Vanta recommends connecting your GCP organization, as doing so will allow Vanta to pull in all projects within the organization automatically. After the connection, you can mark any projects out of scope from the "configure scope" option on the integrations page.
Connecting a GCP Organization
- Enter the name of the organization you want to be scanned in GCP. This should be a domain, such as your-company.com.
- Select a project where you want to host the Vanta service account and enter the project ID. This project will need all the required APIs enabled for any resources you want to scan in Vanta.
- By clicking, you may modify these permissions; you can open the Configure required APIs for GCP projects tab and deselect any APIs you won't use.
- Scroll down and make a selection of resources to scan. Each resource will require a set of APIs to be enabled in the projects across your organization.
- Run the script via the steps in the linking flow. This script creates the Vanta service account in the project ID described earlier and applies permissions to that service account for scanning your GCP organization.
- Enable the selected APIs for all the projects in your organization. While only the APIs for the project hosting the service account are required for connecting with Vanta, Vanta will not scan projects with missing APIs. Make sure the required APIs are enabled in the project that hosts the Vanta service account.