🗂️ Navigation
📁 Infrastructure as Code
📋 Pre-Commit IaC Scanning
🔧 CloudSploit

CloudSploit

Cloud security posture assessment.

Visit Website →

Overview

CloudSploit is an open-source project, now maintained by Aqua Security, that scans cloud environments (AWS, Azure, GCP, Oracle Cloud) for security risks. Unlike IaC scanners that check files, CloudSploit checks the live, deployed state of cloud resources to detect misconfigurations and security issues. It helps identify configuration drift and problems that may not be visible in the source code.

✨ Key Features

  • Scans live cloud environments (AWS, Azure, GCP, OCI)
  • Focuses on runtime scanning of deployed resources
  • Plugin architecture with hundreds of security checks
  • Identifies configuration drift between IaC and production
  • Multiple output formats (console, JSON, CSV)
  • Open source and maintained by Aqua Security

🎯 Key Differentiators

  • Multi-cloud support (AWS, Azure, GCP, OCI).
  • Focuses exclusively on the live environment, making it a great tool for detecting drift.
  • Part of the Aqua Security open-source ecosystem.

Unique Value: Provides a powerful, open-source way to continuously monitor the security posture of live cloud environments, acting as a crucial counterpart to pre-deployment IaC scanning.

🎯 Use Cases (4)

Auditing live cloud environments Detecting security misconfigurations in production Continuous monitoring of cloud posture Complementing pre-deployment IaC scanning

✅ Best For

  • Running a scheduled scan to ensure no S3 buckets have been made public manually.
  • Checking if MFA is enabled for all IAM users in an AWS account.

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Pre-commit or pre-deployment scanning of IaC files (it scans live environments).

🏆 Alternatives

Prowler ScoutSuite Trivy (Cloud Scanning)

While Prowler is deeper for AWS, CloudSploit's strength is its multi-cloud support. It is a pure CSPM tool, whereas IaC scanners like Checkov are for pre-deployment.

💻 Platforms

Web CLI

🔌 Integrations

AWS Azure GCP Oracle Cloud Infrastructure

💰 Pricing

Contact for pricing
Free Tier Available

✓ 14-day free trial

Free tier: Open source version is fully featured for CLI use.

Visit CloudSploit Website →

🔄 Similar Tools in Pre-Commit IaC Scanning

Checkov

Open-source IaC scanner that finds misconfigurations in Terraform, CloudFormation, Kubernetes, and m...

Contact

Terrascan

Open-source static code analyzer for IaC that helps detect security issues and compliance violations...

Contact

KICS

Open-source IaC scanner from Checkmarx that supports a wide range of platforms and offers extensive ...

Contact

Trivy

Versatile open-source security scanner from Aqua Security that finds vulnerabilities, IaC misconfigu...

Contact

tfsec

A fast, open-source static analysis scanner for Terraform code to find security misconfigurations....

Contact

Prisma Cloud

A comprehensive Cloud Native Application Protection Platform (CNAPP)....

Contact