CScanner: A Cloud Security Scanner¶
This utility is intended to check your cloud configuration for compliance with your companies rules in an automated fashion, not unlike AWS Config.
For example, if you want to make sure that your port 22 is never open to the world, across all your cloud providers, you could do something like this:
connections:
# Configure your connections here
rules:
- type: FIREWALL_PUBLIC_SERVICE_PROHIBITED
protocol: "tcp"
ports:
- 22
You would then get a report detailing all your security groups across all your cloud providers and if they are compliant or are violating the rules.
Downloading¶
You can grab one of the releases from GitHub.
Running¶
To run the cscanner, simply point it to your config file:
java -jar cscanner.jar your-config-file.yaml
Make sure you have at least Java 8 to run this application. Note that you can use the -h
or --help
option to get a
full list of possible filtering and output options.
For detailed configuration options see Configuration.
Supported cloud providers¶
Currently the following cloud providers are supported:
Supported rules¶
Currently the following rule sets are supported: