In a nutshell, this custom application is built to help automate cloud security audit with scale.
Build in Ruby on Rails 5.2, the project aims to fast-prototype and integration development. The project depends on open source projects Prowler, ScoutSuite, and others as below, in order to work properly:
- Ruby on Rails 5.x - A web-application framework that includes everything.
- Devise - Rails authentication and user session management solution.
- Twitter Bootstrap - A great UI boilerplate for modern web apps.
- jQuery - Great JavaScript library for JavaScript integration.
- CodeMirror - CodeMirror is a versatile text editor implemented in JavaScript.
- jstree - jsTree is a JavaScript based tree UI implementation.
- sqlite3 - SQLite is a small and fast SQL database engine.
The fastest way to get it up and running is via docker as below. Alternatively, you can also deploy the code into a virtual machine; setup the runtime environment; then run the application from there.
The project is built with Docker support. If you have docker engine ready, you can have the app build and run in no time. Once you have clone the project, just run it:
$ git clone https://github.com/yangsec888/cloud-auditor.git
$ cd cloud-auditor
$ docker-compose upIn your browser address bar, change it to 'http://localhost/' it should be up and running.
You can also deploy the application into a Linux distribution such as Ubuntu 18.04 natively, but following the deployment guide.
TBD
- Expand audit coverage to other cloud such as Microsoft Azure
- Write specific feature enhancements
- Write defensible code :)
- Write (integration, deployment) tests
- Enhance performance (squeeze the next bit out of cpu / network IO )
- Fix bugs!