Step 1: Enable API
Login to the GCP account you wish to connect with Blue Hexagon and enable (e.g. via cloud shell) the following APIs.
gcloud services enable appengine.googleapis.com bigquery.googleapis.com cloudfunctions.googleapis.com cloudresourcemanager.googleapis.com cloudkms.googleapis.com compute.googleapis.com container.googleapis.com dataflow.googleapis.com dns.googleapis.com dataproc.googleapis.com iam.googleapis.com sqladmin.googleapis.com storage-component.googleapis.com recommender.googleapis.com monitoring.googleapis.com logging.googleapis.com serviceusage.googleapis.comĀ
Step 2: Create Service Account
Name the service account, e.g. bluehexagonsecurity
Grant the service account the following permissions:
Viewer
Security Reviewer
Storage Object Viewer
Step 3: Create and Export JSON Key File
Share the JSON key file with your Blue Hexagon representative, who will complete the registration for you.
Step 4: [Blue Hexagon Representative] Register Keyfile
Use attached script (bh_gcp_registration.py
) to register keyfile as follows:
python3 ./bh_gcp_registration.py -k keyfile.json -l <gcp saas license>
Step 5: Scanning
Scanning will begin immediately once the account registration has been completed and results will show in the Blue Hexagon portal.