☁️ Cloud & container security
ScoutSuite
Multi-cloud security auditing tool — scans AWS, Azure, GCP, OCI for misconfigurations.
Why use it
ScoutSuite is the open-source equivalent of paid CSPM (cloud security posture management). Run it against your cloud account and get a beautifully laid-out HTML report of misconfigurations, exposed buckets, weak IAM, and more.
What you get
- Cross-provider audits: AWS, Azure, GCP, Oracle, Alibaba
- Severity-rated findings with remediation guidance
- HTML report with drill-downs per service
- Read-only — never makes changes
- Custom rule sets for your own policies
System requirements
| Cpu | 1 core |
|---|---|
| Ram | 1 GB |
| Disk | 500 MB |
| Os | Linux, macOS, Windows |
| Docker | Yes |
Installation
pip install scoutsuite. Configure credentials for your cloud (e.g. aws configure). Run: scout aws --report-dir reports. Open reports/scoutsuite-report/index.html in a browser.
Suggested configuration
Use a dedicated read-only IAM user/role for the scan — never give ScoutSuite write permissions. Schedule monthly scans and diff against the previous month. Focus first on Public S3 buckets, weak IAM policies, and disabled CloudTrail/logging.
Integration ideas
- Pipe findings into TheHive cases
- Run in CI on infrastructure changes
- Combine with kube-bench for IaaS + Kubernetes coverage
Alternatives
- Prowler — AWS-focused, faster, more checks.
- CloudSploit — Aqua-owned alternative; strong AWS coverage.
Cyentrix verdict
The cleanest free CSPM. Pair with Prowler if AWS is your primary cloud; ScoutSuite shines when you span multiple providers.