Hey folks - sharing something we're in the early innings of developing. Hoping to get some feedback from the community!

ZeusCloud is an open-source cloud security platform that thinks like an attacker! We’re hoping to give teams the one stop shop for their core preventative cloud security needs (cloud misconfigurations, identity, workload vulnerability scanning, etc.).

ZeusCloud works by:

- Identifying risks across your cloud environments (e.g. misconfigurations, identity weakness, vulnerabilities, etc.)

- Prioritizing those risks based on toxic risk combinations an attacker may exploit.

- Remediating by giving step by step instructions on how to fix the risk findings.

- Monitoring compliance - track your PCI DSS, SOC 2, GDPR, CIS goals.

We know there are many cloud security tools out there, but in our experience they are limited in scope (focused on just misconfiguration or identity or vulnerability), provide limited context about risks, or are hard to access.

The project is still early, so we’d love your feedback! So far, we’ve added misconfiguration checks and common identity-based attack paths for AWS. Up next on our roadmap are network/access graph visualizations, vulnerability scanning, and secret scanning!

Check out our GitHub (Licensed Apache 2.0):

Play around with our Sandbox environment:

Get Started (free/self-hosted):

Happy to answer any questions and would love any constructive feedback!

Cloud security is going to be one of the largest frontiers in cybersecurity for years to come. Excited to see more open source security solutions!
Pretty cool, would I use this in relation or in conjunction with SecurityHub?
How much functionality does it have compared to Orca?
Is this like an open-source Wiz?