing before installation.
It is also recommended to watch the Step by step Installation video to get familiar with the installation steps before installation.
Terraform installation
Installation guide using private IP for the web application is available upon request to custom-gov...@google.com for the moment.
Thank you,
-Marten on behalf of the Custom Governance team