ZeusCloud is an open source cloud security platform.
Discover, prioritize, and remediate your risks in the cloud.
- Build an asset inventory of your AWS accounts.
- Discover attack paths based on public exposure, IAM, vulnerabilities, and more.
- Prioritize findings with graphical context.
- Remediate findings with step by step instructions.
- Customize security and compliance controls to fit your needs.
- Meet compliance standards PCI DSS, CIS, SOC 2, and more!
- Clone repo:
git clone --recurse-submodules [email protected]:Zeus-Labs/ZeusCloud.git
cd ZeusCloud && make quick-deploy
- Visit http://localhost:80
Check out our Get Started guide for more details.
A cloud-hosted version is available on special request – email [email protected] to get access!
Play around with our sandbox environment to see how ZeusCloud identifies, prioritizes, and remediates risks in the cloud!
- Discover Attack Paths – Discover toxic risk combinations an attacker can use to penetrate your environment.
- Graphical Context – Understand context behind security findings with graphical visualizations.
- Access Explorer – Visualize who has access to what with an IAM visualization engine.
- Identify Misconfigurations – Discover the highest risk-of-exploit misconfigurations in your environments.
- Configurability – Configure which security rules are active, which alerts should be muted, and more.
- Security as Code – Modify rules or write your own with our extensible security as code approach.
- Remediation – Follow step by step guides to remediate security findings.
- Compliance – Ensure your cloud posture is compliant with PCI DSS, CIS benchmarks and more!
Cloud usage continues to grow. Companies are shifting more of their workloads from on-prem to the cloud and both adding and expanding new and existing workloads in the cloud. Cloud providers keep increasing their offerings and their complexity. Companies are having trouble keeping track of their security risks as their cloud environment scales and grows more complex. Several high profile attacks have occurred in recent times. Capital One had an S3 bucket breached, Amazon had an unprotected Prime Video server breached, Microsoft had an Azure DevOps server breached, Puma was the victim of ransomware, etc.
We had to take action.
- We noticed traditional cloud security tools are opaque, confusing, time consuming to set up, and expensive as you scale your cloud environment
- Cybersecurity vendors don’t provide much actionable information to security, engineering, and devops teams by inundating them with non-contextual alerts
- ZeusCloud is easy to set up, transparent, and configurable, so you can prioritize the most important risks
- Best of all, you can use ZeusCloud for free!
- Integrations with vulnerability scanners
- Integrations with secret scanners
- Shift-left: Remediate risks earlier in the SDLC with context from your deployments
- Support for Azure and GCP environments
We love contributions of all sizes. What would be most helpful first:
- Please give us feedback in our Slack.
- Open a PR (see our instructions below on developing ZeusCloud locally)
- Submit a feature request or bug report through Github Issues.
Run containers in development mode:
cd frontend && yarn && cd -
docker-compose down && docker-compose -f docker-compose.dev.yaml --env-file .env.dev up --build
Reset neo4j and/or postgres data with the following:
rm -rf .compose/neo4j
rm -rf .compose/postgres
To develop on frontend, make the the code changes and save.
To develop on backend, run
docker-compose -f docker-compose.dev.yaml --env-file .env.dev up --no-deps --build backend
To access the UI, go to: http://localhost:80.
Open-source vs. cloud-hosted
This repo is freely available under the Apache 2.0 license.
We’re working on a cloud-hosted solution which handles deployment and infra management. Contact us at [email protected] for more information!
Special thanks to the amazing Cartography project, which ZeusCloud uses for its asset inventory. Credit to PostHog and Airbyte for inspiration around public-facing materials – like this README!