awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-Source-AlternativenSelf-hosted SoftwareBlogSitemap
ProjektÜber unsRanking-MethodikPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

14 Repos

Awesome GitHub RepositoriesCloud Auditing Tools

Utilities for assessing cloud infrastructure configurations against security best practices.

Distinguishing note: Focuses on auditing existing cloud environments rather than scanning local files.

Explore 14 awesome GitHub repositories matching security & cryptography · Cloud Auditing Tools. Refine with filters or upvote what's useful.

Awesome Cloud Auditing Tools GitHub Repositories

Finde die besten Repos mit KI.Wir suchen mit KI nach den am besten passenden Repositories.
  • aquasecurity/trivyAvatar von aquasecurity

    aquasecurity/trivy

    36,462Auf GitHub ansehen↗

    Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai

    Assesses cloud platform configurations against security best practices to identify exposure.

    Gocontainersdevsecopsdocker
    Auf GitHub ansehen↗36,462
  • dxa4481/trufflehogAvatar von dxa4481

    dxa4481/truffleHog

    26,790Auf GitHub ansehen↗

    TruffleHog is a secret scanning tool designed to identify leaked credentials and API keys across version control systems, cloud storage, and filesystems. It functions as a git secret detector that enumerates hidden commits and a cloud storage security auditor for inspecting container images and storage buckets. The project is distinguished by a credential verification engine that tests discovered secrets against service APIs to confirm they are active, which eliminates false positive alerts. It further analyzes these verified credentials to determine the specific access levels and resources t

    Scans Docker images, cloud storage buckets, and database clusters for embedded secrets and sensitive configuration data.

    Go
    Auf GitHub ansehen↗26,790
  • pulumi/pulumiAvatar von pulumi

    pulumi/pulumi

    24,797Auf GitHub ansehen↗

    Pulumi is an infrastructure-as-code framework that enables the definition, deployment, and management of cloud resources using general-purpose programming languages. It functions as a cloud resource orchestrator that coordinates the lifecycle of heterogeneous infrastructure by executing code to construct dependency graphs and reconciling the desired state against actual cloud environments. The platform distinguishes itself through a language-host runtime bridge that allows developers to use standard programming languages to define infrastructure, rather than relying solely on domain-specific

    Scans and indexes existing cloud resources across accounts and regions for governance and compliance monitoring.

    Goawsazurecloud
    Auf GitHub ansehen↗24,797
  • toniblyx/prowlerAvatar von toniblyx

    toniblyx/prowler

    14,005Auf GitHub ansehen↗

    Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast

    Scans cloud environments to identify security misconfigurations and vulnerabilities across multiple providers.

    Python
    Auf GitHub ansehen↗14,005
  • alfresco/prowlerAvatar von Alfresco

    Alfresco/prowler

    14,005Auf GitHub ansehen↗

    Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform cove

    Automates security checks across multiple cloud providers to identify vulnerabilities and infrastructure misconfigurations.

    Python
    Auf GitHub ansehen↗14,005
  • prowler-cloud/prowlerAvatar von prowler-cloud

    prowler-cloud/prowler

    13,049Auf GitHub ansehen↗

    Prowler is an automated cloud infrastructure security scanner and posture management tool. It evaluates cloud environments and infrastructure-as-code templates against security benchmarks to identify misconfigurations, vulnerabilities, and compliance gaps that could compromise system integrity. The platform distinguishes itself through graph-based attack path analysis, which identifies chains of misconfigurations that create exploitable routes for unauthorized access. It utilizes a plugin-based execution model to perform state-based assessments of live environments and static analysis of conf

    Scans cloud infrastructure configurations against security benchmarks and industry best practices to identify vulnerabilities.

    Pythonawsazurecis-benchmark
    Auf GitHub ansehen↗13,049
  • aws/aws-cdkAvatar von aws

    aws/aws-cdk

    12,817Auf GitHub ansehen↗

    The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It

    Records and logs API activity within cloud accounts to provide a detailed audit trail of infrastructure changes.

    TypeScriptawscloud-infrastructurehacktoberfest
    Auf GitHub ansehen↗12,817
  • boto/boto3Avatar von boto

    boto/boto3

    9,834Auf GitHub ansehen↗

    Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage. The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and contain

    AWS retrieves check descriptions and triggers manual refreshes of optimization checks.

    Pythonawsaws-sdkcloud
    Auf GitHub ansehen↗9,834
  • harisekhon/devops-bash-toolsAvatar von HariSekhon

    HariSekhon/DevOps-Bash-tools

    8,062Auf GitHub ansehen↗

    DevOps-Bash-tools is a collection of shell scripts and aliases designed to automate cloud infrastructure, container orchestration, and CI/CD pipelines. It provides a comprehensive toolset for managing operational workflows through the command line. The project specializes in automating tasks across multiple platforms, including managing namespaces and secrets in Kubernetes, auditing resources in AWS and GCP, and triggering builds or managing environment variables in GitHub Actions, GitLab CI, and CircleCI. It also includes a toolkit for interacting with container registries to query manifests

    Provides utilities for auditing deployed cloud infrastructure configurations against security best practices.

    Shellapiawsbash
    Auf GitHub ansehen↗8,062
  • nccgroup/scoutsuiteAvatar von nccgroup

    nccgroup/ScoutSuite

    7,548Auf GitHub ansehen↗

    ScoutSuite is a multi-cloud security audit and configuration tool designed to identify security risks and misconfigurations across cloud environments. It functions as a security posture manager and compliance auditor, gathering resource metadata from cloud APIs to evaluate infrastructure against security benchmarks. The tool provides auditing capabilities for AWS, Google Cloud, DigitalOcean, and Kubernetes clusters and control planes. It distinguishes itself by decoupling data collection from analysis, allowing users to cache cloud configurations locally for offline auditing and iterative rul

    Provides a multi-cloud auditing tool to assess infrastructure configurations against security best practices.

    Pythonauditingawsazure
    Auf GitHub ansehen↗7,548
  • aquasecurity/tfsecAvatar von aquasecurity

    aquasecurity/tfsec

    7,013Auf GitHub ansehen↗

    tfsec is a static analysis tool and infrastructure as code linter designed to detect security misconfigurations and compliance violations in Terraform infrastructure code. It functions as a cloud security posture tool and policy enforcement engine that evaluates configurations against established security benchmarks. The tool provides multi-cloud security auditing for providers including AWS, Azure, Google Cloud, and Kubernetes, as well as specialized scanning for DigitalOcean, OpenStack, CloudStack, and GitHub configurations. It identifies insecure settings such as public access or unencrypt

    Audits infrastructure templates across AWS, Azure, and GCP to identify common security gaps.

    Go
    Auf GitHub ansehen↗7,013
  • tenable/terrascanAvatar von tenable

    tenable/terrascan

    5,210Auf GitHub ansehen↗

    Terrascan ist ein statisches Analysetool, das entwickelt wurde, um Infrastructure-as-Code-Konfigurationsdateien auf Sicherheitslücken und Compliance-Verstöße zu prüfen. Durch das Parsen dieser Dateien in eine Zwischenrepräsentation identifiziert es Risiken, bevor Cloud-Ressourcen bereitgestellt werden, und dient als Compliance-Auditor für Cloud-native Umgebungen. Das Tool fungiert als Policy-as-Code-Engine, die es Benutzern ermöglicht, benutzerdefinierte Sicherheitsregeln und Industriestandards mithilfe einer spezialisierten Abfragesprache zu definieren und durchzusetzen. Es zeichnet sich durch seine Fähigkeit aus, sich direkt in Entwicklungs- und Deployment-Workflows zu integrieren und automatisierte Sicherheitsleitplanken bereitzustellen, die nicht konforme Deployments über Exit-Code-basiertes Reporting blockieren können. Über die statische Analyse hinaus unterstützt die Plattform das Scannen von Container-Registries auf Schwachstellen, um bildbasierte Risiken mit Infrastrukturkonfigurationen zu korrelieren. Sie bietet zudem Monitoring für Konfigurationsabweichungen (Configuration Drift), um bereitgestellte Ressourcen gegen etablierte Sicherheits-Baselines zu verfolgen, sowie konfigurationsgesteuerte Unterdrückungsmechanismen zur Verwaltung von Richtlinien-Overrides und False Positives. Die Software bietet sowohl ein Command-Line-Interface für die lokale Entwicklungsvalidierung als auch eine netzwerkzugängliche Scanning-API für die Remote-Integration mit Drittsystemen und automatisierten Pipelines.

    Evaluates cloud configurations against security policies to identify risks and monitor for configuration drift.

    Go
    Auf GitHub ansehen↗5,210
  • cloudsploit/scansAvatar von cloudsploit

    cloudsploit/scans

    3,748Auf GitHub ansehen↗

    This project is a multi-cloud security auditor and configuration audit tool designed to identify misconfigurations and vulnerabilities across various cloud service provider environments. It functions as a cloud security posture management tool and a vulnerability remediation engine, allowing users to scan resources against security best practices and industry compliance standards. The system distinguishes itself by combining detection with a remediation engine that executes corrective actions to fix discovered security gaps. It employs a plugin-based audit engine and a provider-agnostic abstr

    Acts as a utility for capturing cloud provider API data and auditing it for security risks and compliance.

    JavaScript
    Auf GitHub ansehen↗3,748
  • ravikiranvm/aws-finops-dashboardAvatar von ravikiranvm

    ravikiranvm/aws-finops-dashboard

    1,259Auf GitHub ansehen↗

    This project is a terminal-based command-line interface designed for cloud financial operations, cost management, and infrastructure auditing. It provides a unified dashboard for visualizing AWS expenditure, tracking budget adherence, and monitoring resource utilization across multiple accounts and regions. The tool distinguishes itself by aggregating data from diverse cloud profiles into a single view, allowing for cross-account governance and detailed spending analysis. It supports automated reporting workflows, enabling users to generate cost and audit summaries in multiple file formats an

    Assesses cloud infrastructure configurations to identify untagged or underutilized resources.

    Python
    Auf GitHub ansehen↗1,259
  1. Home
  2. Security & Cryptography
  3. Cloud Auditing Tools

Unter-Tags erkunden

  • GCP Configuration AuditsAutomated security checks of Google Cloud Platform resource settings and access controls. **Distinct from Cloud Auditing Tools:** Specific to GCP infrastructure rather than generic cloud auditing tools.