ScubaGear
ScubaGear is an assessment tool designed to verify the configuration of Microsoft 365 (M365) tenants against the Secure Cloud Business Applications (SCuBA) Security Configuration Baseline documents. The tool operates in three main steps: 1. It uses PowerShell to query M365 APIs for various configuration settings. 2. It employs Open Policy Agent (OPA) to compare these settings against Rego security policies based on the baseline documents. 3. It generates reports in HTML, JSON, and CSV formats to present the results of the comparison. ScubaGear is primarily intended for M365 administrators who want to assess their tenant environments against CISA Secure Configuration Baselines. It can be installed from PSGallery and requires certain dependencies and permissions to function correctly. The tool supports assessment of multiple M365 products and can be run with specific parameters or using a configuration file. It also includes features for troubleshooting common issues related to multiple tenants, Defender, Exchange Online, Power Platform, Microsoft Graph, and proxy configurations.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A cloud native application protection platform that provides unified visibility, risk assessment, and remediation capabilities across multi-cloud and hybrid environments.
A tool for discovering company infrastructure and apps on major cloud providers, beneficial for bug bounty hunters and penetration testers.
Cloud Security Suite (cs-suite) - Version 3.0 Usage for cloud security audits on AWS, GCP, Azure, and DigitalOcean.
Create Docker container images for testing and long-term use.
A comprehensive cloud security platform that combines vulnerability management, compliance monitoring, and automated remediation capabilities through an agentless architecture to protect cloud infrastructure and applications.
A cloud security solution that provides agentless application mapping and vulnerability prioritization based on business impact across cloud environments.
gVisor is an application kernel that provides isolation for running sandboxed containers.
AWS Scout2 is a security tool for AWS administrators to assess their environment's security posture.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.