diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
index 9849f3f64..f9b896276 100644
--- a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
+++ b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
@@ -1,6 +1,7 @@
{
"dashboard_name": "Bindings",
"description": "Primitive Role In Use",
+ "rationale": "Description:
Primitive roles grant significant privileges. In most cases, usage of these roles is not recommended and does not follow security best practice.
Note: This rule may flag Google-Managed Service Accounts. Google services rely on these Service Accounts having access to the project, and recommends not removing or changing the Service Account's role (see https://cloud.google.com/iam/docs/service-accounts#google-managed).
References:
- CIS Google Cloud Platform Foundations v1.0.0 1.4
",
"path": "cloudresourcemanager.projects.id.bindings.id",
"conditions": [ "and",
[ "cloudresourcemanager.projects.id.bindings.id.name", "containAtLeastOneOf", ["owner", "editor", "viewer"] ]
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
index 80e911a09..65b298a43 100644
--- a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
+++ b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
@@ -1,7 +1,7 @@
{
"dashboard_name": "Bindings",
"description": "Service Account with Admin Privileges",
- "rationale": "Description:
Service accounts represent service-level security of the Resources (application or a VM) which can be determined by the roles assigned to it. Enrolling ServiceAccount with Admin rights gives full access to assigned application or a VM, ServiceAccount Access holder can user, so It's recommended not to have Admin rights.
References:- CIS Google Cloud Platform Foundations v1.0.0 1.4
",
+ "rationale": "Description:
Service accounts represent service-level security of the Resources (application or a VM) which can be determined by the roles assigned to it. Enrolling Service Accounts with administrative privileges grants full access to assigned application or a VM, Service Account Access holder can user.
Note: This rule may flag Google-Managed Service Accounts. Google services rely on these Service Accounts having access to the project, and recommends not removing or changing the Service Account's role (see https://cloud.google.com/iam/docs/service-accounts#google-managed).
References:- CIS Google Cloud Platform Foundations v1.0.0 1.4
",
"path": "cloudresourcemanager.projects.id.bindings.id",
"conditions": [ "and",
[ "or",