We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
checkov - Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew
- 183
Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, Kubernetes, Dockerfile, Serverless or ARM Templates and detects security and compliance misconfigurations using graph-based scanning.
https://www.checkov.io/https://github.com/bridgecrewio/checkov
| Tags | kubernetes aws devops cloudformation azure terraform static-analysis gcp infrastructure-as-code scans compliance helm-charts aws-security devsecops azure-security policy-as-code gcp-security kubernetes-security terraform-security |
| Implementation | Python |
| License | Apache |
| Platform | Windows Linux |
Related Projects
regula - Regula checks infrastructure as code templates (Terraform, CloudFormation) for AWS, Azure and Google Cloud security and compliance using Open Policy Agent/Rego
Regula is a tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment. Regula includes a library of rules written in Rego, the policy language used by the Open Policy Agent (OPA) project. Regula works with your favorite CI/CD tools such as Jenkins, Circle CI, and AWS CodePipeline; we’ve included a GitHub Actions example so you can get started quickly. Where relevant, we’ve mapped Regula policies to the CIS AWS, Azure, and Google Cloud Foundations Benchmarks so you can assess compliance posture. Regula is maintained by engineers at Fugue.
CloudQuery - Transforms your cloud infrastructure into SQL database for easy monitoring, governance and security
CloudQuery transforms your cloud infrastructure into queryable SQL for easy monitoring, governance and security. CloudQuery pulls, normalize, expose and monitor your cloud infrastructure and SaaS apps as SQL database. This abstracts various scattered APIs enabling you to define security, governance, cost and compliance policies with SQL. CloudQuery comes with built-in policy packs such as: AWS CIS.
aws security cis sql monitor azure gcp cloud-computing compliance cloudtrail aws-security cis-benchmark well-architected gcp-security cspm cloud-monitoringtfsec - 🔒🌍 Security scanner for your Terraform code
tfsec uses static analysis of your terraform templates to spot potential security issues. Now with terraform v0.12+ support. You can also grab the binary for your system from the releases page.
aws security ci azure terraform scanner static-analysis infrastructure-as-code compliance google-cloud-platform hacktoberfestterragoat - TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
terraform aws-security goat devsecops cloud-security azure-security gcp-securityhorusec - Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command
Horusec is an open source tool that performs a static code analysis to identify security flaws during the development process. Currently, the languages for analysis are C#, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart, Elixir, Shell, Nginx. The tool has options to search for key leaks and security flaws in all your project's files, as well as in Git history. Horusec can be used by the developer through the CLI and by the DevSecOps team on CI /CD mats. Check out our Documentation, you will see the complete list of tools and languages Horusec performs analysis.
kotlin cli security analysis ci cd terraform scanner static-analysis netcore vulnerabilities hacktoberfest sast security-flaws security-development sast-analysisterratag - Terratag is a CLI tool that enables users of Terraform to automatically create and maintain tags across their entire set of AWS, Azure, and GCP resources
Terratag is brought to you with ❤️ by Let your team manage their own environment in AWS, Azure and Google. Governed by your policies and with complete visibility and cost management. Terratag is a CLI tool allowing for tags or labels to be applied across an entire set of Terraform files. Terratag will apply tags or labels to any AWS, GCP and Azure resources.
aws devops cloud tags azure terraform tagging gcp iac cost hcl infrastructure-as-code hashicorp-terraform env0 terrataglambda-the-terraform-way - AWS Lambda using Terraform., an Introductory Cookbook
The objective of this tutorial is to understand AWS Lambda in-depth, beyond executing functions, using Terraform. This tutorial walks through setting up Terraform, dependencies for AWS Lambda, getting your first Lambda function running, many of its important features & finally integrating with other AWS services. Terraform will be the primary medium of demonstrating all these examples. Terraform is an infrastructure as code software that helps in managing resources in cloud, by various providers like AWS, GCP, Azure etc., Terraform enables creation of infrastructure by writing code in a declarative form.
aws devops terraform infrastructure-as-code awslambdacloudformation-guard - Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules
AWS CloudFormation Guard is an open-source general-purpose policy-as-code evaluation tool. It provides developers with a simple-to-use, yet powerful and expressive domain-specific language (DSL) to define policies and enables developers to validate JSON- or YAML- formatted structured data with those policies. NOTE: If you are using Guard 1.0, we highly recommend adopting Guard 2.0 because Guard 2.0 is a major release that introduces multiple features to simplify your current policy-as-code experience. Guard 2.0 is backward incompatible with your Guard 1.0 rules and can result in breaking changes. To migrate from Guard 1.0 to Guard 2.0, 1) use migrate command to transition your existing 1.0 rules to 2.0 rules and 2) read all new Guard 2.0 features.
security cloudformation terraform k8s compliance governance policy-as-code cfn-guard policy-rule-evaluationcloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting. Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.
aws compliance cloud rules-engine cloud-computing management serverless lambda gcp azureterraform-aws-secure-baseline - Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices
A terraform module to set up your AWS account with the reasonably secure configuration baseline. Most configurations are based on CIS Amazon Web Services Foundations v1.4.0 and AWS Foundational Security Best Practices v1.0.0. See Benchmark Compliance to check which items in various benchmarks are covered.
aws security devops terraform hardening security-hardening terraform-modules security-tools cis-benchmark aws-auditingkube-linter - KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices
KubeLinter analyzes Kubernetes YAML files and Helm charts, and checks them against a variety of best practices, with a focus on production readiness and security. KubeLinter runs sensible default checks, designed to give you useful information about your Kubernetes YAML files and Helm charts. This is to help teams check early and often for security misconfigurations and DevOps best practices. Some common examples of these include running containers as a non-root user, enforcing least privilege, and storing sensitive information only in secrets.
kubernetes static-analysis yaml-files helm-chartsClouddiscovery - The tool to help you discover resources in the cloud environment
Cloudiscovery helps you to analyze resources in your cloud (AWS/GCP/Azure/Alibaba/IBM) account. Now this tool only can check resources in AWS, but they are working to expand to other providers. The tool consists of various commands to help you understand the cloud infrastructure. It provides a CLI to easily perform desired actions.
cloud-discovery cloud cloud-infrastructure cloud-management aws aws-cli vpc diagrams aws-iot devops-tools aws-monitoring iam-policy aws-servicescloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Cloud Custodian is a rules engine for AWS fleet management. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting. Custodian can be used to manage AWS accounts by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.
aws compliance cloud rules-engine cloud-computing management serverless lambda gcp azureDeepFence - Identify vulnerabilities in running containers, images, hosts and repositories
Deepfence ThreatMapper helps you to monitor and secure your running applications, in Cloud, Kubernetes, Docker, and Fargate Serverless. ThreatMapper scans your platforms and identifies pods, containers, applications, and infrastructure. Use ThreatMapper to discover the topology of your applications and attack surface. It obtains manifests of dependencies from running pods and containers, serverless apps, applications, and operating system. ThreatMapper matches these against vulnerability feeds to identify vulnerable components.
vulnerability-scanning security-vulnerability vulnerability-management threat-analysis vulnerability github docker kubernetes jenkins devops circleci gitlab serverless secops cloud-native security-tools devsecops compliance-automation registry-scanninginfracost - Cloud cost estimates for Terraform in pull requests💰📉 Love your cloud bill!
Infracost shows cloud cost estimates for infrastructure-as-code projects such as Terraform. It helps DevOps, SRE and developers to quickly see a cost breakdown and compare different options upfront. Docker and Windows users see here.
aws cloud azure terraform gcp infrastructure-as-code cost-estimation cost-optimization cost-management terraform-cost-estimation monthly-costs cloud-cost-estimatesgardener - Kubernetes API server extension and controller manager managing the full lifecycle of conformant Kubernetes clusters (Shoots) as a service on AWS, Azure, GCP, and OpenStack
The Gardener implements the automated management and operation of Kubernetes clusters as a service and aims to support that service on multiple Cloud providers (AWS, GCP, Azure, OpenStack). Its main principle is to use Kubernetes itself as base for its tasks. In essence, the Gardener is an extension API server along with a bundle of Kubernetes controllers which introduces new API objects in an existing Kubernetes cluster (which is called Garden cluster) in order to use them for the management of further Kubernetes clusters (which are called Shoot clusters). To do that reliably and to offer a certain quality of service, it requires to control the main components of a Kubernetes cluster (etcd, API server, controller manager, scheduler). These so-called control plane components are hosted in Kubernetes clusters themselves (which are called Seed clusters).
kubernetes gardener aws azure gcp openstack clusterPulumi - Developer-First Infrastructure as Code
The Pulumi Cloud Native Development Platform is the easiest way to create and deploy cloud programs that use containers, serverless functions, hosted services, and infrastructure, on any cloud. Simply write code in your favorite language and Pulumi automatically provisions and manages your AWS, Azure, Google Cloud Platform, and/or Kubernetes resources, using an infrastructure-as-code approach.
infrastructure-as-code serverless containers aws azure gcp kubernetes deployment multi-code paasMobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.
static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security mobile-security-framework api-testing web-security malware-analysis runtime-security ci-cd devsecops apk ipasast-scan - Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies
Scan is a free open-source security tool for modern DevOps teams. With an integrated multi-scanner based design, Scan can detect various kinds of security flaws in your application, and infrastructure code in a single fast scan without the need for any remote server. Scan is purpose built for workflow integration with nifty features such as automatic build breaker, results baseline and PR summary comments. Scan products are open-source under a GNU GPL 3.0 or later (GPL-3.0-or-later) license. Please visit the official documentation site for scan to learn about the configuration and CI/CD integration options. We also have a dedicated discord channel for issues and support.
workflow appsec scanners license-scan devsecops sast dependency-scansecurity_monkey - Security Monkey
Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. It provides a single UI to browse and search through all of your accounts, regions, and cloud services. The monkey remembers previous states and can show you exactly what changed, and when.Security Monkey can be extended with custom account types, custom watchers, custom auditors, and custom alerters.
aws aws-s3 aws-ec2 aws-sqs aws-vpc aws-iam boto3 boto botocore aws-security aws-policy-tracking
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
