ElectricEye is a Python CLI tool that provides multi-cloud and multi-SaaS security posture management capabilities. The tool supports asset management, security posture assessment, and attack surface monitoring across multiple cloud service providers and SaaS platforms. The platform covers AWS, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), ServiceNow, Microsoft 365 Enterprise, and Salesforce environments. It performs cross-account and cross-region assessments to evaluate security configurations and compliance posture. ElectricEye includes over 1000 security checks that evaluate configurations against security, resilience, performance, and financial best practices. These checks cover more than 100 cloud services and SaaS applications, providing comprehensive coverage of enterprise environments. The tool maps its security controls to over 20 industry frameworks, regulatory standards, and best practice guidelines. This mapping helps organizations understand their compliance posture across multiple standards simultaneously. ElectricEye operates as a command-line interface tool, allowing integration into automated workflows and security operations processes. The tool provides visibility into security misconfigurations and potential attack vectors across hybrid cloud and SaaS environments.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A setuid implementation of user namespaces that enables running unprivileged containers without root privileges as a secure alternative to traditional container runtimes.
A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.
Cloudmarker is a configurable cloud monitoring tool and framework that audits Azure and GCP environments by retrieving, analyzing, and alerting on cloud security data.
A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.
LambdaGuard is an AWS Lambda auditing tool that provides security configuration checks, statistical analysis, and service dependency mapping for serverless functions.
KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.
A tutorial demonstrating how to implement Kubernetes Engine security features to control application privileges through host access controls and network access policies.
A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.
FestIn discovers open S3 buckets associated with a domain using crawling and DNS reconnaissance techniques.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.