CSPM opensource suggestions

This page summarizes the projects mentioned and recommended in the original post on /r/cloudsecurity
Security AWS GCP Cloud security-tools

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • ScoutSuite

    Multi-Cloud Security Auditing Tool

  • cloudsploit

    Cloud Security Posture Management (CSPM)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • heimdall2

    Heimdall Enterprise Server 2 lets you view, store, and compare automated security control scan results.

  • ZAP

    The ZAP core project

  • saf

    The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines

    • SAF https://github.com/mitre/saf

  • magpie

    A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks. (by openraven)

    • Magpie https://github.com/openraven/magpie ThreatMapper https://github.com/deepfence/ThreatMapper Cloudquery https://github.com/cloudquery/cloudquery

  • ThreatMapper

    Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

    • Magpie https://github.com/openraven/magpie ThreatMapper https://github.com/deepfence/ThreatMapper Cloudquery https://github.com/cloudquery/cloudquery

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • cloudquery

    The open source high performance ELT framework powered by Apache Arrow

    • Magpie https://github.com/openraven/magpie ThreatMapper https://github.com/deepfence/ThreatMapper Cloudquery https://github.com/cloudquery/cloudquery

  • prowler

    Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

    • If AWS is in use then i would add prowler to the list - https://github.com/prowler-cloud/prowler This is the best open source cspm for aws.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts