Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → haveyoudebuggedit → cscanner

haveyoudebuggedit / cscanner

Licence: Apache-2.0 license

An open source, multi-cloud DevSecOps compliance checker

Programming Languages

68154 projects - #9 most used programming language

1544 projects

Labels

security devops tool checker compliance devsecops

Projects that are alternatives of or similar to cscanner

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Stars: ✭ 3,572 (+18700%)

Mutual labels: compliance, devsecops

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

Stars: ✭ 54 (+184.21%)

Mutual labels: compliance, devsecops

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Stars: ✭ 4,561 (+23905.26%)

Mutual labels: compliance, devsecops

Security scanner for your Terraform code

Stars: ✭ 3,622 (+18963.16%)

Mutual labels: compliance, devsecops

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

Stars: ✭ 8,046 (+42247.37%)

Mutual labels: compliance, devsecops

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Stars: ✭ 1,261 (+6536.84%)

Mutual labels: compliance, devsecops

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

Stars: ✭ 346 (+1721.05%)

Mutual labels: compliance, devsecops

☁️Haven GRC - easier governance, risk, and compliance 👨‍⚕️👮‍♀️🦸‍♀️🕵️‍♀️👩‍🔬

Stars: ✭ 83 (+336.84%)

Mutual labels: compliance, devsecops

Multi tool checker account validator 2020

Stars: ✭ 30 (+57.89%)

Mutual labels: checker

一个打卡小程序 - 基于 leancloud 数据存储

Stars: ✭ 38 (+100%)

Mutual labels: checker

Guardian is a tool for extensible and universal data access with automated access workflows and security controls across data stores, analytical systems, and cloud products.

Stars: ✭ 127 (+568.42%)

Mutual labels: compliance

ticket-check-action

Verify that pull request titles start with a ticket ID

Stars: ✭ 29 (+52.63%)

Mutual labels: compliance

container-security-checklist

Checklist for container security - devsecops practices

Stars: ✭ 999 (+5157.89%)

Mutual labels: devsecops

Simple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.

Stars: ✭ 160 (+742.11%)

Mutual labels: devsecops

Wazuh - Tools for packages creation

Stars: ✭ 54 (+184.21%)

Mutual labels: compliance

A set of tools to work on Akamai v1 anti-bot solution. Current supported version: 1.70

Stars: ✭ 215 (+1031.58%)

Mutual labels: checker

vimana-framework

Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.

Stars: ✭ 47 (+147.37%)

Mutual labels: devsecops

proxy checker to check the status of the ip-port proxy list

Stars: ✭ 24 (+26.32%)

Mutual labels: checker

Git Anti-Virus Scan Action - Detect trojans, viruses, malware & other malicious threats.

Stars: ✭ 23 (+21.05%)

Mutual labels: devsecops

DongTai-agent-java

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

Stars: ✭ 592 (+3015.79%)

Mutual labels: devsecops

View All Similar Projects ➔

CScanner: A Cloud Security Scanner

Things to do

» Grab the latest release

» Read the documentation

A brief introduction

This utility is intended to check your cloud configuration for compliance with your companies rules in an automated fashion, not unlike AWS Config.

For example, if you want to make sure that your port 22 is never open to the world, across all your cloud providers, you could do something like this:

connections:
  # Configure your connections here
rules:
  - type: FIREWALL_PUBLIC_SERVICE_PROHIBITED
    protocol: "tcp"
    ports:
      - 22

You would then get a report detailing all your security groups across all your cloud providers and if they are compliant or are violating the rules.

Downloading

You can grab one of the releases from GitHub.

Running

To run the cscanner, simply point it to your config file:

java -jar cscanner.jar your-config-file.yaml

Make sure you have at least Java 8 to run this application. Note that you can use the -h or --help option to get a full list of possible filtering and output options.

Full documentation

For a full documentation please see the cscanner website at cscanner.io.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 19

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (19) 🔗