Skip to content

cloud.md

Latest commit

 

History

History
63 lines (45 loc) · 6.53 KB

cloud.md

File metadata and controls

63 lines (45 loc) · 6.53 KB

Cloud Security in DevSecOps

In DevSecOps, securing cloud infrastructure is just as critical as securing application code. With the rise of Infrastructure as Code and automated CI/CD, cloud environments can change rapidly — and security needs to keep up.

Misconfigured services, overly permissive IAM roles, exposed S3 buckets, and untagged resources are among the most common sources of cloud breaches. The tools below help identify, remediate, and enforce secure cloud posture across AWS, GCP, and Azure.

Multi-Cloud Security Tools

Name URL Description Stars
Cloudsploit GitHub Open-source scanner that detects misconfigurations in AWS, GCP, and Azure services Stars
ScoutSuite GitHub Multi-cloud security auditing tool by NCC Group (supports AWS, Azure, GCP) Stars
CloudCustodian GitHub Policy-as-code engine to manage cloud governance rules across providers Stars
CloudGraph GitHub GraphQL-based security visualization engine for AWS, Azure, GCP, and K8s Stars

AWS Security Tools

Name URL Description Stars
Prowler GitHub CLI tool for AWS security auditing, compliance (CIS, GDPR, PCI-DSS) Stars
Dragoneye GitHub Detects exposed AWS resources and compliance violations Stars
aws-inventory GitHub Discovers and lists all AWS resources across accounts Stars
PacBot GitHub Policy-as-code bot by T-Mobile, manages security and compliance in AWS Stars
Komiser GitHub AWS inventory and cost visualization dashboard with security insights Stars
Cloudsplaining GitHub IAM policy analysis tool for detecting privilege escalations and misuse Stars
ElectricEye GitHub Continuous AWS misconfiguration monitoring using security standards Stars
CloudMapper GitHub Visualizes AWS accounts and detects network misconfigurations Stars
Cartography GitHub Graph-based visualization of cloud and infrastructure assets (AWS-focused) Stars
policy_sentry GitHub Least-privilege IAM policy generator using CRUD actions Stars
AirIAM GitHub Audit and reduce AWS IAM permissions and create Terraform output Stars
StreamAlert GitHub Real-time, serverless alerting framework for AWS logs and data streams Stars
CloudQuery GitHub SQL-like querying and security analysis over AWS infrastructure Stars
S3Scanner GitHub Tool to find open S3 buckets and dump contents Stars
Parliament GitHub AWS IAM policy linting library Stars
Yor GitHub Adds tags to IaC (Terraform, CloudFormation) for traceability and ownership Stars
aws-firewall-factory GitHub Automates deployment and management of AWS WAF across accounts Stars

GCP-Specific Tool

Name URL Description Stars
Forseti Security GitHub Suite of tools for auditing and securing Google Cloud Platform environments Stars

️Best Practices for Cloud Security

  1. Continuously scan for resource misconfigurations and open attack surfaces
  2. Enforce least privilege IAM policies with tools like policy_sentry, AirIAM
  3. Tag all resources for accountability and visibility (automate with Yor)
  4. Monitor configuration drift using real-time frameworks (e.g., ElectricEye)
  5. Enable cross-account and multi-region visibility
  6. Integrate compliance scans into CI/CD and infrastructure provisioning steps

Further Reading