Issues overview
Issues are notable security risks that Security Command CenterPremium and Enterprise have identified in your cloud environments. They'reavailable in theSecurity Command Center section (Premium) or theRisksection (Enterprise) of the Google Cloud console, giving you the opportunity torespond quickly to vulnerabilities and threats.
Issues are discovered through virtual red teaming andrule-baseddetections. For example, a detection with the nameHigh Risk CVE on GCE with direct access to a high valueresource covers the following situation:
- A high-risk, common vulnerability or exposure (CVE) has been identified on aCompute Engine VM in your cloud environment.
- That compromised VM has access to ahigh value resourcethrough a service account.
A detection can discover multiple instances of an issue.By default, in the Google Cloud console, issues with the sameseverity and detection are grouped together.
Issue sources
Issues are classified as medium, high, or critical severity,and come from the following sources:
Issue lifecycle
Issues remain active until they are resolved. You canresolve issues by fixing the findings referenced in the issuesor by deleting the affected resources.
Inactive issues have a retention period of 90 days, after which theyare deleted. ForCorrelated Threats issues (Preview), the retention period is 14 days.
What's next
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-17 UTC.