Skip to content
The Clouditor is a tool to support continuous cloud assurance. Developed by Fraunhofer AISEC.
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci Aggregating jacoco report at root project Jun 14, 2019
.github/ISSUE_TEMPLATE Update issue templates May 28, 2019
clouditor-engine-aws Added tests for CloudAccount classes Jun 14, 2019
clouditor-engine-azure Added tests for CloudAccount classes Jun 14, 2019
clouditor-engine-core Fixed #42 Jun 19, 2019
clouditor-engine Removed unncessary apt installs from engine May 27, 2019
clouditor-ui Back to old style buttons for now Jun 24, 2019
gradle/wrapper Implementing multi-user management (#39) Jun 12, 2019
images Added new screenshots May 31, 2019
style Initial commit for Open Source version of Community Edition May 27, 2019
.dockerignore Initial commit for Open Source version of Community Edition May 27, 2019
.gitignore Initial commit for Open Source version of Community Edition May 27, 2019
Dockerfile CircleCI Integration (#3) May 27, 2019
LICENSE.md Initial commit for Open Source version of Community Edition May 27, 2019
README.md Added docker pulls badge Jun 19, 2019
build.gradle Aggregating jacoco report at root project Jun 14, 2019
gradlew Initial commit for Open Source version of Community Edition May 27, 2019
gradlew.bat Initial commit for Open Source version of Community Edition May 27, 2019
settings.gradle Trying to enable SonarQube May 27, 2019
suppression.xml Updated jackson and guava May 27, 2019
version.txt Initial commit for Open Source version of Community Edition May 27, 2019

README.md

clouditor

Clouditor Community Edition

CircleCI Quality Gate Status Docker Pulls Coverage Bugs Vulnerabilities

Introduction

Clouditor is a tool which supports continuous cloud assurance. Its main goal is to continuously evaluate if a cloud-based application (built using, e.g., Amazon Web Services (AWS) or Microsoft Azure) is configured in a secure way and thus complies with security requirements defined by, e.g., Cloud Computing Compliance Controls Catalogue (C5) issued by the German Office for Information Security (BSI) or the Cloud Control Matrix (CCM) published by the Cloud Security Alliance (CSA).

Features

Clouditor currently supports over 60 checks for Amazon Web Services (AWS), Microsoft Azure and OpenStack. Results of these checks are evaluated against security requirements of the BSI C5 and CSA CCM.

Key features are:

  • automated compliance rules for AWS and MS Azure
  • granular report of detected non-compliant configurations
  • quick and adaptive integration with existing service through automated service discovery
  • descriptive development of custom rules using Cloud Compliance Language (CCL) to support individual evaluation scenarios
  • integration of custom security requirements and mapping to rules

Usage

To run the Clouditor in a demo-like mode, with no persisted database:

docker run -p 9999:9999 clouditor/clouditor

To enable auto-discovery for AWS or Azure credentials stored in your home folder, you can use:

docker run -v $HOME/.aws:/root/.aws -v $HOME/.azure:/root/.azure -p 9999:9999 clouditor/clouditor

Then open a web browser at http://localhost:9999. Login with user clouditor and the default password clouditor.

Screenshots

Configuring an account

Account configuration

Discovering resources of cloud-based application

Discovery view

Overview of rule-based assessment

Rule assessment

View details of failed rules

Rule assessment

Load and map compliance requirements

Compliance overview

Development

Code Style

We use Google Java Style as a formatting. Please install the appropriate plugin for your IDE.

Git Hooks

You can use the hook in style/pre-commit to check for formatting errors:

cp style/pre-commit .git/hooks

Build (gradle)

To build the Clouditor, you can use the following gradle commands:

./gradlew clean build

Build (Docker)

To build all necessary docker images, run the following command:

./gradlew docker
You can’t perform that action at this time.