Report Policy Controller and OPA Gatekeeper audit violations in Security Command Center.

cloud-security-command-center, gatekeeper, gcp, gke, google-cloud-platform, kubernetes, policy-controller
go get



gatekeeper-securitycenter allows you to use Security Command Center as a dashboard for Kubernetes resource policy violations.

gatekeeper-securitycenter is:


gatekeeper-securitycenter requires Security Command Center Standard tier.


Before installing the gatekeeper-securitycenter controller, create all of the following resources:

  • a Kubernetes cluster, for instance a Google Kubernetes Engine (GKE) cluster
  • Policy Controller or OPA Gatekeeper installed in the Kubernetes cluster
  • a Security Command Center source
  • a Google service account with the Security Center Findings Editor role on the Security Command Center source

To create these prerequisite resources, choose one of these options:

  1. Use the kpt package in the setup directory. This package creates resources using Config Connector.

  2. Use the shell scripts in the scripts directory. These scripts create resources using the gcloud tool from the Google Cloud SDK.

  3. Follow the step-by-step instructions in the accompanying tutorial.

For all options, you must have an appropriate Cloud IAM role for Security Command Center at the organization level, such as Security Center Admin Editor. Your organization administrator can grant you this role.

If your user account is not associated with an organization on Google Cloud, you can create an organization resource by signing up for either Cloud Identity or Google Workspace (formerly G Suite) using a domain you own. Cloud Identity offers a free edition.

Installing the gatekeeper-securitycenter controller

Install the gatekeeper-securitycenter controller in your cluster by following the steps in the kpt package documentation.



This is not an officially supported Google product.