aquasecurity / cfsec
Static analysis for CloudFormation templates to identify common misconfiguration
☆58Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for cfsec
- ☆51Updated 8 months ago
- A tool to check the security settings of Github Organizations.☆69Updated last year
- Automated determination of which AWS services run where☆20Updated this week
- ☆22Updated last year
- An SBOM query language and associated utilities☆54Updated 9 months ago
- Open-source proof-of-concept client for AWS IAM Roles Anywhere☆71Updated 2 years ago
- ☆32Updated last year
- Kubernetes audit logging, when you don't control the control plane☆65Updated this week
- Slack alert bot for matching Github Audit Events☆10Updated last week
- K8s API Honeypot with Active Defense Capabilities☆39Updated 10 months ago
- Simple tool that allows you to detect imposter commits in GitHub Actions workflows.☆22Updated last week
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- The Amazon Elastic Kubernetes Service (EKS) Creation Engine (ECE) is a Python command-line program created by the Lightspin Office of the…☆40Updated last year
- PolicyGlass allows you to analyse one or more AWS policies' effective permissions in aggregate, by restating them in the form of PolicySh…☆58Updated 2 years ago
- Sysdig Terraform provider. Allow to handle Sysdig Secure policies as code.☆49Updated this week
- Dockerfile Security Checker using OPA Rego policies with Conftest☆59Updated 2 years ago
- GCP CSPM using Google Sheets☆34Updated 5 months ago
- Run compliance and security controls to detect Terraform AWS resources deviating from security best practices prior to deployment using P…☆25Updated 3 weeks ago
- Darkbit Cloud Security Tools☆25Updated 4 years ago
- Common Golang Packages for use by the Various Cloud Nuke Tools☆29Updated this week
- Rego policies for enterprise-scale Compliance-as-Code with OPA Conftest.☆58Updated last year
- Utility for downloading and mounting EBS snapshots using the EBS Direct API's☆74Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆57Updated last year
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆59Updated 8 months ago
- prel(iminary) is an application that temporarily assigns Google Cloud IAM Roles and includes an approval process.☆37Updated this week
- Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).☆138Updated 8 months ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- Trivy's misconfiguration scanning engine☆215Updated 7 months ago
- CloudSplaining on AWS Managed Policies☆41Updated this week
- ☆107Updated last month