issues
search
iacsecurity
/
tool-compare
MIT License
276
stars
59
forks
source link
Add comparison of tools capabilities independently of test cases
#43
Closed
christophetd
closed
1 year ago
christophetd
commented
3 years ago
Usage example:
$ python capabilities/main.py
Current output:
Overview
License
Maintainer
Website
Requires registration?
Regula
OSS (Apache-2.0)
Fugue
regula.dev
No
Cloudrail
Freemium
Indeni
www.indeni.com/cloudrail
Yes
Checkov
OSS (Apache-2.0)
Bridgecrew
checkov.io
No
IaC language support
Terraform HCL
Terraform plan
CloudFormation
Pulumi
Regula
:white_check_mark:
:white_check_mark:
:white_check_mark:
:x:
Cloudrail
:x:
:white_check_mark:
:white_check_mark:
:x:
Checkov
:white_check_mark:
:white_check_mark:
:white_check_mark:
:x:
Cloud provider support
AWS
Azure
GCP
Regula
:white_check_mark:
:white_check_mark:
:white_check_mark:
Cloudrail
:white_check_mark:
:x:
:x:
Checkov
:white_check_mark:
:white_check_mark:
:white_check_mark:
Custom rules
Language
Multi-resource correlation
Correlation with runtime resources
Out-of-the-box support for unit tests
Regula
rego
:white_check_mark:
:x:
:white_check_mark:
Cloudrail
N/A (unsupported)
:x:
:x:
:x:
Checkov
python or YAML
:white_check_mark:
:x:
:x:
Scan output
Supported output formats
Shows offending file names
Shows offending line numbers
Regula
json, junit, tap, human-readable
:x:
:white_check_mark:
Cloudrail
junit-xml, gitlab-sast, sarif, human-readable
:x:
:x:
Checkov
todo
:white_check_mark:
:white_check_mark:
Usage example:
Current output:
Overview
IaC language support
Cloud provider support
Custom rules
Scan output