Cloud Security

Red October is a TLS-based encryption server that implements two-man rule authorization, requiring multiple users to collaborate for cryptographic operations.

tfsec is being replaced by Trivy, a more comprehensive open-source security solution

A multi-threaded Ruby tool for comprehensive AWS security inventory collection that gathers detailed resource attributes, metadata, and policy information across AWS environments.

A setuid implementation of user namespaces that enables running unprivileged containers without root privileges as a secure alternative to traditional container runtimes.

FunctionShield is a Serverless Security Library for Developers to enforce strict security controls on AWS Lambda & Google Cloud Functions runtimes.

Clair is an open source static analysis tool that scans application containers for known vulnerabilities through API-based image indexing and matching.

Komiser is an open-source cloud-agnostic resource manager that analyzes and manages cloud cost, usage, security, and governance across multiple cloud providers in a unified platform.

Docker's Actuary is an automated security assessment tool that checks Docker container deployments against configurable best-practice checklists to ensure production readiness.

Amazon GuardDuty is a threat detection service for AWS accounts.

An AWS IAM security assessment tool that identifies least privilege violations and generates risk-prioritized reports for IAM policy remediation.

Dagda is a Docker security tool that performs static vulnerability analysis of container images and monitors running containers for malicious threats and anomalous activities.

A secret management service that stores encrypted secrets in DynamoDB for secure credential and sensitive data management.

A security testing framework for assessing container environment security across AWS and GCP cloud platforms.

A graph-based tool for visualizing AWS access permissions and resource relationships to identify potential attack paths and privilege escalation opportunities.

rpCheckup is an AWS resource policy security analysis tool that identifies public, external, intra-organizational, and private resource access patterns across AWS accounts.

A fully managed service that securely stores, rotates, and manages sensitive data such as database credentials and API keys.

Falco is a CNCF graduated runtime security tool that monitors Linux kernel events and syscalls to detect abnormal behavior and security threats in cloud native environments.

Kube-bench is a security assessment tool that validates Kubernetes deployments against CIS Kubernetes Benchmark standards through automated configuration checks.

Atomic Reactor is a Python library and CLI tool for building Docker images with advanced features including Git integration, registry operations, and build system integration.

A command-line tool that performs automated IAM policy security linting across AWS accounts and organizations using AWS Access Analyzer validation.

Zeus is an AWS security auditing and hardening tool that evaluates cloud configurations against CIS benchmarks and can automatically apply recommended security settings.

Bane is an automated AppArmor profile generator for Docker containers that simplifies the creation of security policies with file globbing support and Docker integration.

Scout Suite is an open source multi-cloud security auditing tool that gathers configuration data via cloud provider APIs to identify risks and provide visibility into cloud attack surfaces.