14 Repos
Utilities for assessing cloud infrastructure configurations against security best practices.
Distinguishing note: Focuses on auditing existing cloud environments rather than scanning local files.
Explore 14 awesome GitHub repositories matching security & cryptography · Cloud Auditing Tools. Refine with filters or upvote what's useful.
Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai
Assesses cloud platform configurations against security best practices to identify exposure.
TruffleHog is a secret scanning tool designed to identify leaked credentials and API keys across version control systems, cloud storage, and filesystems. It functions as a git secret detector that enumerates hidden commits and a cloud storage security auditor for inspecting container images and storage buckets. The project is distinguished by a credential verification engine that tests discovered secrets against service APIs to confirm they are active, which eliminates false positive alerts. It further analyzes these verified credentials to determine the specific access levels and resources t
Scans Docker images, cloud storage buckets, and database clusters for embedded secrets and sensitive configuration data.
Pulumi is an infrastructure-as-code framework that enables the definition, deployment, and management of cloud resources using general-purpose programming languages. It functions as a cloud resource orchestrator that coordinates the lifecycle of heterogeneous infrastructure by executing code to construct dependency graphs and reconciling the desired state against actual cloud environments. The platform distinguishes itself through a language-host runtime bridge that allows developers to use standard programming languages to define infrastructure, rather than relying solely on domain-specific
Scans and indexes existing cloud resources across accounts and regions for governance and compliance monitoring.
Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast
Scans cloud environments to identify security misconfigurations and vulnerabilities across multiple providers.
Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform cove
Automates security checks across multiple cloud providers to identify vulnerabilities and infrastructure misconfigurations.
Prowler is an automated cloud infrastructure security scanner and posture management tool. It evaluates cloud environments and infrastructure-as-code templates against security benchmarks to identify misconfigurations, vulnerabilities, and compliance gaps that could compromise system integrity. The platform distinguishes itself through graph-based attack path analysis, which identifies chains of misconfigurations that create exploitable routes for unauthorized access. It utilizes a plugin-based execution model to perform state-based assessments of live environments and static analysis of conf
Scans cloud infrastructure configurations against security benchmarks and industry best practices to identify vulnerabilities.
The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It
Records and logs API activity within cloud accounts to provide a detailed audit trail of infrastructure changes.
Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage. The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and contain
AWS retrieves check descriptions and triggers manual refreshes of optimization checks.
DevOps-Bash-tools is a collection of shell scripts and aliases designed to automate cloud infrastructure, container orchestration, and CI/CD pipelines. It provides a comprehensive toolset for managing operational workflows through the command line. The project specializes in automating tasks across multiple platforms, including managing namespaces and secrets in Kubernetes, auditing resources in AWS and GCP, and triggering builds or managing environment variables in GitHub Actions, GitLab CI, and CircleCI. It also includes a toolkit for interacting with container registries to query manifests
Provides utilities for auditing deployed cloud infrastructure configurations against security best practices.
ScoutSuite is a multi-cloud security audit and configuration tool designed to identify security risks and misconfigurations across cloud environments. It functions as a security posture manager and compliance auditor, gathering resource metadata from cloud APIs to evaluate infrastructure against security benchmarks. The tool provides auditing capabilities for AWS, Google Cloud, DigitalOcean, and Kubernetes clusters and control planes. It distinguishes itself by decoupling data collection from analysis, allowing users to cache cloud configurations locally for offline auditing and iterative rul
Provides a multi-cloud auditing tool to assess infrastructure configurations against security best practices.
tfsec is a static analysis tool and infrastructure as code linter designed to detect security misconfigurations and compliance violations in Terraform infrastructure code. It functions as a cloud security posture tool and policy enforcement engine that evaluates configurations against established security benchmarks. The tool provides multi-cloud security auditing for providers including AWS, Azure, Google Cloud, and Kubernetes, as well as specialized scanning for DigitalOcean, OpenStack, CloudStack, and GitHub configurations. It identifies insecure settings such as public access or unencrypt
Audits infrastructure templates across AWS, Azure, and GCP to identify common security gaps.
Terrascan ist ein statisches Analysetool, das entwickelt wurde, um Infrastructure-as-Code-Konfigurationsdateien auf Sicherheitslücken und Compliance-Verstöße zu prüfen. Durch das Parsen dieser Dateien in eine Zwischenrepräsentation identifiziert es Risiken, bevor Cloud-Ressourcen bereitgestellt werden, und dient als Compliance-Auditor für Cloud-native Umgebungen. Das Tool fungiert als Policy-as-Code-Engine, die es Benutzern ermöglicht, benutzerdefinierte Sicherheitsregeln und Industriestandards mithilfe einer spezialisierten Abfragesprache zu definieren und durchzusetzen. Es zeichnet sich durch seine Fähigkeit aus, sich direkt in Entwicklungs- und Deployment-Workflows zu integrieren und automatisierte Sicherheitsleitplanken bereitzustellen, die nicht konforme Deployments über Exit-Code-basiertes Reporting blockieren können. Über die statische Analyse hinaus unterstützt die Plattform das Scannen von Container-Registries auf Schwachstellen, um bildbasierte Risiken mit Infrastrukturkonfigurationen zu korrelieren. Sie bietet zudem Monitoring für Konfigurationsabweichungen (Configuration Drift), um bereitgestellte Ressourcen gegen etablierte Sicherheits-Baselines zu verfolgen, sowie konfigurationsgesteuerte Unterdrückungsmechanismen zur Verwaltung von Richtlinien-Overrides und False Positives. Die Software bietet sowohl ein Command-Line-Interface für die lokale Entwicklungsvalidierung als auch eine netzwerkzugängliche Scanning-API für die Remote-Integration mit Drittsystemen und automatisierten Pipelines.
Evaluates cloud configurations against security policies to identify risks and monitor for configuration drift.
This project is a multi-cloud security auditor and configuration audit tool designed to identify misconfigurations and vulnerabilities across various cloud service provider environments. It functions as a cloud security posture management tool and a vulnerability remediation engine, allowing users to scan resources against security best practices and industry compliance standards. The system distinguishes itself by combining detection with a remediation engine that executes corrective actions to fix discovered security gaps. It employs a plugin-based audit engine and a provider-agnostic abstr
Acts as a utility for capturing cloud provider API data and auditing it for security risks and compliance.
This project is a terminal-based command-line interface designed for cloud financial operations, cost management, and infrastructure auditing. It provides a unified dashboard for visualizing AWS expenditure, tracking budget adherence, and monitoring resource utilization across multiple accounts and regions. The tool distinguishes itself by aggregating data from diverse cloud profiles into a single view, allowing for cross-account governance and detailed spending analysis. It supports automated reporting workflows, enabling users to generate cost and audit summaries in multiple file formats an
Assesses cloud infrastructure configurations to identify untagged or underutilized resources.