CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. Deployment Options: - Self-Hosted - Hosted at Aqua Wave Installation Configuration: - Amazon Web Services - Microsoft Azure - Google Cloud Platform - Oracle Cloud Infrastructure CloudSploit Config File Credential Files Environment Variables Running CLI Options: - Compliance (HIPAA, PCI, CIS Benchmarks) - Output Formats (Console Output, Ignoring Passing Results, CSV, JSON, JUnit XML) - Collection Output - Suppressions - Running a Single Plugin Architecture Writing a Plugin Other Notes
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Kube-bench is a tool for checking Kubernetes security based on CIS Kubernetes Benchmark.
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
Cloud Security Suite (cs-suite) - Version 3.0 Usage for cloud security audits on AWS, GCP, Azure, and DigitalOcean.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
A collection of security workshops and hands-on content for AWS security services and techniques
A search engine for open Amazon S3 buckets and their contents, allowing users to search for files using keywords, filename extensions, and full path.
Discover and understand the Docker Layer 2 ICC Bug and its implications on inter-container communication.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.