GCP Security Web Scanner using Gmail account

Question

I've been trying to create a create a security scan for our GCP App-Engine deployment using the Web Security Scanner service and authenticating via a Gmail account(as per instructions found here).

I've tried three individual Gmail accounts (one is my own personal account and the other two were created specifically for this scan). However the scanner setup continues to complain:

"Could not sign in using the provided username and password"

There is a line in the instructions link that reads: "Google enforces a real name policy on Google accounts. If the name on your test account doesn't look real, the account might be blocked.". However two of the three Gmails accounts use the standard 'fname.lname@gmail.com' addresses, while the third is a 'initialLastName802@gmail.com' type.

Any pointers as to what might be wrong with my setup is appreciated.

Answer 1

I have tried to reproduce the error on my GCP and indeed, I could reproduce the same issue on my side. The error that I received was the below one, checking in the browser's console.

{
  "error": {
    "code": 400,
    "message": "Could not sign in using the setting provided by scan_config.authentication.",
    "status": "INVALID_ARGUMENT",
    "details": [
      {
        "@type": "type.googleapis.com/google.cloud.websecurityscanner.v1beta.ScanConfigError",
        "code": "FAILED_TO_AUTHENTICATE_TO_TARGET"
      }
    ]
  }
}

I have created an issue within the Google Issue Tracker - that you can access here - for this to be investigated by the Google team - you can contact them directly on their Support as well if you think they could faster for you or follow the issue that I opened with them.

Let me know if it helped you!