Skip to main content

Glean on Cloud-Prem

Welcome to the Glean on Cloud-Prem section. Here, you can view all help articles and documentation related to using Glean on cloud platforms. Whether you are just getting started or need advanced troubleshooting, you will find the information you need here.

Google Cloud Platform (GCP)

Hosting Glean in your company’s own GCP account

Amazon Web Services (AWS)

Hosting Glean in your company’s own AWS account

Security Monitoring and Tooling

The on-prem deployment of Glean can be monitored by security tools. In general, any security tool that performs read-only monitoring of the cloud environment without modification of the deployed resources is fully supported. This includes many CSPM products.

Glean and Wiz

For more enhanced monitoring, Glean fully supports Wiz runtime sensors, which can be installed on all compute resources within the Glean environment for additional security monitoring capabilities.

For more information on how to set up the Wiz sensors, please see the corresponding links:

  1. Wiz sensors in AWS
  2. Wiz sensors in GCP

Glean and CrowdStrike

For more enhanced monitoring, Glean fully supports Crowdstrike Falcon sensors, which can be installed on all compute resources within the Glean environment for additional security monitoring capabilities.

For more information on how to set up the Falcon sensors, please see the corresponding links:

  1. CrowdStrike Falcon sensors in AWS
  2. CrowdStrike Falcon sensors in GCP

Security Vulnerability Reports

Glean publishes an authoritative vulnerability report with every release so your security team can see which CVEs affect Glean-managed container images in your environment, along with severity assessments and remediation status. Each report is exported as both:

  • An interactive HTML report
  • A machine-readable CSV file
note

You should leverage this report to compare and contrast with your own security tooling to get a full understanding on which vulnerabilities are outstanding and how they rank, along with an estimated ETA for Glean to resolve.

Glean internally leverages Wiz to generate these reports and filters out false positives with notes on our reasoning for making that determination.

Please consult with this first before submitting a support ticket should you detect security vulnerabilities in your internal tooling.

These are stored in your deployment's release-notes S3 or GCS bucket alongside your regular release notes for each Glean release.

What the vulnerability report covers

The report is scoped to components Glean builds and maintains:

  • Container images built by Glean for services that run in your environment.
  • Only Glean-managed components, not your cloud provider's managed infrastructure.

This is the canonical source for:

  • Which CVEs currently affect Glean-managed images in your deployment.
  • How Glean has rated their severity (often different from generic NVD scores).
  • Whether a fix is already available, planned, or not applicable in your configuration.

The report is updated on every Glean release (approximately twice a week), so it tracks the current state of Glean-managed images over time.

The vulnerability-report HTML and CSV artifacts are in the same release folder for the given release version that you have installed.

Last updated on