prowler-cloud / prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
☆10,555Updated this week
Related projects: ⓘ
- List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.☆8,901Updated 8 months ago
- Multi-Cloud Security Auditing Tool☆6,593Updated last week
- Cloud Security Posture Management (CSPM)☆3,302Updated 2 months ago
- Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source pa…☆6,987Updated this week
- CloudMapper helps you analyze your Amazon Web Services (AWS) environments.☆5,962Updated 2 months ago
- The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.☆4,306Updated 3 weeks ago
- Tfsec is now part of Trivy☆6,659Updated last week
- Ultimate DevSecOps library☆5,622Updated 2 months ago
- A vulnerability scanner for container images and filesystems☆8,482Updated this week
- Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more☆22,863Updated this week
- Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resour…☆5,365Updated this week
- Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized repo…☆1,965Updated this week
- CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool☆2,893Updated this week
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆4,684Updated last week
- Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on p…☆4,229Updated last week
- Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powere…☆2,949Updated last week
- An encyclopedia for offensive and defensive security knowledge in cloud native technologies.☆1,640Updated 2 weeks ago
- Cloud cost estimates for Terraform in pull requests💰📉 Shift FinOps Left!☆10,878Updated this week
- Find, verify, and analyze leaked credentials☆15,644Updated this week
- An authoritative list of awesome devsecops tools with the help from community experiments and contributions.☆4,564Updated 4 months ago
- Nuke a whole AWS account and delete all its resources.☆5,743Updated last week
- Protect and discover secrets using Gitleaks 🔑☆17,413Updated this week
- A vault for securely storing and accessing AWS credentials in development environments☆8,417Updated last month
- CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code☆12,416Updated last week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆6,015Updated this week
- Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.☆6,835Updated this week
- Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark☆6,933Updated last week
- The open source high performance ELT framework powered by Apache Arrow☆5,789Updated this week
- Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.☆7,462Updated 2 weeks ago
- Curated list of resources on HashiCorp's Terraform and OpenTofu☆5,424Updated last week