Open source alternative cloud security tool that works like Wiz/Lacework/Aqua

This page summarizes the projects mentioned and recommended in the original post on /r/cybersecurity
hardware-buttons linkedin-bot template-engine-js

CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured
InfluxDB high-performance time series database
Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.
influxdata.com
featured

  1. prowler

    Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.

    Im using prowler for aws and recently they added support for Azure, which ia great. Prowler Its not exactly a 100% cspm, but with some tweaking and integrations, it might be. Im usually running this is a 1 time assessment to see the current status of the environment.

  2. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo

  3. opencspm

    Discontinued Open Cloud Security Posture Management Engine

    There was a project called open cspm(OpenCSPM), but im afraid its not being maintained anymore.

  4. ScoutSuite

    Multi-Cloud Security Auditing Tool

    Another solution might be ScoutSuite, they have support for all major clouds - aws,gcp and azure. But its probably not maintained as well. ScoutSuite

  5. cloudsploit

    Cloud Security Posture Management (CSPM)

    I also heard about CloudSploit by Aqua, but never actually used it yet. You might want to take a look. CloudSploit

  6. steampipe

    Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

    Yes! There are open source cloud security tools! Here are some open source tools out there: steampipe, prowler, cloudquery, and ZeusCloud.

  7. ZeusCloud

    Open Source Cloud Security

    Yes! There are open source cloud security tools! Here are some open source tools out there: steampipe, prowler, cloudquery, and ZeusCloud.

  8. my-arsenal-of-aws-security-tools

    List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

    I'm a biased vendor, but for OSS I prefer Prowler... (has a commercial tier we technically compete with but the OSS is strong and I really like the people there). Tony, who runs Prowler, also maintains an amazing list of OSS tools in multiple categories. https://github.com/toniblyx/my-arsenal-of-aws-security-tools It's hard to keep up to date but I don't know of any other list that comes close.

  9. InfluxDB

    InfluxDB high-performance time series database. Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • ScoutSuite: Open-Source Multi-Cloud Security Auditing Tool

    1 project | news.ycombinator.com | 14 Aug 2024

  • Cloud asset tracking

    4 projects | /r/aws | 9 Dec 2023

  • Azure and M365 Secure Config Review

    2 projects | /r/Pentesting | 31 May 2023

  • ZeusCloud - an open-source cloud security platform

    3 projects | /r/devops | 21 Mar 2023

  • CSPM opensource suggestions

    9 projects | /r/cloudsecurity | 15 Jan 2023
Loading...