Apply suggestions from code review

tariqdude · Jun 19, 2024 · 2eebfed · 2eebfed
1 parent 4d54599
commit 2eebfed
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/plugins/google/cloudfunctions/functionDefaultServiceAccount.js b/plugins/google/cloudfunctions/functionDefaultServiceAccount.js
@@ -5,10 +5,10 @@ module.exports = {
     title: 'Cloud Function Default Service Account',
     category: 'Cloud Functions',
     domain: 'Serverless',
-    severity: 'Low',
+    severity: 'Medium',
     description: 'Ensures that Cloud Functions are not using the default service account.',
-    more_info: 'Cloud Functions should use customized service accounts that have minimal privileges to run. Default service account has the editor role permissions. Due to security reasons it should not be used for any cloud function.',
-    link: 'https://cloud.google.com/functions/docs/securing',
+    more_info: 'Using the default service account for Cloud Functions can lead to privilege escalation and overly permissive access. It is recommended to use a user-managed service account for each function in a project instead of the default service account. A managed service account allows more precise access control by granting only the necessary permissions through Identity and Access Management (IAM).',
+    link: 'https://cloud.google.com/functions/docs/securing/function-identity',
     recommended_action: 'Ensure that no Cloud Functions are using the default service account.',
     apis: ['functions:list'],
     realtime_triggers: ['functions.CloudFunctionsService.UpdateFunction', 'functions.CloudFunctionsService.CreateFunction', 'functions.CloudFunctionsService.DeleteFunction'],