CloudGuardrail logo CloudGuardrail GitHub
Curated by practitioners, maintained by the community

Cloud Security Tool Directory

This directory is powered by structured repository data so community pull requests can improve the list while preserving consistent quality.

Prowler

Open Source

Large benchmark coverage with pragmatic cloud misconfiguration checks.

CSPM AWS · Azure · GCP
SOC 2PCI DSSCIS
Visit tool

Wiz

Commercial

Graph-based cloud attack path visibility across workloads and identities.

CNAPP Multi
SOC 2HIPAAPCI DSSFedRAMP
Visit tool

Prisma Cloud

Commercial

Broad CNAPP suite spanning code, runtime, and cloud posture domains.

CNAPP Multi
SOC 2PCI DSSNIST
Visit tool

Checkov

Open Source

Policy-as-code scanning for Terraform, Kubernetes, and CloudFormation.

IaC Security AWS · Azure · GCP
SOC 2PCI DSSCIS
Visit tool

tfsec

Open Source

Fast local Terraform static analysis with clear remediation output.

IaC Security AWS · Azure · GCP
CISPCI DSS
Visit tool

Snyk IaC

Freemium

Developer-first IaC checks tightly integrated into pull request flow.

IaC Security AWS · Azure · GCP
SOC 2HIPAAPCI DSS
Visit tool

TruffleHog

Open Source

High-signal secret discovery with verified credential checks.

Secrets Scanning Multi
SOC 2PCI DSS
Visit tool

Gitleaks

Open Source

Simple, fast, and CI-friendly scanner for leaked credentials.

Secrets Scanning Multi
SOC 2PCI DSS
Visit tool

Aqua Trivy

Open Source

Single CLI for image, filesystem, and IaC vulnerability checks.

Container Security Multi
SOC 2PCI DSSNIST
Visit tool

Falco

Open Source

Runtime threat detection for containers and Kubernetes workloads.

Container Security Multi
SOC 2NIST
Visit tool

Open Policy Agent

Open Source

General-purpose policy engine used from CI to admission control.

Compliance as Code Multi
SOC 2PCI DSSNIST
Visit tool

Cloud Custodian

Open Source

Policy-driven cloud resource governance and automated remediation.

Compliance as Code AWS · Azure · GCP
SOC 2PCI DSSHIPAA
Visit tool

Syft

Open Source

Developer-friendly SBOM generator with broad package ecosystem support.

SBOM & Supply Chain Multi
NISTFedRAMP
Visit tool

Grype

Open Source

Vulnerability scanner designed to pair directly with generated SBOMs.

SBOM & Supply Chain Multi
NISTPCI DSS
Visit tool

Permiso

Commercial

Identity-centric detection focused on cloud service account abuse.

Cloud IAM Auditing AWS · Azure · GCP
SOC 2FedRAMP
Visit tool

PMapper

Open Source

Privilege escalation path analysis for AWS IAM role relationships.

Cloud IAM Auditing AWS
CISNIST
Visit tool

Scout Suite

Open Source

Multi-cloud security audit with visualized findings and drill-down.

CSPM AWS · Azure · GCP
CISNISTSOC 2
Visit tool

Steampipe

Open Source

Query cloud APIs with SQL for rapid compliance checks and dashboards.

Compliance as Code Multi
SOC 2NISTPCI DSS
Visit tool

Contribute a Tool

Add a new entry by submitting a pull request with required fields: name, URL, category, cloud support, type, and why it stands out.

Submit a Tool PR Read contribution guide