Steampipe, an innovative open-source tool, allows DevSecOps teams to query cloud services and resources using SQL. This tool is a game-changer for managing cloud compliance, security, and configuration. It supports numerous cloud providers and services, offering flexibility and depth in assessments.


To get started with Steampipe, you can refer to their installation documentation. Once installed, you can set up various plugins to connect with different cloud providers and services.


Begin using Steampipe by writing SQL queries to inspect your cloud resources. For example, to check AWS EC2 instances, you can execute:


This query will list all EC2 instances with their states and types, providing a clear overview of your AWS infrastructure.


Steampipe outputs the results in a clear, tabular format. For example, if you query AWS S3 buckets for public access policies, it will display:

 Bucket Name | Publicly Accessible | Policy Status
 mybucket1   | true                | [JSON Policy]
 mybucket2   | false               | [JSON Policy]

This format makes it easy to identify and address security concerns quickly.

Cloud Compliance Checks

Steampipe excels in compliance checks. With its compliance mod feature, you can assess your cloud infrastructure against various standards like CIS, NIST, or custom benchmarks.


Run compliance checks by executing specific mods:

steampipe check aws_compliance.benchmark.cis_v1_2_0

This command will perform a series of checks against the CIS AWS Foundations Benchmark.


The results will be presented in a comprehensive report, detailing compliance status for each control, including passed, failed, and skipped checks.

Control ID   | Description                   | Status
 aws_cis_1_1 | Ensure MFA is enabled for ... | Passed
 aws_cis_1_2 | Ensure CloudTrail is enabled  | Failed

With its SQL-powered interface and extensive plugin support, Steampipe is an invaluable tool for DevSecOps teams aiming to enhance their security and compliance posture in the cloud.