This is where I maintain a curated list of tools that were useful for me in the past.

Amazon Web Services (AWS)


  1. bridgecrewio/checkov - Security scanning for Terraform/Cloudformation/K8s templates
  2. salesforce/policy_sentry - Generate least-priviledge IAM policies without having to dig the entire AWS IAM permission model.

Security Scanners

  1. salesforce/metabadger - Find and remediate AWS instances using IMDSv1
  2. salesforce/cloudsplaining - Scans an AWS account and generates a risk report.
  3. prowler-cloud/prowler - Scans an AWS account and finds breaches on controls for common security frameworks like CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS, etc…

Google Cloud Platform (GCP)