Google Cloud Platform APIs can be disabled or enabled depending on the project-level use case. Many CSPM plugins check for configurations that exist within those service APIs. When the service is disabled, CSPM gets an error response from GCP, which was previously listed on CSPM scan reports as an "UNKNOWN" result.


Starting April 26, 2021, CSPM now marks these plugins that are checking disabled services as "PASS" with the message "Service is not enabled." Because the service is not enabled, there is no misconfiguration.


Google Cloud Platform Projects will no longer show UNKNOWN results when services are disabled in GCP:



Aqua CSPM will display a PASS result instead of UNKNOWN when Google Cloud Platform API is not in use, the information message will read: Service is Not Enabled




Services that are not enabled which represent vulnerabilities in the cloud account or are must be configured according to compliance requirements will FAIL.