TerraformGoat
Cloud testing platform
A multi-cloud deployment tool designed to test and demonstrate the vulnerability of cloud infrastructure configurations
TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool.
541 stars
8 watching
84 forks
Language: HCL
last commit: about 2 years ago
Linked from 1 awesome list
aws-securityazure-securitycloud-securitycloudsecuritygcpgcp-securitykubernetes-securitysecurityterraform
teamssix/awesome-cloud-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
 bridgecrewio/terragoat | A training project that demonstrates how common configuration errors can be introduced into cloud infrastructure to test secure development best practices | 1,159 |
 rhinosecuritylabs/cloudgoat | An AWS deployment tool designed to provide intentionally vulnerable cloud infrastructure for hands-on learning and penetration testing. | 2,991 |
 salesforce/cloud-guardrails | A tool to rapidly apply hundreds of security controls in Azure using Terraform and Azure Policies | 183 |
 tenable/terrascan | Detects security vulnerabilities and compliance issues in infrastructure code before provisioning cloud-native infrastructure. | 4,779 |
 scriptingxss/iotgoat | A deliberately insecure firmware project designed to test common IoT vulnerabilities | 181 |
 harisekhon/terraform | A collection of Terraform templates and tools for automating infrastructure deployment on various cloud platforms | 47 |
 xchapter7x/clarity | A declarative test framework for Terraform that uses Gherkin-inspired feature files and provides built-in steps for testing HCL code. | 140 |
 nozaq/terraform-aws-secure-baseline | An AWS Terraform module to establish a secure baseline configuration based on industry standards | 1,145 |
 aquasecurity/tfsec | A tool for identifying potential misconfigurations in Terraform code during the software development process | 6,734 |
 nufailtd/terraform-budget-gcp | Infrastructure setup for hobbyists on Google Cloud Platform | 46 |
 ine-labs/azuregoat | A vulnerable Azure infrastructure simulator used to demonstrate and practice cloud security vulnerabilities | 801 |
 owasp/iotgoat | A deliberately insecure firmware designed to test common vulnerabilities in IoT devices | 717 |
| ine-labs/gcpgoat | A vulnerable cloud infrastructure demonstrating common web application security risks and misconfigurations | 364 |
 googlecloudplatform/aactl | Utility to import and manage vulnerabilities and attestations from container images into Google Cloud's Artifact Analysis service. | 10 |
| tenable/cnappgoat | A tool for creating and managing vulnerable environments in cloud computing platforms. | 269 |