CloudSploit by Aqua is an open-source Cloud Security Posture Management (CSPM) tool. It identifies security misconfigurations in cloud infrastructure accounts.
Key features:
- Multi-Cloud Support: Scans AWS, Azure, GCP, Oracle Cloud Infrastructure (OCI), and GitHub.
- Compliance Mapping: Maps plugins to compliance policies like HIPAA, PCI, and CIS Benchmarks.
- Customizable Output: Supports console, CSV, JSON, and JUnit XML output formats.
- Suppression: Allows suppressing results using regular expressions.
- Docker Support: Can be run within Docker containers.
- Plugin Architecture: Extensible architecture for writing custom security checks.
Use cases:
- Automated security auditing of cloud environments.
- Compliance monitoring and reporting.
- Integration into CI/CD pipelines for continuous security.
- Identifying and remediating security misconfigurations.
