CloudSploit: Cloud Security Posture Management

CloudSploit

CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.

It provides GitHub account security auditing capabilities. It uses the GitHub APIs to obtain metadata about the GitHub account (number of repositories, configuration, security settings, etc.) which is then used to evaluate alignment with security best practices.

CloudSploit is available in two deployment options:

Self-Hosted

Follow the instructions below to deploy the open-source version of CloudSploit on your machine in just a few simple steps.

Hosted at Aqua Wave

A commercial version of CloudSploit hosted at Aqua Wave. Try Aqua Wave today!

Architecture

It works in two phases. First, it queries the cloud infrastructure APIs for various metadata about your account, namely the “collection” phase. Once all the necessary data is collected, the result is passed to the “scanning” phase. The scan uses the collected data to search for potential misconfigurations, risks, and other security issues, which are the resulting output.

Installation

Ensure that NodeJS is installed. If not, install it from here.

git clone git@github.com:cloudsploit/scans.git
cd scans
npm install

Tutorial

Copyright (C) 2015 aquasecurity