A list of open source cloud security tools to assist those learning or those with small IT budgets wishing secure their environments and CICD tool chains. I’ve done my best to categorize the tools as “Reputable” and “Beware”. Use at your own risk.
reputable / supported
emerging products / ratings
- https://www.gartner.com/smarterwithgartner/top-actions-from-gartner-hype-cycle-for-cloud-security-2020/
- https://www.g2.com/categories/cloud-compliance?tab=highest_rated
- https://www.g2.com/categories/cloud-access-security-broker-casb/enterprise
- https://www.gartner.com/reviews/market/cloud-access-security-brokers
native cloud
- AWS
- https://aws.amazon.com/security-hub/?aws-security-hub-blogs.sort-by=item.additionalFields.createdDate&aws-security-hub-blogs.sort-order=desc
- https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-compliance.html
- https://aws.amazon.com/blogs/security/tag/aws-config/
- https://aws.amazon.com/guardduty/
- https://docs.aws.amazon.com/waf/
- GCP
- Azure
- https://azure.microsoft.com/en-us/services/security-center/#features
- https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm
- https://azure.microsoft.com/en-us/services/information-protection/
- https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
remediation guides- open source
aws – open source
- Topology Discovery
- IAM and Compliance
- Cloud Formation
terraform – open source
GCP – open source
- Topology Discovery
- IAM and Compliance
@secSandman 