Riskscanner of multi Cloud Security compliance scanning platform

brief introduction

RiskScanner It is an open source multi Cloud Security compliance scanning platform , be based on Cloud Custodian and Nuclei engine , To realize public access to the mainstream ( private ) There are security compliance scanning and vulnerability scanning of cloud resources .

RiskScanner follow GPL v2 Open source licenses , Use SpringBoot/Vue Development , Beautiful interface 、 Good user experience .RiskScanner The supported public clouds include Alibaba cloud 、 Tencent cloud 、 Hua Wei Yun 、Amazon Web Services、Microsoft Azure、Google Cloud, Supported private clouds include OpenStack、VMware vSphere.

function

• Equal insurance 2.0 preview ： In line with the warranty 2.0 standard , Coverage security audit 、 Access control 、 Invasion prevention 、 Network architecture and management center ;
• CIS Compliance check ： accord with CIS standard , Check and real-time monitor whether the resources on the cloud comply with CIS requirement ;
• Vulnerability scanning ： Based on vulnerability rule base , Detect the security vulnerability of designated network devices and application services by scanning and other means ;
• Best practice advice ： Establish compliance control baseline , Provide best practice advice to enterprise users , Continuously improve the compliance level ;

Installation and deployment

$ curl -sSL https://github.com/riskscanner/riskscanner/releases/latest/download/quick_start.sh | sh

Installation details

1.  Check the profile profile location : /opt/riskscanner/config/opt/riskscanner/config/config.txt  [ √ ] complete 2.  Backup profile is backing up  /opt/riskscanner/config/backup/config.txt.2022-06-09_11-04-35 complete >>>  Installation configuration  Docker1.  install  Docker Start the download  Docker  Program  ... Start the download  Docker Compose  Program  ... complete 2.  To configure  Docker If you need  Docker  Storage directory ,  By default, the directory will be used  /var/lib/docker? (y/n)  ( The default is  n):  complete 3.  start-up  DockerCreated symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /etc/systemd/system/docker.service. complete >>>  Installation configuration  RiskScanner1.  Whether a custom persistent store is required to configure a persistent directory ,  By default, the directory will be used  /opt/riskscanner? (y/n)  ( The default is  n):  complete 2.  To configure  MySQL Whether to use external  MySQL? (y/n)  ( The default is  n):  complete 3.  Configure whether the external port needs to be configured  RiskScanner  External access port ? (y/n)  ( The default is  n):  complete >>>  The installation is complete 1.  You can use the following command to start ,  And then visit cd /opt/riskscanner-installer-v1.6.1./rsctl.sh start2.  Other administrative commands ./rsctl.sh stop./rsctl.sh restart./rsctl.sh backup./rsctl.sh upgrade More and some commands ,  You can  ./rsctl.sh --help  To get to know 3. Web  visit http://172.16.16.30:80 The default user : admin   Default password : riskscanner4.  More information on our official website : https://www.riskscanner.io/ Our documents : https://docs.riskscanner.io/

Test use

Add a cloud account

Start scanning

View scan structure

Scan results

Reference link

• https://github.com/riskscanner/riskscanner
• https://docs.riskscanner.io/