This repository includes cloud security policies for IaC and live resources.

Detect drift. Defend cloud.

Static IaC threat modeler , parses Terraform, CloudFormation, and Kubernetes manifests and applies STRIDE rules to produce a structured threat model report with a Mermaid DFD.

Cloud (IaC) Security plugin for JetBrains IDEs (e.g., IntelliJ IDEA, PyCharm)

Free Browser Based Infrastructure as Code security scanner - Scan Terraform, Kubernetes, Docker, CloudFormation files for vulnerabilities in your browser. 180+ security rules, GitHub repo scanning, PDF reports. Privacy-first, no uploads.

An enterprise-grade, agentless, and open-source cloud security platform for AWS, GCP, and Azure that combines CSPM, DSPM, CIEM, ASM, and vulnerability management with deterministic YAML policies and natural language querying.

Jenkins plugin for Xygeni - End to end software development and delivery security

One-command Ubuntu Server hardening to achieve cutting-edge security, with ZERO ongoing maintenance required.

Security-focused prompt library and Claude Code skill for automated IaC security reviews. Covers Terraform, Kubernetes, Docker, Ansible, CloudFormation, and CI/CD pipelines. Compliance mapping to CIS, NIST 800-53, PCI-DSS, SOC2, HIPAA, and GDPR.

Production-grade AWS multi-account landing zone. Blast radius design, SCP composition, account vending, CloudTrail detection pipeline. Security architecture depth.

DevSecOps CI/CD pipeline scanner — Jenkins, GitHub Actions, GitLab, Azure Pipelines

Real-time cloud storage security and IaC analysis platform. Detect misconfigurations, prevent PII exposure, and enforce compliance across AWS, Azure, and GCP

Defense-in-depth security scanner for Java projects integrating 6 industry-standard tools (Trivy, Gitleaks, Semgrep, SpotBugs, Checkov, Hadolint) into a unified Dockerized pipeline. Also comes with a standalone installer.

An empirical evaluation framework for integrating real-time security feedback into LLM-based Infrastructure-as-Code generation using the Model Context Protocol (MCP).

A 540-test empirical evaluation framework assessing the security of Infrastructure-as-Code generated by AI assistants (Copilot, Cursor, Windsurf).

ComputeScan analyzes tfplan.json to catch GPU oversizing, autoscaling misconfigurations, tag drift, and high-risk idle patterns. Instantly, offline, and with zero setup. Designed for AI/ML infra teams and fully aligned with the GuardSuite governance engine.

Free security scanner for vector databases and RAG systems. Checks access exposure, drift, misconfigurations, and data leakage risks.

🔍 Enhance cloud security visibility across AWS, GCP, and Azure with open-source tools for misconfiguration, data discovery, and vulnerability management.

🛡️ A curated list of awesome DevSecOps tools, best practices, and resources for securing CI/CD pipelines. Covers SCA, SAST, DAST, IaC, and Container Security.