GoogleCloudPlatform · gurusai-voleti · Jan 2, 2026 · Jan 2, 2026
@@ -24,12 +24,12 @@ This tutorial will walk you through setting up Scorecard for a single project.
     ```
 4. Create a GCS bucket for storing CAI data:
     ```
-    gsutil mb gs://$CAI_BUCKET_NAME
+    gcloud storage buckets create gs://$CAI_BUCKET_NAME
     ```
 5. Optionally, create a public GCS bucket to trigger a violation:
     ```
-    gsutil mb gs://$PUBLIC_BUCKET_NAME
-    gsutil iam ch allUsers:objectViewer gs://$PUBLIC_BUCKET_NAME
+    gcloud storage buckets create gs://$PUBLIC_BUCKET_NAME
+    gcloud storage buckets add-iam-policy-binding gs://$PUBLIC_BUCKET_NAME --member=allUsers --role=roles/storage.objectViewer
     ```
 6. Optionally, export the CAI data to GCS:
     ```
@@ -91,8 +91,8 @@ You can also run CFT Scorecard against locally downloaded CAI data:
 
 ```
 mkdir cai-dir
-gsutil cp gs://$CAI_BUCKET_NAME/resource_inventory.json ./cai-dir/
-gsutil cp gs://$CAI_BUCKET_NAME/iam_inventory.json ./cai-dir/
+gcloud storage cp gs://$CAI_BUCKET_NAME/resource_inventory.json ./cai-dir/
+gcloud storage cp gs://$CAI_BUCKET_NAME/iam_inventory.json ./cai-dir/
 ./cft scorecard --policy-path ./policy-library \
   --dir-path ./cai-dir
 ```

@@ -68,7 +68,7 @@ RUN apk upgrade --no-cache && \
 # Add all build scripts
 ADD ./build/*.sh /build/
 
-# Add cloud sdk first, gsutil required by some installers
+# Add cloud sdk first
 ARG CLOUD_SDK_VERSION
 RUN /build/install_cloud_sdk.sh ${CLOUD_SDK_VERSION}
 

@@ -38,4 +38,3 @@ gcloud components install alpha beta terraform-tools gke-gcloud-auth-plugin --qu
 rm -rf /usr/local/google-cloud-sdk/.install/.backup
 
 gcloud --version
-gsutil version -l
@@ -21,7 +21,7 @@ cd /build/install_tinkey
 
 TINKEY_VERSION=$1
 
-gsutil cp "gs://tinkey/tinkey-${TINKEY_VERSION}.tar.gz" .
+gcloud storage cp "gs://tinkey/tinkey-${TINKEY_VERSION}.tar.gz" .
 tar -xzf "tinkey-${TINKEY_VERSION}.tar.gz"
 
 install -o 0 -g 0 -m 0755 tinkey_deploy.jar /usr/bin/

@@ -532,7 +532,7 @@ function fix_headers() {
 # Given SERVICE_ACCOUNT_JSON with the JSON string of a service account key,
 # initialize the SA credentials for use with:
 # 1: terraform
-# 2: gcloud (passes SA creds implicitly to gsutil and bq-script)
+# 2: gcloud (passes SA creds implicitly bq-script)
 # 3: Kitchen and inspec
 #
 # Add service acocunt support for additional tools as needed, preferring the
@@ -563,7 +563,7 @@ init_credentials() {
   # https://github.com/inspec/inspec-gcp#create-credentials-file-via
   export GOOGLE_APPLICATION_CREDENTIALS="${tmpfile}"
 
-  # Login to GCP for using bq-script and gsutil
+  # Login to GCP for using bq-script
   gcloud auth activate-service-account --key-file="${GOOGLE_APPLICATION_CREDENTIALS}"
 }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -38,4 +38,3 @@ gcloud components install alpha beta terraform-tools gke-gcloud-auth-plugin --qu
		rm -rf /usr/local/google-cloud-sdk/.install/.backup

		gcloud --version
		gsutil version -l