Gcp Lifecycle Not Defined
Description
Detects Google Cloud Storage buckets that do not have lifecycle management rules defined. Missing lifecycle rules can lead to unnecessary storage costs and security risks as old or unused data is not automatically cleaned up or transitioned to appropriate storage classes.
Detection Strategy
• Scans all Cloud Storage buckets in the GCP project
• Checks if each bucket has any lifecycle rules configured in its properties
• Reports a vulnerability if a bucket's lifecycle_rules list is empty
• Includes the bucket path and project ID in the vulnerability report for identification
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.