Analysis updated 2026-07-03
Run a full security scan of your AWS account to get a prioritized list of misconfigurations like public S3 buckets or overly permissive IAM roles.
Filter results to the PCI or HIPAA compliance profile to produce a targeted report showing only the checks required for your regulatory framework.
Add CloudSploit to your CI/CD pipeline using JUnit XML output so cloud security checks fail a build the same way unit tests do.
Write a custom plugin to add a security check specific to your organization that the default rule set does not cover.
| aquasecurity/cloudsploit | efforg/privacybadger | forwardemail/email-templates | |
|---|---|---|---|
| Stars | 3,731 | 3,731 | 3,733 |
| Language | JavaScript | JavaScript | JavaScript |
| Setup difficulty | moderate | easy | moderate |
| Complexity | 3/5 | 1/5 | 2/5 |
| Audience | ops devops | general | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires read-only cloud credentials configured via a config file or environment variables before the first scan.
CloudSploit is an open-source tool that scans your cloud accounts on AWS, Azure, Google Cloud, and Oracle Cloud and reports back a list of security problems and misconfigurations. If you have cloud infrastructure running and want to know whether it is set up securely, this tool checks it against hundreds of known best practices and tells you what is wrong. The tool runs from the command line. You give it read-only credentials for your cloud account, and it goes through your settings looking for issues: storage buckets left open to the public, outdated encryption settings, overly permissive access rules, and similar problems. Results can be shown as a table in your terminal, exported to CSV or JSON files, or formatted as JUnit XML for use in automated testing pipelines. CloudSploit also supports compliance modes, which filter the results to show only the checks relevant to a specific regulatory standard. The supported standards include PCI (payment card industry rules), HIPAA (US healthcare data regulations), and several CIS benchmark profiles. If your organization needs to demonstrate compliance with one of these frameworks, the tool can run a targeted scan focused on those requirements. You can run it yourself by installing Node.js and cloning the repository, or you can run it inside Docker without installing any dependencies locally. Aqua Security, the company behind the project, also offers a commercial hosted version with additional features. The open-source command-line version is self-contained and does not require a paid account. Credentials are passed through a config file or environment variables. The tool only needs read-only access, so it can inspect your setup without making any changes to your account. There is also a plugin system that lets developers write new security checks for custom use cases not covered by the default set.
An open-source command-line tool that scans AWS, Azure, Google Cloud, and Oracle Cloud accounts for security misconfigurations and compliance gaps, checking hundreds of best practices without needing write access to your account.
Mainly JavaScript. The stack also includes JavaScript, Node.js, Docker.
Open-source, the tool is free to use and self-host. A commercial hosted version with more features is available from Aqua Security.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.