What is a cloud security scanner?
The cloud security scanner identifies security vulnerabilities in your Google app engine web applications.
The scanner is designed to complement your existing secure design and development processes. To avoid distracting developers with false positives, the scanner errs on the side of under reporting and will not display low confidence alerts.
Prerequisites
- Google cloud platform account and subscriptions.
Step 1
Step 2
Activate cloud shell.
Then, click Continue.
Step 3
Download the sample app repository.
Run the following command with cloud shell,
Then go to the directory that contains the sample code,
cd python-docs-samples/appengine/standard/hello world
Step 4 - Test the App
From within the hello_world directory where the app’s app.yaml configuration file is located, start the local development server with the following command.
dev_appserver.py app.yaml
The local development server is now running and listening for requests on port 8080. Click on the web preview button in cloud shell, and select Preview on port 8080.
Press Ctrl+C to stop the local app and return to the command line.
Step 5 - Deploy the app
To run the following command,
gcloud app deploy
You’ll be asked to select a region, choose the number for one that is near where you are.
Step 6 - View the app
Run the following command,
gcloud app browse
Step 6 - Run the scan
Go to the Navigation menu > App Engine > Security scans
Click Enable API > Create scan
Click to create the scan.
Click Run to start scanning.
After your progress,
Result
Conclusion
That’s all. We have learned about the security scanner with App engine. I hope you understood how to handle the security scanner on the Google cloud platform.