Everything you need to audit Google Workspace security

199 checks. 4 frameworks. Actionable remediation for every finding.

Four security frameworks, one tool

Comprehensive coverage across industry-leading benchmarks and best-practice guides.

CIS 84 checks

CIS Google Workspace Foundations Benchmark

v1.3.0 — Industry-standard security configuration benchmark with Level 1 and Level 2 profiles for graduated hardening.

L1 L2
CISA SCuBA 82 checks

CISA Secure Cloud Business Applications

Based on official ScubaGoggles baselines. Federal-grade security controls for Google Workspace environments.

Federal
Google 20 checks

Google Security Checklist

Google's own Security Checklist and vendor-recommended best practices for Medium & Large Businesses.

Official
Other 13 checks

Best Practice & Expert Guides

Curated checks from hands-on practitioner experience and industry best practices beyond the major frameworks.

Expert

Complete coverage across all Google Workspace services

Every service area audited with framework-mapped checks and remediation guidance.

Directory

5 checks

User accounts, super admins, MFA enforcement, org units

Gmail

44 checks

DMARC, SPF, DKIM, spam, phishing, DLP, forwarding

Drive & Docs

30 checks

Sharing, external access, DLP, desktop sync

Calendar

10 checks

External sharing, interop, appointments

Chat

13 checks

History, external access, DLP, reporting

Meet

10 checks

Join controls, recording, host management

Groups

12 checks

External access, creation, visibility

Security

59 checks

MFA, SSO, session management, recovery, app access

Classroom

6 checks

Membership, API access, roster import

Gemini

5 checks

Unlicensed access, alpha features

Marketplace

1 check

App restrictions, allowlisting

Sites

2 checks

Site creation, external sharing

Reporting & Rules

13 checks

Audit logging, alert rules

Audit in four steps

From authentication to actionable report in minutes, not weeks.

1

Authenticate

Service account or OAuth 2.0. Connect to your GWS tenant in minutes.

2

Collect

Automated data collection from 11 Google APIs and DNS records.

3

Evaluate

Run 199 checks across 4 frameworks with intelligent pass/fail logic.

4

Report

HTML dashboard, JSON, CSV exports. AI-powered analysis.

Built for security teams

Powerful features to streamline your Google Workspace security auditing workflow.

AI Security Analyst

Chat with your findings. Get remediation guidance in natural language. Supports OpenAI, Anthropic, and AWS Bedrock.

Interactive Dashboard

Plotly Dash dashboard with compliance views, drill-down, filtering. Real-time exploration of audit results.

Multiple Output Formats

HTML report with executive summary, JSON for automation, CSV for spreadsheets. All generated in one run.

Docker & CI/CD Ready

Run as a Docker container, in GitHub Actions, or as a cron job. Built for automation pipelines.

Organizational Units

Audit specific OUs or the entire organization. Scoped checks for complex GWS deployments.

Caching & Offline

Cache API data for re-analysis. Run checks against cached data without re-authenticating.

Ready to audit your Google Workspace?

Start with the open-source edition or get a full-featured trial. Either way, your first audit is minutes away.

View on GitHub Start Free Trial