Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

Latest commit

 

History

History
executable file
·
75 lines (49 loc) · 5.38 KB

README_EN.md

File metadata and controls

executable file
·
75 lines (49 loc) · 5.38 KB

RiskScanner

Open source multi-cloud security compliance scanning platform [Chinese Version]

A License: GPL v2


RiskScanner is an open source multi-cloud security compliance scanning platform, Based on Cloud Custodian、Prowler and Nuclei engines, it realizes security compliance scanning and vulnerability scanning of mainstream public (private) cloud resources.

Functional advantage

  • Hierarchical protection 2.0 pre-inspection: Comply with Hierarchical Protection 2.0 specifications, covering various inspections such as security audit, access control, intrusion prevention, network architecture and management center.
  • CIS compliance inspection: In compliance with CIS specifications, check and real-time monitor whether resources on the cloud meet CIS requirements.
  • Vulnerability scan: Based on the vulnerability rule library, the security vulnerabilities of designated network equipment and application services are detected through scanning and other means.
  • Best practice recommendations: Develop a compliance control baseline, provide best practice recommendations for enterprise-level users, and continue to improve the level of compliance.

RiskScanner follows the GPL v2 open source agreement and uses SpringBoot/Vue for development. The interface is beautiful and the user experience is good. The supported public clouds include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Microsoft Azure, Google Cloud, and the supported private clouds include OpenStack, VMware vSphere, etc, and supports vulnerability scanning.

Technical advantages

  • Simple and flexible rules: scanning rules adopt simple YAML format, which is easy to understand and allows users to customize rules.
  • Support multiple public (private) clouds: Supported public clouds include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Microsoft Azure, Google Cloud, and supported private clouds include OpenStack, VMware vSphere, etc.
  • Support multiple resource types: Supported resource types include cloud servers, cloud disks, cloud databases, load balancing, object storage, private networks, security groups, etc.
  • Rich and comprehensive vulnerability rule library: Covers OWASP TOP 10 Web vulnerabilities, such as: SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), weak passwords, etc.

Functional architecture

UI interface display

UI interface display

Quick start

Quick installation in just two steps:

  1. Prepare a 64-bit Linux host with more than 4 G of RAM.
  2. As the root user, execute the following commands to install RiskScanner with one click.
curl -sSL https://github.com/riskscanner/riskscanner/releases/latest/download/quick_start.sh | sh

Help document and demo video

Help document

Demo video

WeChat group

Technology stack

License & Copyright

Copyright (c) 2014-2021 FIT2CLOUD, All rights reserved.

Licensed under The GNU General Public License version 2 (GPLv2) (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

https://www.gnu.org/licenses/gpl-2.0.html

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.