Error messages
Learn how to resolve some errors raised by Security Command Center. This topic discusseserrors whose resolutions require more steps than can be easily described in anerror message.
Note: For more troubleshooting information, seeTroubleshooting. In addition,Security Command Center provides error detectors, which reportconfiguration errors that prevent Security Command Center and its services fromworking properly. Each error finding includes suggested remediation steps.For more information, seeSecurity Command Center errors.Notifications
You might get the following errors when you use the Security Command Center APInotifications feature.
Error reading credential file from environment variable
java.lang.RuntimeException: java.io.IOException: Error reading credential filefrom environment variable GOOGLE_APPLICATION_CREDENTIALS
This error occurs when you try to use the Security Command Center notifications APIand the service account keys aren't accessible. To resolve this error, do thefollowing:
- Complete the steps toset up a service account and get theservice account key.
- If you're using an IDE like Intellij, make sure that your developmentenvironment is configured to point to the location where the service accountkey is stored.
Invalid choice:add-iam-policy-binding
ERROR: (gcloud.pubsub.topics) Invalid choice: 'add-iam-policy-binding'
This error most commonly occurs when you aren't using the most current versionof the Google Cloud CLI. To resolve this error, update to the latestgcloud CLI version by running:
gcloudcomponentsupdateWeb Security Scanner
To contact us about the error messages below,send feedback about the specific scan.
| Error message | Description |
|---|---|
| The app often redirected the scanner to an authentication page | If you're using Google authentication, the scanner detects auth redirects. Most likely the credentials you're using to scan the site are invalid. To check the validity of credentials, start a Chrome incognito session and try to log in with the test credentials on your application. |
| The app produced a high number of errors during this scan | Web Security Scanner found that a high percentage of requests resulted in4xx or5xx HTTP responses. Verify your scanning credentials and the target URL. If the problem continues to occur,file a bug. |
| The scan found a small number of results during crawling | Web Security Scanner didn't find many pages to test. This error is expected for sites that don't often change the URL and sites that have application features behind multi-step navigation bars. Try adding more seed URLs, like the URL for each feature that a navigation bar leads to. |
| The scan found too many URLs while crawling results and has not tested all of them. | This problem can appear if your app has many URLs that lead to the same template. In this case,file a feature request and the team might be able to tune the duplicate-page logic for you. |
| An internal error occurred during the scan. | This message can indicate one or more internal errors. If you get this message,send feedback about the specific scan. |
| The scan timed out while crawling the app | There is a time limit for each stage of the crawler.
|
| The scan triggered a DDOS protection mechanism and has been stopped | This error is caused by too many queries, too fast. Try reducing the Queries Per Second (QPS). |
Fixing issues
If Web Security Scanner reports an issue, you need to disable browsercross-site scripting (XSS) protection and then verify the location. For moreinformation, seeVerify the issue.
Important: If you disable XSS protection in the browser, only use that browserinstance to test your own security issues.What's next
Learn aboutSecurity Command Center errors.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-20 UTC.