CScanner: A Cloud Security Scanner

GitHub Releases Code Quality License Discord CircleCI GitHub last commit GitHub top language GitHub repo size GitHub issues GitHub pull requests GitHub stars Twitter Follow

This utility is intended to check your cloud configuration for compliance with your companies rules in an automated fashion, not unlike AWS Config.

For example, if you want to make sure that your port 22 is never open to the world, across all your cloud providers, you could do something like this:

connections:
  # Configure your connections here
rules:
  - type: FIREWALL_PUBLIC_SERVICE_PROHIBITED
    protocol: "tcp"
    ports:
      - 22

You would then get a report detailing all your security groups across all your cloud providers and if they are compliant or are violating the rules.

Downloading

You can grab one of the releases from GitHub.

Running

To run the cscanner, simply point it to your config file:

java -jar cscanner.jar your-config-file.yaml

Make sure you have at least Java 8 to run this application. Note that you can use the -h or --help option to get a full list of possible filtering and output options.

For detailed configuration options see Configuration.

Supported cloud providers

Currently the following cloud providers are supported:

Supported rules

Currently the following rule sets are supported:

Other features