# Cloud Asset Inventory and Audit Tools

> Search results for `map and audit all resources in a cloud account` on awesome-repositories.com. 116 total matches; showing the first 50.

Explore on the web: https://awesome-repositories.com/q/map-and-audit-all-resources-in-a-cloud-account

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/map-and-audit-all-resources-in-a-cloud-account).**

## Results

- [aws/aws-cdk](https://awesome-repositories.com/repository/aws-aws-cdk.md) (12,817 ⭐) — The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane.

The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It
- [cloud-custodian/cloud-custodian](https://awesome-repositories.com/repository/cloud-custodian-cloud-custodian.md) (6,011 ⭐) — Cloud Custodian is an open-source rules engine that uses declarative YAML policies to query, filter, and take automated actions on cloud resources for governance and compliance. It functions as a stateless policy execution engine, where each policy evaluation runs as an independent, idempotent operation without maintaining internal state between runs. Policies are defined using a YAML-based domain-specific language that structures rules as a query-filter-action pipeline.

The engine supports dry-run validation, allowing users to simulate policy actions against live resources without applying c
- [capitalone/cloud-custodian](https://awesome-repositories.com/repository/capitalone-cloud-custodian.md) (6,016 ⭐) — Cloud Custodian is a multi-cloud governance engine and policy enforcement tool designed to automate security, compliance, and cost optimization across various cloud providers. It functions as a rules engine that uses a declarative domain specific language to query cloud resources and execute corrective actions based on predefined filters.

The system operates as a serverless policy orchestrator, deploying provider-specific functions to trigger real-time enforcement in response to cloud resource changes. It provides a provider-agnostic resource abstraction to maintain consistent operational pol
- [gam-team/gam](https://awesome-repositories.com/repository/gam-team-gam.md) (4,206 ⭐) — GAM is a command-line tool for administering Google Workspace and Cloud Identity. It translates command-line arguments into structured API calls, enabling administrators to manage users, groups, organizational units, and domain settings across a Google Workspace environment. The tool handles authentication through OAuth2 flows, service accounts, and workload identity federation, and supports multi-tenant configurations for managing multiple domains or cloud projects from a single installation.

GAM distinguishes itself through its batch processing and automation capabilities. It can process la
- [alfresco/prowler](https://awesome-repositories.com/repository/alfresco-prowler.md) (14,005 ⭐) — Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard.

The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories.

The platform cove
- [welldone-cloud/aws-list-resources](https://awesome-repositories.com/repository/welldone-cloud-aws-list-resources.md) (184 ⭐) — Uses the AWS Cloud Control API to list resources that are present in a given AWS account and region(s). Discovered resources are written to a JSON result file.
- [nccgroup/scoutsuite](https://awesome-repositories.com/repository/nccgroup-scoutsuite.md) (7,548 ⭐) — ScoutSuite is a multi-cloud security audit and configuration tool designed to identify security risks and misconfigurations across cloud environments. It functions as a security posture manager and compliance auditor, gathering resource metadata from cloud APIs to evaluate infrastructure against security benchmarks.

The tool provides auditing capabilities for AWS, Google Cloud, DigitalOcean, and Kubernetes clusters and control planes. It distinguishes itself by decoupling data collection from analysis, allowing users to cache cloud configurations locally for offline auditing and iterative rul
- [accounts-js/accounts](https://awesome-repositories.com/repository/accounts-js-accounts.md) (1,501 ⭐) — Fullstack authentication and accounts-management for GraphQL and REST.
- [grafana/grafana](https://awesome-repositories.com/repository/grafana-grafana.md) (74,456 ⭐) — Grafana is an observability data platform designed to aggregate metrics, logs, and traces from diverse sources into a unified environment. It functions as a centralized interface for visualizing complex telemetry data, transforming raw streams into interactive dashboards that support real-time system health tracking and performance monitoring.

The platform distinguishes itself through a plugin-based modular architecture that integrates disparate databases, cloud services, and monitoring tools via a standardized data abstraction layer. This framework allows for the dynamic loading of external
- [nextcloud/all-in-one](https://awesome-repositories.com/repository/nextcloud-all-in-one.md) (9,082 ⭐) — all-in-one is a containerized deployment system designed to install and manage a complete suite of productivity and collaboration services. It functions as a cloud suite deployer that orchestrates the installation of a self-hosted content platform, incorporating necessary dependencies via Docker or Kubernetes.

The project distinguishes itself by providing a web-based dashboard for orchestrating, updating, and monitoring the lifecycle of service containers. It also serves as a local AI inference server, enabling the execution of generative text models, image diffusion, and speech processing on
- [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain.

The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai
- [elastic/elasticsearch](https://awesome-repositories.com/repository/elastic-elasticsearch.md) (77,012 ⭐) — Elasticsearch is a distributed search engine and document store designed for the high-performance indexing and retrieval of massive volumes of unstructured data. It functions as a centralized analytics platform, providing a schema-flexible architecture that organizes information into searchable indices while maintaining global cluster state through a distributed consensus mechanism.

The platform distinguishes itself through its integrated approach to observability, security, and advanced analytics. It combines full-text, vector, and hybrid search capabilities with machine learning-driven insi
- [ravikiranvm/aws-finops-dashboard](https://awesome-repositories.com/repository/ravikiranvm-aws-finops-dashboard.md) (1,259 ⭐) — This project is a terminal-based command-line interface designed for cloud financial operations, cost management, and infrastructure auditing. It provides a unified dashboard for visualizing AWS expenditure, tracking budget adherence, and monitoring resource utilization across multiple accounts and regions.

The tool distinguishes itself by aggregating data from diverse cloud profiles into a single view, allowing for cross-account governance and detailed spending analysis. It supports automated reporting workflows, enabling users to generate cost and audit summaries in multiple file formats an
- [gebalamariusz/cloud-audit](https://awesome-repositories.com/repository/gebalamariusz-cloud-audit.md) (60 ⭐) — Fast, opinionated AWS security scanner. Curated checks. Zero noise. Copy-paste fixes.
- [clickhouse/clickhouse](https://awesome-repositories.com/repository/clickhouse-clickhouse.md) (48,229 ⭐) — ClickHouse is a high-performance, columnar analytical database designed for real-time query execution and large-scale data aggregation. It functions as a distributed data warehouse capable of processing petabytes of information, while also providing an embedded engine that integrates directly into applications for native query capabilities without external dependencies. The system is built to handle high-throughput ingestion and complex analytical workloads, delivering millisecond-level latency for interactive dashboards and operational monitoring.

The platform distinguishes itself through ad
- [showlab/all-in-one](https://awesome-repositories.com/repository/showlab-all-in-one.md) (281 ⭐) — https://paperswithcode.com/sota/visual-question-answering-on-msrvtt-qa-1?p=all-in-one-exploring-unified-video-language)
- [pulumi/pulumi](https://awesome-repositories.com/repository/pulumi-pulumi.md) (24,797 ⭐) — Pulumi is an infrastructure-as-code framework that enables the definition, deployment, and management of cloud resources using general-purpose programming languages. It functions as a cloud resource orchestrator that coordinates the lifecycle of heterogeneous infrastructure by executing code to construct dependency graphs and reconciling the desired state against actual cloud environments.

The platform distinguishes itself through a language-host runtime bridge that allows developers to use standard programming languages to define infrastructure, rather than relying solely on domain-specific
- [chatwoot/chatwoot](https://awesome-repositories.com/repository/chatwoot-chatwoot.md) (31,959 ⭐) — Chatwoot is a self-hosted, omnichannel customer support platform designed to aggregate messages from diverse social and digital channels into a single, collaborative team inbox. It provides organizations with full data ownership and control over their support infrastructure, ensuring strict logical separation of customer data through multi-tenant architecture. By centralizing communication, the platform enables teams to manage, route, and resolve inquiries within a unified workspace that maintains complete interaction history for every contact.

The platform distinguishes itself through an eve
- [gravitl/netmaker](https://awesome-repositories.com/repository/gravitl-netmaker.md) (11,630 ⭐) — Netmaker is a platform for automating and managing virtual mesh networks built on WireGuard. It functions as a centralized control plane that orchestrates encrypted, peer-to-peer tunnels across distributed infrastructure, including cloud environments, on-premise data centers, and containerized clusters. By automating the configuration of routing tables and access policies, the system enables secure, private connectivity between diverse devices and services without requiring manual network administration.

The platform distinguishes itself through its focus on zero-trust network access and soft
- [tenable/terrascan](https://awesome-repositories.com/repository/tenable-terrascan.md) (5,210 ⭐) — Terrascan is a static analysis tool designed to evaluate infrastructure-as-code configuration files for security vulnerabilities and compliance violations. By parsing these files into an intermediate representation, it identifies risks before cloud resources are provisioned, serving as a compliance auditor for cloud-native environments.

The tool functions as a policy-as-code engine, allowing users to define and enforce custom security rules and industry benchmarks using a specialized query language. It distinguishes itself through its ability to integrate directly into development and deploym
- [datawhalechina/all-in-rag](https://awesome-repositories.com/repository/datawhalechina-all-in-rag.md) (3,989 ⭐) — This project is a retrieval augmented generation framework designed to build pipelines that connect unstructured data and knowledge graphs with large language models. It functions as a vector database orchestrator for indexing text and multimodal content, as well as a system for translating natural language queries into structured database commands.

The framework integrates a hybrid retrieval engine that combines dense vector search with sparse keyword matching to increase the precision of retrieved contexts. It further enhances reasoning and relationship mapping through a graph-augmented ret
- [welldone-cloud/aws-summarize-account-activity](https://awesome-repositories.com/repository/welldone-cloud-aws-summarize-account-activity.md) (165 ⭐) — Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used.
- [aquasecurity/tfsec](https://awesome-repositories.com/repository/aquasecurity-tfsec.md) (7,013 ⭐) — tfsec is a static analysis tool and infrastructure as code linter designed to detect security misconfigurations and compliance violations in Terraform infrastructure code. It functions as a cloud security posture tool and policy enforcement engine that evaluates configurations against established security benchmarks.

The tool provides multi-cloud security auditing for providers including AWS, Azure, Google Cloud, and Kubernetes, as well as specialized scanning for DigitalOcean, OpenStack, CloudStack, and GitHub configurations. It identifies insecure settings such as public access or unencrypt
- [hoppscotch/hoppscotch](https://awesome-repositories.com/repository/hoppscotch-hoppscotch.md) (79,618 ⭐) — Hoppscotch is an open-source API development ecosystem designed for building, testing, and debugging REST, GraphQL, and real-time APIs. It provides a unified platform that functions across web browsers, desktop applications, and command-line interfaces, allowing developers to manage the entire API lifecycle from a single environment.

The platform distinguishes itself through a highly interactive, command-driven interface that utilizes a global spotlight palette and keyboard shortcuts to streamline complex workflows. It supports advanced request manipulation and validation by executing JavaScr
- [toniblyx/prowler](https://awesome-repositories.com/repository/toniblyx-prowler.md) (14,005 ⭐) — Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities.

The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths.

Capabilities include automated cloud infrast
- [quanxiang-cloud/one-for-all](https://awesome-repositories.com/repository/quanxiang-cloud-one-for-all.md) (23 ⭐) — Core packages for QuanXiang Cloud frontend. Including Artery Engine, Artery Renderer and Headless UI, etc.
- [boto/boto3](https://awesome-repositories.com/repository/boto-boto3.md) (9,834 ⭐) — Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage.

The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and contain
- [gruntwork-io/cloud-nuke](https://awesome-repositories.com/repository/gruntwork-io-cloud-nuke.md) (3,156 ⭐) — A tool for cleaning up your cloud accounts by nuking (deleting) all resources within it
- [bitwarden/clients](https://awesome-repositories.com/repository/bitwarden-clients.md) (13,114 ⭐) — This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments.

The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server.
- [b3nac/android-reports-and-resources](https://awesome-repositories.com/repository/b3nac-android-reports-and-resources.md) (1,692 ⭐) — A big list of Android Hackerone disclosed reports and other resources.
- [dxa4481/trufflehog](https://awesome-repositories.com/repository/dxa4481-trufflehog.md) (26,790 ⭐) — TruffleHog is a secret scanning tool designed to identify leaked credentials and API keys across version control systems, cloud storage, and filesystems. It functions as a git secret detector that enumerates hidden commits and a cloud storage security auditor for inspecting container images and storage buckets.

The project is distinguished by a credential verification engine that tests discovered secrets against service APIs to confirm they are active, which eliminates false positive alerts. It further analyzes these verified credentials to determine the specific access levels and resources t
- [bitwarden/server](https://awesome-repositories.com/repository/bitwarden-server.md) (18,074 ⭐) — This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials.

The platform distinguishes itself through its focus on both human-centric security and aut
- [cube-js/cube](https://awesome-repositories.com/repository/cube-js-cube.md) (20,251 ⭐) — Cube is a semantic data layer that provides a unified framework for defining business metrics, dimensions, and relationships across diverse data sources. By acting as a headless business intelligence engine, it transforms raw data into a governed model that can be queried via SQL, REST, and GraphQL interfaces. This architecture ensures consistent data definitions and logic across all downstream analytical applications and reporting tools.

The platform distinguishes itself through its integrated conversational AI capabilities, which allow users to explore data using natural language. It orches
- [coollabsio/coolify](https://awesome-repositories.com/repository/coollabsio-coolify.md) (57,055 ⭐) — This project is a self-hosted platform-as-a-service that provides a centralized management interface for deploying, configuring, and monitoring containerized applications and databases on private infrastructure. It functions as a visual control plane, automating the end-to-end lifecycle of services from source code to production. By managing container orchestration, networking, and resource allocation, it allows users to maintain full control over their own hardware while streamlining the delivery of software.

The platform distinguishes itself through its agentless architecture, which uses se
- [collectiveidea/audited](https://awesome-repositories.com/repository/collectiveidea-audited.md) (3,491 ⭐) — Audited is a Ruby on Rails audit log library and change data capture framework. It tracks model changes by recording previous and current attribute values during create, update, and destroy operations to maintain a complete history of database modifications.

The system functions as a database versioning tool and user activity tracker. It allows for the retrieval of historical record states by timestamp or index, enables reverting models to previous versions, and associates record modifications with specific user identities and remote IP addresses.

The library includes capabilities for sensit
- [harisekhon/devops-bash-tools](https://awesome-repositories.com/repository/harisekhon-devops-bash-tools.md) (8,062 ⭐) — DevOps-Bash-tools is a collection of shell scripts and aliases designed to automate cloud infrastructure, container orchestration, and CI/CD pipelines. It provides a comprehensive toolset for managing operational workflows through the command line.

The project specializes in automating tasks across multiple platforms, including managing namespaces and secrets in Kubernetes, auditing resources in AWS and GCP, and triggering builds or managing environment variables in GitHub Actions, GitLab CI, and CircleCI. It also includes a toolkit for interacting with container registries to query manifests
- [daytonaio/daytona](https://awesome-repositories.com/repository/daytonaio-daytona.md) (72,416 ⭐) — Daytona is a cloud-native development environment platform designed to orchestrate ephemeral, containerized workspaces. It provides a centralized system for managing reproducible coding environments as code, ensuring consistency across distributed teams by abstracting the underlying infrastructure. By utilizing declarative configuration, the platform automates the entire lifecycle of development sandboxes, from initial provisioning to resource governance.

The platform distinguishes itself through its infrastructure-agnostic runner layer, which allows development environments to be deployed ac
- [prowler-cloud/prowler](https://awesome-repositories.com/repository/prowler-cloud-prowler.md) (13,049 ⭐) — Prowler is an automated cloud infrastructure security scanner and posture management tool. It evaluates cloud environments and infrastructure-as-code templates against security benchmarks to identify misconfigurations, vulnerabilities, and compliance gaps that could compromise system integrity.

The platform distinguishes itself through graph-based attack path analysis, which identifies chains of misconfigurations that create exploitable routes for unauthorized access. It utilizes a plugin-based execution model to perform state-based assessments of live environments and static analysis of conf
- [tech-audit/smart-contract-audits](https://awesome-repositories.com/repository/tech-audit-smart-contract-audits.md) (95 ⭐) — Smart Contract security audit reports
- [flarum/framework](https://awesome-repositories.com/repository/flarum-framework.md) (6,727 ⭐) — This project is a self-hosted forum software and extensible community platform designed to facilitate online discussions and member engagement. It functions as a REST API discussion engine, providing a backend that manages community interactions and forum data via a standardized JSON interface for external applications.

The platform is distinguished by a modular architecture that allows for deep customization through a package-based extension system and an interface extension framework. It employs an extender-based customization model, enabling external modules to modify internal system behav
- [trufflesecurity/trufflehog](https://awesome-repositories.com/repository/trufflesecurity-trufflehog.md) (24,630 ⭐) — Trufflehog is a security tool designed to continuously monitor code repositories and cloud environments to detect, verify, and remediate exposed sensitive credentials and API keys. It functions as a comprehensive secret scanning engine that integrates directly into deployment pipelines and version control systems to intercept sensitive data before it is committed or pushed. By utilizing read-only operations and volatile memory processing, the system ensures that discovered credentials are never stored persistently, maintaining strict data privacy throughout the scanning lifecycle.

The platfor
- [slowmist/account-abstraction-security-audit-checklist](https://awesome-repositories.com/repository/slowmist-account-abstraction-security-audit-checklist.md) (0 ⭐)
- [flarum/core](https://awesome-repositories.com/repository/flarum-core.md) (6,729 ⭐) — This project is a self-hosted community engine and forum software designed for hosting threaded discussions. It functions as a JSON API community platform, exposing all data and functionality through a standardized interface to support a single-page application architecture. The system is built to be a multi-language discussion board with integrated localization and language pack support.

The platform is defined by a modular architecture that allows for extensive customization through an extension-based plugin system. This extensibility enables the modification of core behavior, the addition
- [elastic/detection-rules](https://awesome-repositories.com/repository/elastic-detection-rules.md) (2,508 ⭐) — This project is a detection-as-code framework providing a library of security monitoring rules and predefined detection content for Elasticsearch data indices. It serves as a threat detection rule library designed to identify malicious activity and attack patterns across diverse data streams in cloud and on-premises environments.

The framework implements a detection engineering workflow where rules are defined in YAML and managed as versioned code. It includes a set of command-line utilities for automated rule deployment, metadata searching, and template generation, supported by a Python-base
- [projectdiscovery/subfinder](https://awesome-repositories.com/repository/projectdiscovery-subfinder.md) (13,105 ⭐) — Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint.

The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orc
- [cockroachdb/cockroach](https://awesome-repositories.com/repository/cockroachdb-cockroach.md) (32,207 ⭐) — Cockroach is a distributed SQL database designed to scale horizontally across multiple nodes while maintaining strict ACID compliance and global data consistency. It functions as a relational database engine that automatically partitions data into ranges, rebalancing them across a cluster to accommodate growing storage and throughput requirements. By utilizing a distributed consensus protocol, the system ensures that all nodes agree on the order of operations, providing fault tolerance and continuous availability even in the event of hardware failures.

The system distinguishes itself through
- [dragondrop-cloud/cloud-concierge](https://awesome-repositories.com/repository/dragondrop-cloud-cloud-concierge.md) (245 ⭐) — "Terraform best practices as a Pull Request." Codify resources outside of Terraform control, detect drift, estimate cloud costs, identify security risks, and more.
- [wazuh/wazuh](https://awesome-repositories.com/repository/wazuh-wazuh.md) (14,779 ⭐) — Wazuh is an integrated security platform that combines endpoint detection and response, security information and event management, and cloud workload protection. It functions as a centralized system for collecting telemetry, aggregating logs, and correlating events across distributed infrastructure to maintain security and integrity.

The platform distinguishes itself through its active response orchestration, which allows for the automated execution of scripts on remote endpoints to neutralize threats in real time. It provides deep visibility into system activity through file integrity monito
- [astraadev/discord-all-tools-in-one](https://awesome-repositories.com/repository/astraadev-discord-all-tools-in-one.md) (1,055 ⭐) — ATIO is a AIO Script Developed with Python3. It gathers a total of 23 Discord tools (including a RAT, a Raid Tool, a Token Grabber, a Crash Video Maker, etc). It has a pleasant and intuitive interface to facilitate the use of all with help and explanations for each of them.
- [dokploy/dokploy](https://awesome-repositories.com/repository/dokploy-dokploy.md) (34,901 ⭐) — Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool.

The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It sup
