Cloud Custodian
Rules engine for public cloud governance: tag enforcement, unused resource cleanup, KMS/SG checks, and compliance filters across AWS/Azure/GCP.
Why it is included
Mature Apache-2.0 policy-as-code alternative to ad-hoc Lambda cron jobs for cloud hygiene.
Best for
FinOps and security teams automating remediation and continuous compliance in cloud estates.
Strengths
- Multi-cloud YAML policies
- Rich resource coverage
- CNCF sandbox lineage
Limitations
- Authoring and testing policies needs cloud IAM expertise
Good alternatives
Steampipe · Prowler · Open Policy Agent
Related tools
Security & Privacy
Steampipe
SQL layer over cloud and SaaS APIs—compose compliance and inventory queries across AWS, Azure, GCP, GitHub, Okta, and hundreds of plugins.
Security & Privacy
Prowler
Open cloud security assessment for AWS, Azure, GCP, and M365: CIS, PCI, HIPAA-style checks and compliance reports.
Security & Privacy
Open Policy Agent (OPA)
General-purpose policy engine with Rego: unify authorization and config decisions across K8s, APIs, Terraform plans, and CI.
Security & Privacy
Wazuh
Open security platform combining SIEM, XDR, file integrity monitoring, and compliance checks across endpoints and cloud.
Security & Privacy
wifite2
Python wrapper automating Aircrack/Reaver/Bully flows for WEP/WPA wireless audits.
Security & Privacy
Lynis
Host-based security auditing for Unix: misconfigurations, packages, SSH, kernel hardening hints.