7 Repos
Tools for auditing, scanning, and managing multi-cloud infrastructure security.
Explore 7 awesome GitHub repositories matching part of an awesome list · Cloud Security. Refine with filters or upvote what's useful.
Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast
Provides security auditing capabilities across diverse cloud providers to identify infrastructure vulnerabilities.
Steampipe is a cloud infrastructure query engine and API-to-SQL mapper that translates REST and GraphQL API responses into relational rows and columns. It allows for the retrieval and joining of real-time data from multiple cloud service providers using a relational database interface. The project functions as a PostgreSQL foreign data wrapper and an SQLite API extension, mapping external API endpoints to virtual tables. This enables the use of standard SQL to query live cloud services and aggregate data from different providers and service accounts into a single unified dataset. The system
SQL-based querying for cloud infrastructure and security benchmarks.
ScoutSuite is a multi-cloud security audit and configuration tool designed to identify security risks and misconfigurations across cloud environments. It functions as a security posture manager and compliance auditor, gathering resource metadata from cloud APIs to evaluate infrastructure against security benchmarks. The tool provides auditing capabilities for AWS, Google Cloud, DigitalOcean, and Kubernetes clusters and control planes. It distinguishes itself by decoupling data collection from analysis, allowing users to cache cloud configurations locally for offline auditing and iterative rul
Multi-cloud security scanning tool.
tfsec is a static analysis tool and infrastructure as code linter designed to detect security misconfigurations and compliance violations in Terraform infrastructure code. It functions as a cloud security posture tool and policy enforcement engine that evaluates configurations against established security benchmarks. The tool provides multi-cloud security auditing for providers including AWS, Azure, Google Cloud, and Kubernetes, as well as specialized scanning for DigitalOcean, OpenStack, CloudStack, and GitHub configurations. It identifies insecure settings such as public access or unencrypt
Detects security misconfigurations across identity, networking, storage, and compute resources in Google Cloud.
Cloud Custodian is an open-source rules engine that uses declarative YAML policies to query, filter, and take automated actions on cloud resources for governance and compliance. It functions as a stateless policy execution engine, where each policy evaluation runs as an independent, idempotent operation without maintaining internal state between runs. Policies are defined using a YAML-based domain-specific language that structures rules as a query-filter-action pipeline. The engine supports dry-run validation, allowing users to simulate policy actions against live resources without applying c
Framework for multi-cloud security analysis.
Cloudsploit is a cloud security posture management tool and multi-cloud security auditor. It audits cloud infrastructure for misconfigurations and compliance risks across multiple providers, specifically AWS and Azure, by evaluating resource configurations against a set of security plugins. The project functions as a cloud compliance scanner that maps infrastructure scan results to regulatory frameworks and security policy standards. It also serves as an automated cloud remediation tool, executing corrective actions to fix detected misconfigurations via SDK calls. The system covers resource
Detection of security risks in cloud infrastructure.
The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent.
GraphQL-based security analysis for cloud environments.