Skip to content

Visibility & Enforcement

Visibility

Tool Description
GCP Resource Manager Hierarchically manage resources by project, folder, and organization
cartography
starbase
  • Starbase collects assets and relationships from services and systems including cloud infrastructure, SaaS applications, security controls, and more into an intuitive graph view backed by a Neo4j database
  • You can also refer to the companion blog post

Enforcement

Tool Description
Cloud Custodian
  • Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
  • Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management
Cloudkeeper Standalone CLI tool that periodically collects a list of resources in cloud accounts (AWS, GCP, Azure), provides metrics about them, and can clean them up
ForsetiSecurity Rule-based policies to systematically monitor GCP resources
project_lockdown Collection of automated remediation Cloud Functions that react to high risk events in real time