Top 23 cloud-security Open-Source Projects

• Wazuh

  151 9,264 10.0 C

  Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

  

Project mention: Exclude certain CIS (sca) rules from agents | /r/Wazuh | 2023-12-11

There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.

• terrascan

  23 4,518 6.6 Go

  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

  

Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

2. Terrascan: https://github.com/tenable/terrascan Terrascan detects security vulnerabilities and compliance violations across your IaC. Supports multiple cloud providers, ensuring that your infrastructure complies with security best practices.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• kubernetes-goat

  18 3,882 4.7 HTML

  Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

• consoleme

  10 3,066 0.0 Python

  A Central Control Plane for AWS Permissions and Access

  

Project mention: Launch HN: Slauth (YC S22) – auto-generate secure IAM policies for AWS and GCP | news.ycombinator.com | 2023-12-04

Why are you using (very expensive) GPT, or any LLM for that matter, when this was already a solved problem using rulesets? Netflix for example has open source that does this already: https://github.com/Netflix/consoleme

Instead of analyzing your code, you just run your code with no permissions and it automatically detects permission failures and thens open those permissions, with a UI showing you what it did so you can remove any permissions you don't want.

That actually seems much more secure than trying to divine the rules from reading the code.

What value is the LLM adding here?

• awesome-cloud-security

  2 1,910 0.0

  🛡️ Awesome Cloud Security Resources ⚔️

• cloudfox

  4 1,800 9.1 Go

  Automating situational awareness for cloud penetration tests.

  

• stratus-red-team

  8 1,621 8.7 Go

  :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

  

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• hackingthe.cloud

  11 1,518 8.8 Dockerfile

  An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

  

Project mention: Cloud penetration testing courses | /r/cybersecurity | 2023-12-11

It’s not quite a course, but Hacking the Cloud has a ton of educational content on cloud pentesting. It leans more towards AWS. https://hackingthe.cloud

• veinmind-tools

  7 1,471 6.8 Go

  veinmind-tools 是由长亭科技自研，基于 veinmind-sdk 打造的容器安全工具集

  

• matano

  38 1,357 7.0 Rust

  Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

  

Project mention: Cisco Acquires Splunk | news.ycombinator.com | 2023-09-21

sorry thats https://matano.dev

• awesome-aws-security

  2 1,118 4.8

  Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security

• paralus

  4 932 8.1 Go

  All-in-one Kubernetes access manager. User-level credentials, RBAC, SSO, audit logs.

  

• granted

  15 910 8.7 Go

  The easiest way to access your cloud.

  

Project mention: Ask HN: How do you manage many profiles and credentials for cloud tooling? | news.ycombinator.com | 2023-10-03

You're going to love https://granted.dev. It can be extended further, as we've done internally: https://www.duckbillgroup.com/blog/overhauling-aws-account-a...

• constellation

  31 870 9.9 Go

  Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.

  

Project mention: Using "Confidential Computing" with Hetzner? (Intel SGX/TDX, AMD SEV/SNP) | /r/hetzner | 2023-05-16

A lot happening in Europe, Enclaive provides encrypting containers (GitHub), Edgeless Systems provides a whole encrypted k8s with constellation (GitHub), then there are other players like scontain and secustack.

• ElectricEye

  1 864 9.2 Python

  ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

• SkyArk

  1 828 0.0 PowerShell

  SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

  

• awesome-cloud-security

  1 562 4.9

  A curated list of awesome cloud security blogs, podcasts, standards, projects, and examples. (by Funkmyster)

• stackql

  5 434 8.5 Go

  Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework

  

Project mention: Cloud Tools You Probably Haven't Heard Of | dev.to | 2024-03-31

Like Steampipe's revolutionary approach, StackQL harnesses the power of SQL to query your resources seamlessly. Moreover, it empowers you to utilize SQL syntax for querying and creating resources.

• BucketLoot

  3 337 6.7 Go

  BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.

  

Project mention: Open source S3 bucket scanner for secrets and assets | news.ycombinator.com | 2023-10-11

• MAAD-AF

  15 333 7.6 PowerShell

  MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).

  

• tfquery

  3 325 0.0 Python

  tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.

• iamzero

  4 236 0.0 Go

  Identity & Access Management simplified and secure.

  

• varc

  5 232 3.5 Python

  Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

  

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

cloud-security related posts

• Acquisitions lead to struggles for Windows and Linux device management

  1 project | news.ycombinator.com | 24 Jan 2024

• Unified analytics and IaC framework for cloud, IdP, and SaaS providers using SQL

  4 projects | news.ycombinator.com | 6 Oct 2023

• OpenSource Mobile Device Management

  1 project | /r/opensource | 26 Jun 2023

• Anyone using Fleet? Thoughts?

  1 project | /r/msp | 25 May 2023

• Using "Confidential Computing" with Hetzner? (Intel SGX/TDX, AMD SEV/SNP)

  1 project | /r/hetzner | 16 May 2023

• Mögliche Lösungen zu selbstzerstörenden Umgebungen mit einem Trigger

  2 projects | /r/de_EDV | 21 Apr 2023

• Where are you hosting your Managed Kubernetes and why?

  1 project | /r/kubernetes | 5 Mar 2023
• A note from our sponsor - InfluxDB
  www.influxdata.com | 10 May 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com