On this page
Steampipe, an innovative open-source tool, allows DevSecOps teams to query cloud services and resources using SQL. This tool is a game-changer for managing cloud compliance, security, and configuration. It supports numerous cloud providers and services, offering flexibility and depth in assessments.
Begin using Steampipe by writing SQL queries to inspect your cloud resources. For example, to check AWS EC2 instances, you can execute:
This query will list all EC2 instances with their states and types, providing a clear overview of your AWS infrastructure.
Steampipe outputs the results in a clear, tabular format. For example, if you query AWS S3 buckets for public access policies, it will display:
This format makes it easy to identify and address security concerns quickly.
Cloud Compliance Checks
Steampipe excels in compliance checks. With its compliance mod feature, you can assess your cloud infrastructure against various standards like CIS, NIST, or custom benchmarks.
Run compliance checks by executing specific mods:
This command will perform a series of checks against the CIS AWS Foundations Benchmark.
The results will be presented in a comprehensive report, detailing compliance status for each control, including passed, failed, and skipped checks.
With its SQL-powered interface and extensive plugin support, Steampipe is an invaluable tool for DevSecOps teams aiming to enhance their security and compliance posture in the cloud.