Stay organized with collections
Save and categorize content based on your preferences.
This document describes how to download risk reports that are
generated for your Security Command Center organization.
Risk reports provide insights into potential attack paths and exposures within
your Google Cloud environment. You can download reports to review findings and
share information with security management and analysts.
Required roles
Before you download a risk report, verify that you meet the following
requirements:
To get the permissions that
you need to download a risk report,
ask your administrator to grant you the
following IAM roles on Security Command Center organization:
All:
Risk report viewer role (securitycenter.riskReportsViewer)
From the Download Risk Report window, select the report that you want to
download. You can select the latest report or a report from a specific date
within the last 30 days.
The Google Cloud console provides quick links to download the Most
recent report, the report from 1 week ago, and the report from 30
days ago. The quick links include the timestamp or date of the report. The
first page of the downloaded report includes a timestamp that indicates when
data for the report was collected.
Optional. If you want to choose a report that the quick links didn't locate,
choose an option in Select a report date.
Choose your encryption option: Add password encryption (the default
option) or Do not password encrypt.
If you want to encrypt the PDF file, you must provide a password between
12-16 characters, using any combination of ASCII letters, numbers, and
symbols. Google Cloud does not store or provide password recovery if
you lose the password.
Click Download.
The report is downloaded as a PDF file to the system that you're using.
Typically, the file is available in the browser downloads folder by default.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-03 UTC."],[],[],null,["| **Preview**\n|\n|\n| This feature is subject to the \"Pre-GA Offerings Terms\" in the General Service Terms section\n| of the [Service Specific Terms](/terms/service-terms#1).\n|\n| Pre-GA features are available \"as is\" and might have limited support.\n|\n| For more information, see the\n| [launch stage descriptions](/products#product-launch-stages).\n\n\u003cbr /\u003e\n\n| Premium and Enterprise [service tiers](/security-command-center/docs/service-tiers) (requires [organization-level activation](/security-command-center/docs/activate-scc-overview#overview_of_organization-level_activation))\n\nThis document describes how to download risk reports that are\ngenerated for your Security Command Center organization.\n\nRisk reports provide insights into potential attack paths and exposures within\nyour Google Cloud environment. You can download reports to review findings and\nshare information with security management and analysts.\n\nRequired roles\n\nBefore you download a risk report, verify that you meet the following\nrequirements:\n\n\nTo get the permissions that\nyou need to download a risk report,\n\nask your administrator to grant you the\nfollowing IAM roles on Security Command Center organization:\n\n- All: Risk report viewer role (`securitycenter.riskReportsViewer`)\n\n\nFor more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\nYou might also be able to get\nthe required permissions through [custom\nroles](/iam/docs/creating-custom-roles) or other [predefined\nroles](/iam/docs/roles-overview#predefined).\n\nDownload a risk report\n\nDownload a risk report as a PDF from the Google Cloud console.\n\n1. In the **Security** navigation menu in Security Command Center, click **Download Risk Report**.\n\n [Go to Security Command Center](https://console.cloud.google.com/security/command-center/overview)\n | **Note:**\n | - If you don't have the required role to download a report, the Google Cloud console displays a message indicating the necessary permissions.\n | - If you have the required role but a risk report is not available, the system scan is still running. The report becomes available after the scan completes.\n2. From the **Download Risk Report** window, select the report that you want to\n download. You can select the latest report or a report from a specific date\n within the last 30 days.\n\n The Google Cloud console provides quick links to download the **Most\n recent** report, the report from **1 week ago** , and the report from **30\n days ago**. The quick links include the timestamp or date of the report. The\n first page of the downloaded report includes a timestamp that indicates when\n data for the report was collected.\n3. Optional. If you want to choose a report that the quick links didn't locate,\n choose an option in **Select a report date**.\n\n4. Choose your encryption option: **Add password encryption** (the default\n option) or **Do not password encrypt**.\n\n If you want to encrypt the PDF file, you must provide a password between\n 12-16 characters, using any combination of ASCII letters, numbers, and\n symbols. Google Cloud does not store or provide password recovery if\n you lose the password.\n5. Click **Download**.\n\nThe report is downloaded as a PDF file to the system that you're using.\nTypically, the file is available in the browser downloads folder by default.\n\nWhat's next\n\nTo learn more, see [Risk reports overview](/security-command-center/docs/risk-reports-overview)."]]
