awesome-repositories.com
Blog
awesome-repositories.com

Descubre los mejores repositorios open-source con nuestra búsqueda potenciada por IA.

ExplorarBúsquedas curadasAlternativas open-sourceSoftware autohospedableBlogMapa del sitio
ProyectoAcerca deCómo clasificamosPrensaServidor MCP
Aviso legalPrivacidadTérminos
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

13 repositorios

Awesome GitHub RepositoriesCloud Security Posture Management

Platforms for tracking and visualizing the security state of cloud accounts to prioritize risk.

Distinct from Cloud Security: Specific to CSPM (Posture Management) which is a distinct discipline from general cloud security monitoring

Explore 13 awesome GitHub repositories matching security & cryptography · Cloud Security Posture Management. Refine with filters or upvote what's useful.

Awesome Cloud Security Posture Management GitHub Repositories

Encuentra los mejores repositorios con IA.Buscaremos los repositorios que mejor coincidan usando IA.
  • alfresco/prowlerAvatar de Alfresco

    Alfresco/prowler

    14,005Ver en GitHub↗

    Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform cove

    Provides a comprehensive platform for tracking, visualizing, and managing the security posture of multi-cloud environments.

    Python
    Ver en GitHub↗14,005
  • aquasecurity/kube-benchAvatar de aquasecurity

    aquasecurity/kube-bench

    8,078Ver en GitHub↗

    kube-bench is a Kubernetes security benchmark scanner and configuration auditor. It verifies if a cluster adheres to the Center for Internet Security standards and other hardening guides to identify security misconfigurations and vulnerabilities. The tool operates as a containerized security scanner, utilizing host namespaces to analyze nodes and control plane components without requiring the installation of binaries directly on the host. It supports multiple Kubernetes distributions, applying environment-specific benchmarks to ensure auditing accuracy for managed services. The project cover

    Exports scan results in standardized formats for integration with cloud security posture management platforms.

    Go
    Ver en GitHub↗8,078
  • nccgroup/scoutsuiteAvatar de nccgroup

    nccgroup/ScoutSuite

    7,548Ver en GitHub↗

    ScoutSuite is a multi-cloud security audit and configuration tool designed to identify security risks and misconfigurations across cloud environments. It functions as a security posture manager and compliance auditor, gathering resource metadata from cloud APIs to evaluate infrastructure against security benchmarks. The tool provides auditing capabilities for AWS, Google Cloud, DigitalOcean, and Kubernetes clusters and control planes. It distinguishes itself by decoupling data collection from analysis, allowing users to cache cloud configurations locally for offline auditing and iterative rul

    Gathers cloud configuration data to track and visualize the security posture of cloud accounts.

    Pythonauditingawsazure
    Ver en GitHub↗7,548
  • cloudquery/cloudqueryAvatar de cloudquery

    cloudquery/cloudquery

    6,438Ver en GitHub↗

    CloudQuery is a cloud infrastructure ETL tool and multi-cloud data pipeline designed to collect, synchronize, and normalize resource metadata from various cloud providers and SaaS platforms. It functions as a centralized asset inventory manager and security posture manager, extracting configuration and state data into relational databases, data lakes, or data warehouses. The system distinguishes itself by transforming complex, nested cloud API responses into flat relational tables, enabling the use of standard SQL for asset querying and analysis. It employs a modular plugin system for data ex

    Identifies misconfigured cloud resources and security vulnerabilities to manage and improve the overall security posture.

    Goairbyteattack-surface-managementaws
    Ver en GitHub↗6,438
  • microsoft/security-101Avatar de microsoft

    microsoft/Security-101

    6,203Ver en GitHub↗

    Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do

    Teaches cloud security posture management concepts as part of a foundational cybersecurity curriculum.

    HTMLappseccia-triaddata-protection
    Ver en GitHub↗6,203
  • snyk/snykAvatar de snyk

    snyk/snyk

    5,586Ver en GitHub↗

    Snyk is an application security testing platform designed to identify and remediate vulnerabilities across source code, open-source dependencies, container images, and infrastructure-as-code configurations. It functions as a comprehensive security workflow automation tool, utilizing a static analysis engine and dependency graph mapping to detect security flaws and license compliance issues throughout the software development lifecycle. The platform distinguishes itself through agentic workflow orchestration and an automated remediation pipeline that generates and submits pull requests to patc

    Monitors and governs artificial intelligence systems, including models and data sources, to ensure security and compliance.

    TypeScript
    Ver en GitHub↗5,586
  • netflix/security_monkeyAvatar de Netflix

    Netflix/security_monkey

    4,370Ver en GitHub↗

    Security Monkey is a cloud security posture management tool and configuration auditor. It functions as a monitoring platform that tracks cloud assets and records state changes to identify when security policies are altered or insecure configurations are introduced. The system maintains a multi-cloud asset inventory, tracking resources across AWS, GCP, OpenStack, and GitHub organizations. It provides a centralized interface for searching and browsing assets across multiple cloud providers and regions. The platform covers cloud security auditing and infrastructure change tracking by comparing

    Tracks and visualizes the security state of cloud accounts to detect insecure configurations and prioritize risk.

    Pythonawsaws-ec2aws-iam
    Ver en GitHub↗4,370
  • hashicorp/ottoAvatar de hashicorp

    hashicorp/otto

    4,241Ver en GitHub↗

    Otto es una plataforma de orquestación de nube híbrida diseñada para aprovisionar infraestructura y desplegar cargas de trabajo de aplicaciones a través de diversos entornos de nube utilizando infraestructura como código. Funciona como un aprovisionador de infraestructura como código que automatiza el despliegue de recursos consistentes a través de flujos de trabajo basados en políticas. El proyecto incluye una malla de servicios (service mesh) de nube híbrida para gestionar el descubrimiento de servicios y la comunicación segura entre aplicaciones, así como un controlador de acceso basado en identidad para gestionar secretos y aplicar controles de acceso granulares. También cuenta con un grafo de conocimiento de infraestructura que mapea los estados híbridos para visualizar dependencias e identificar oportunidades de remediación operativa. La plataforma cubre amplias áreas de capacidad, incluyendo la entrega automatizada de aplicaciones para microservicios y aplicaciones monolíticas, aprovisionamiento de infraestructura de nube híbrida y acceso seguro a la red mediante proxy consciente de la identidad. Además, proporciona herramientas para gestionar imágenes de máquinas y orquestar el escalado de cargas de trabajo a través de varios entornos.

    Manages the security posture of hybrid cloud accounts using identity-based controls and secrets management.

    HTML
    Ver en GitHub↗4,241
  • mlabouardy/komiserAvatar de mlabouardy

    mlabouardy/komiser

    4,133Ver en GitHub↗

    Komiser es un inspector de infraestructura multi-nube y gestor de inventario de activos. Proporciona un sistema centralizado para auditar, catalogar y analizar servicios y activos desplegados en entornos AWS, GCP y Azure. El proyecto transforma esquemas de recursos dispares de diferentes proveedores de nube en una representación estructural unificada a través de una arquitectura de plugins basada en proveedores. Utiliza inspección de API sin agentes y descubrimiento de recursos basado en sondeo para recuperar metadatos y estados de configuración sin requerir agentes en los recursos objetivo. La plataforma cubre la gestión financiera mediante la agregación de costos y el análisis de gastos, la auditoría de recursos para identificar activos inactivos o sin etiquetas, y la gestión de la postura de seguridad para detectar vulnerabilidades y configuraciones erróneas de la infraestructura.

    Tracks and visualizes the security state of cloud accounts to detect vulnerabilities and prioritize risk.

    Go
    Ver en GitHub↗4,133
  • lyft/cartographyAvatar de lyft

    lyft/cartography

    3,926Ver en GitHub↗

    Cartography es un framework de visualización de infraestructura y análisis de seguridad basado en grafos. Ingiere datos de diversos proveedores de nube, identidad y software-as-a-service para modelar relaciones complejas entre recursos, usuarios y hallazgos de seguridad dentro de una base de datos de grafos centralizada. Al mapear estas interdependencias, la plataforma permite a las organizaciones obtener visibilidad de su entorno e identificar posibles riesgos de seguridad mediante consultas de recorrido de grafos. La plataforma se distingue por su normalización basada en ontologías y correlación de entidades multiplataforma, que mapean datos heterogéneos de múltiples fuentes en un modelo unificado y consistente. Emplea pipelines de ingestión modulares y filtrado basado en esquemas para mantener este grafo, asegurando que los datos de infraestructura permanezcan precisos mediante la poda automatizada basada en el estado de nodos obsoletos. Este enfoque permite el descubrimiento de rutas de ataque complejas y configuraciones de seguridad erróneas que abarcan sistemas dispares de nube, dispositivos y gestión de identidades. Más allá del modelado central, el sistema proporciona capacidades extensas para el inventario de activos, gobernanza de identidades y análisis de la cadena de suministro de software. Admite una amplia gama de integraciones, incluyendo recursos de computación y redes nativos de la nube, telemetría de gestión de endpoints y metadatos del ciclo de vida de desarrollo. Los usuarios pueden extender la funcionalidad de la plataforma definiendo reglas de seguridad personalizadas, añadiendo trabajos de análisis de datos especializados o integrando nuevas fuentes de inteligencia a través de su framework modular. El proyecto está implementado en Python y proporciona documentación para configurar módulos de ingestión y definir consultas de grafos personalizadas.

    Identifies attack paths and security misconfigurations by analyzing infrastructure relationships in a graph database.

    Python
    Ver en GitHub↗3,926
  • cloudsploit/scansAvatar de cloudsploit

    cloudsploit/scans

    3,748Ver en GitHub↗

    This project is a multi-cloud security auditor and configuration audit tool designed to identify misconfigurations and vulnerabilities across various cloud service provider environments. It functions as a cloud security posture management tool and a vulnerability remediation engine, allowing users to scan resources against security best practices and industry compliance standards. The system distinguishes itself by combining detection with a remediation engine that executes corrective actions to fix discovered security gaps. It employs a plugin-based audit engine and a provider-agnostic abstr

    Provides a comprehensive platform for scanning and managing the security posture of multi-cloud environments.

    JavaScript
    Ver en GitHub↗3,748
  • aquasecurity/cloudsploitAvatar de aquasecurity

    aquasecurity/cloudsploit

    3,705Ver en GitHub↗

    Cloudsploit is a cloud security posture management tool and multi-cloud security auditor. It audits cloud infrastructure for misconfigurations and compliance risks across multiple providers, specifically AWS and Azure, by evaluating resource configurations against a set of security plugins. The project functions as a cloud compliance scanner that maps infrastructure scan results to regulatory frameworks and security policy standards. It also serves as an automated cloud remediation tool, executing corrective actions to fix detected misconfigurations via SDK calls. The system covers resource

    Provides a centralized platform for tracking and visualizing the security posture of AWS and Azure environments.

    JavaScriptalibabaaquaaws
    Ver en GitHub↗3,705
  • elastic/detection-rulesAvatar de elastic

    elastic/detection-rules

    2,508Ver en GitHub↗

    This project is a detection-as-code framework providing a library of security monitoring rules and predefined detection content for Elasticsearch data indices. It serves as a threat detection rule library designed to identify malicious activity and attack patterns across diverse data streams in cloud and on-premises environments. The framework implements a detection engineering workflow where rules are defined in YAML and managed as versioned code. It includes a set of command-line utilities for automated rule deployment, metadata searching, and template generation, supported by a Python-base

    Assesses security posture and workload sessions across cloud and Kubernetes environments.

    Pythonthreat-detectionthreat-hunting
    Ver en GitHub↗2,508
  1. Home
  2. Security & Cryptography
  3. Cloud Security Posture Management

Explorar subetiquetas

  • AI Security Posture ManagementPlatforms for monitoring and governing the security state of artificial intelligence models and infrastructure. **Distinct from Cloud Security Posture Management:** Distinct from Cloud Security Posture Management: focuses specifically on AI models and data sources rather than cloud infrastructure.
  • CurriculaStructured educational paths and courses for learning cloud security concepts and practices. **Distinct from Cloud Security Posture Management:** Distinct from Cloud Security Posture Management: focuses on teaching cloud security concepts rather than assessing or enforcing cloud configurations.