c
| Table of Contents |
|---|
...
| Excerpt |
|---|
An annotated list of free resources and open source tools to assist with AWS security |
...
- cfripper – Library and CLI tool for analyzing CloudFormation templates and check them for security compliance
- stelligent/cfn_nag – The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure.
- bridgecrewio/checkov – Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Keys and Secrets
awslabs/git-secrets – Prevents you from committing secrets and credentials into git repositories
- exec-with-secrets – Handle secrets in Docker using AWS KMS, SSM parameter store, Secrets Manager, or Azure Key Vault
- dxa4481/truffleHog – Searches through git repositories for high entropy strings and secrets, digging deep into commit history
- zricethezav/gitleaks – Scan git repos (or files) for secrets using regex and entropy
...