Cloud

In the minimal-workshop, we decided to skip cloud tools to avoid the risk of sharing sensitive API keys or credentials in a potentially insecure environment. However, if you're diving into the develop branch of the devsecops-toolkit, you'll find a wide array of cloud security tools ready to explore.

Let's talk about some of these tools. CloudSploit is great for continuous monitoring of your cloud infrastructure, helping you spot misconfigurations before they become a problem. Cloudsplaining takes a deep dive into your AWS IAM policies, ensuring your permissions are as tight as they should be. Then there's Prowler, which is like your cloud security Swiss Army knife, offering a wide range of checks for AWS environments.

KICS (Keeping Infrastructure as Code Secure) is perfect for scanning your IaC files to catch security issues early in the development process. ScoutSuite provides a comprehensive security assessment of your cloud environment, supporting multiple cloud providers.

Each tool has its strengths, so it's worth trying them out to see which fits your needs best. Whether you're looking for detailed policy analysis or broad infrastructure checks, there's a tool in the toolkit for you!