Open source alternative cloud security tool that works like Wiz/Lacework/Aqua

This page summarizes the projects mentioned and recommended in the original post on /r/cybersecurity
Cloud Security AWS GCP cspm

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • prowler

    Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

    • Im using prowler for aws and recently they added support for Azure, which ia great. Prowler Its not exactly a 100% cspm, but with some tweaking and integrations, it might be. Im usually running this is a 1 time assessment to see the current status of the environment.

  • opencspm

    Discontinued Open Cloud Security Posture Management Engine

    • There was a project called open cspm(OpenCSPM), but im afraid its not being maintained anymore.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • ScoutSuite

    Multi-Cloud Security Auditing Tool

    • Another solution might be ScoutSuite, they have support for all major clouds - aws,gcp and azure. But its probably not maintained as well. ScoutSuite

  • cloudsploit

    Cloud Security Posture Management (CSPM)

    • I also heard about CloudSploit by Aqua, but never actually used it yet. You might want to take a look. CloudSploit

  • steampipe

    Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

    • Yes! There are open source cloud security tools! Here are some open source tools out there: steampipe, prowler, cloudquery, and ZeusCloud.

  • ZeusCloud

    Open Source Cloud Security

    • Yes! There are open source cloud security tools! Here are some open source tools out there: steampipe, prowler, cloudquery, and ZeusCloud.

  • my-arsenal-of-aws-security-tools

    List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

    • I'm a biased vendor, but for OSS I prefer Prowler... (has a commercial tier we technically compete with but the OSS is strong and I really like the people there). Tony, who runs Prowler, also maintains an amazing list of OSS tools in multiple categories. https://github.com/toniblyx/my-arsenal-of-aws-security-tools It's hard to keep up to date but I don't know of any other list that comes close.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts