jit-access
magpie
jit-access | magpie | |
---|---|---|
1 | 4 | |
221 | 160 | |
6.3% | 3.8% | |
9.2 | 8.3 | |
6 days ago | 23 days ago | |
Java | Java | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
jit-access
-
access control | database
Most IAM resources on Google Cloud have time boxing built in and you can control access to resources that way. Google have a self serve application that devs can use to get access, see: https://github.com/GoogleCloudPlatform/jit-access
magpie
-
Cloud asset tracking
There both do something like what you're looking for.... https://github.com/cloudquery/cloudquery https://github.com/openraven/magpie
-
CSPM opensource suggestions
Magpie https://github.com/openraven/magpie ThreatMapper https://github.com/deepfence/ThreatMapper Cloudquery https://github.com/cloudquery/cloudquery
- Magpie – OSS CSPM and non-native service enumeration
- Magpie – Open-Source CSPM
What are some alternatives?
Application-Gateway - OWASP Application Gateway is an HTTP proxy that handles Oauth2 authentication and session management
cloudsploit - Cloud Security Posture Management (CSPM)
bank-of-anthos - Retail banking sample application showcasing Kubernetes and Google Cloud
saf - The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines
auth - A GitHub Action for authenticating to Google Cloud.
ScoutSuite - Multi-Cloud Security Auditing Tool
wrongsecrets - Vulnerable app with examples showing how to not use secrets [Moved to: https://github.com/OWASP/wrongsecrets]
ZAP - The ZAP core project
wrongsecrets - Vulnerable app with examples showing how to not use secrets
cloudquery - The open source high performance ELT framework powered by Apache Arrow
prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
heimdall2 - Heimdall Enterprise Server 2 lets you view, store, and compare automated security control scan results.