Cloud security toolkits listed
A curated list of ten GitHub repos for cloud security (including ScoutSuite, Prowler and Checkov) was shared as essential hands‑on resources for cloud auditors and controls teams. (x.com). Free AWS‑focused labs and security workshops plus Azure Sentinel RBAC and connector offboarding guides were also circulated for practical skill building and operational team controls. (x.com)(x.com).
Cloud security teams spent this week swapping a practical starter kit: open-source audit repos, free labs, and Microsoft Sentinel admin guides. (x.com) The GitHub list highlighted tools that do different jobs in the same workflow. ScoutSuite collects cloud configuration data and produces an offline report of exposed risk areas, Prowler runs security and compliance checks across Amazon Web Services, Microsoft Azure and Google Cloud, and Checkov scans infrastructure-as-code files, container images and packages before systems go live. (github.com 1) (github.com 2) (github.com 3) Another repo in the same orbit, Cloudsplaining, focuses on Amazon Web Services identity and access management policies. It flags permissions that violate least-privilege rules and generates a risk-prioritized report for reviewers. (github.com) (cloudsplaining.readthedocs.io) These tools address a basic cloud problem: most security failures start with settings, permissions or templates, not broken hardware. Infrastructure-as-code scanners catch bad rules in files before deployment, while posture-audit tools inspect live accounts after deployment. (github.com 1) (github.com 2) (github.com 3) The training links circulating alongside the repo list point to the same skills gap. The Awesome Cloud Security Labs project catalogs free cloud-native labs, including capture-the-flag exercises, guided vulnerability labs and self-hosted workshops, while Amazon Web Services maintains a public workshop catalog with a dedicated security category. (github.com) (awsworkshop.io) (catalog.workshops.aws) Microsoft’s contribution was more operational than educational. Its current documentation says Microsoft Sentinel permissions rely on Azure role-based access control and Microsoft Entra ID role-based access control, and its offboarding guides warn that removing Sentinel from a workspace can delete connector configurations while some Log Analytics costs can remain. (learn.microsoft.com 1) (learn.microsoft.com 2) (learn.microsoft.com 3) That guidance lands as Microsoft moves Sentinel users toward the unified Defender portal. A Microsoft Tech Community post said the Sentinel experience in the Azure portal is scheduled to retire on July 1, 2026, which makes role design and connector cleanup immediate tasks for security operations teams. (techcommunity.microsoft.com) The open-source projects are also active enough to be used, not just bookmarked. ScoutSuite’s latest GitHub release is version 5.14.0 from May 10, 2024, and Prowler’s Python package shows version 5.22.0 released on March 24, 2026. (github.com) (pypi.org) Taken together, the shared links amount to a working cloud-security curriculum: scan the code, audit the account, test the permissions, then train the team that has to run it. (github.com) (github.com) (github.com) (github.com)
