Cloud Security Tool Directory

Large benchmark coverage with pragmatic cloud misconfiguration checks.

Graph-based cloud attack path visibility across workloads and identities.

Broad CNAPP suite spanning code, runtime, and cloud posture domains.

Policy-as-code scanning for Terraform, Kubernetes, and CloudFormation.

Fast local Terraform static analysis with clear remediation output.

Developer-first IaC checks tightly integrated into pull request flow.

High-signal secret discovery with verified credential checks.

Simple, fast, and CI-friendly scanner for leaked credentials.

Single CLI for image, filesystem, and IaC vulnerability checks.

Runtime threat detection for containers and Kubernetes workloads.

General-purpose policy engine used from CI to admission control.

Policy-driven cloud resource governance and automated remediation.

Developer-friendly SBOM generator with broad package ecosystem support.

Vulnerability scanner designed to pair directly with generated SBOMs.

Identity-centric detection focused on cloud service account abuse.

Privilege escalation path analysis for AWS IAM role relationships.

Multi-cloud security audit with visualized findings and drill-down.

Query cloud APIs with SQL for rapid compliance checks and dashboards.

Visualizes AWS account relationships and attack paths for security review.

Automates safe teardown of AWS resources to enforce clean account baselines.

AWS exploitation framework for testing IAM abuse paths and cloud misconfigurations.

Monitors cloud account changes and flags policy and configuration drift.

Purpose-built AWS scenarios for validating detection and IAM attack-path readiness.

Identifies risky IAM permissions and privilege-escalation patterns in AWS policies.

Deliberately vulnerable Terraform stack for testing IaC misconfiguration detection.

Lints IAM policies to catch privilege, wildcard, and risky permission issues early.

Compares CloudTrail activity to granted IAM permissions to spot over-privileged identities.

Finds and assesses highly privileged AWS entities that increase account takeover risk.

Large set of AWS security checks for identifying cloud misconfigurations at scale.

Builds comprehensive cross-region AWS asset inventories for exposure and drift analysis.

Graphs cloud assets and trust relationships to uncover risky access paths.

Extracts cloud configuration data into SQL tables for policy checks and reporting.

Applies security and compliance rules to AWS CDK constructs during development.

Runs CIS Kubernetes benchmark checks against cluster nodes and control planes.

Performs active reconnaissance to identify exposed Kubernetes security weaknesses.

Kubernetes posture scanner with framework mappings and risk prioritization guidance.

Simulates common Kubernetes-to-cloud privilege escalation paths in AWS environments.

Developer-friendly secret detection in commits and CI pipelines with strong accuracy.

Agentless CNAPP platform focused on broad cloud asset and risk visibility.

Behavior-based CNAPP detection across cloud, containers, and identities.

Combines cloud posture, runtime threat detection, and container vulnerability controls.

CNAPP offering with strong posture analytics and entitlement risk visibility.

Static analysis engine for Terraform, Kubernetes, and other IaC formats.

Policy-based IaC scanner with broad cloud provider and framework coverage.

Lints CloudFormation templates to detect risky security configurations before deploy.

Brings continuous vulnerability and configuration scanning into Kubernetes clusters.

Kubernetes-native policy engine for enforceable guardrails and admission controls.

Admission policy framework using WebAssembly for portable Kubernetes enforcement.

Pre-commit focused secret scanner with baseline workflows for noisy repositories.

Real-time GitHub secret monitoring to quickly surface exposed credentials.

Runs multiple code and IaC security scanners in isolated containers with one aggregated security report.

Deletes cloud resources at scale to enforce clean account baselines and reduce stale attack surface.

Generates AWS IAM policies programmatically with a fluent interface to reduce policy authoring mistakes.

Enumerates cloud attack paths and identity exposure from an attacker perspective for rapid triage.

Executes cloud attack emulation scenarios to validate detections and incident response workflows.

Policy-as-code validation for CloudFormation templates to block insecure infrastructure before deployment.

Automatically tags IaC resources with traceability metadata to strengthen ownership and control mapping.

Static analysis for CloudFormation templates that finds risky permissions and misconfigurations pre-deploy.

Builds and analyzes least-privilege IAM policies using an action and resource database model.

Analyzes IAM permissions and trust paths to surface unintended access and escalation opportunities.