{"id":28415964,"url":"https://github.com/antgroup/cloudrec","last_synced_at":"2025-08-02T20:34:55.813Z","repository":{"id":294648716,"uuid":"984491888","full_name":"antgroup/CloudRec","owner":"antgroup","description":"CloudRec is an open source multi-cloud security posture management (CSPM) platform designed to help organizations improve the security of their cloud environments.","archived":false,"fork":false,"pushed_at":"2025-07-24T06:38:45.000Z","size":39914,"stargazers_count":155,"open_issues_count":13,"forks_count":14,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-24T10:22:24.271Z","etag":null,"topics":["alibabacloud","aws-security","cloud","cloud-security","cspm","cybersecurity","devsecops","gcp-security","multi-cloud","opa","scans","security"],"latest_commit_sha":null,"homepage":"https://demo.cloudrec.cloud","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/antgroup.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-16T02:52:22.000Z","updated_at":"2025-07-24T06:38:49.000Z","dependencies_parsed_at":"2025-07-24T08:39:27.391Z","dependency_job_id":null,"html_url":"https://github.com/antgroup/CloudRec","commit_stats":null,"previous_names":["antgroup/cloudrec"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/antgroup/CloudRec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antgroup%2FCloudRec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antgroup%2FCloudRec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antgroup%2FCloudRec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antgroup%2FCloudRec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/antgroup","download_url":"https://codeload.github.com/antgroup/CloudRec/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antgroup%2FCloudRec/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268448362,"owners_count":24252019,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-02T02:00:12.353Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alibabacloud","aws-security","cloud","cloud-security","cspm","cybersecurity","devsecops","gcp-security","multi-cloud","opa","scans","security"],"created_at":"2025-06-03T20:07:09.922Z","updated_at":"2025-08-02T20:34:50.795Z","avatar_url":"https://github.com/antgroup.png","language":"Java","readme":"\u003cdiv align=\"center\"\u003e\n  \u003ch1\u003e\u003cimg src=\"doc/images/logo.png\" width=\"20\"\u003e CloudRec\u003c/h1\u003e\n  \u003cp\u003e\n    \u003cimg src=\"https://img.shields.io/badge/License-Apache_2.0-blue?style=flat-square\"\u003e\n    \u003ca href=\"https://docs.cloudrec.cloud\"\u003e\u003cimg src=\"https://img.shields.io/badge/doc-English-blue?style=flat-square\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://cloudrec.yuque.com/org-wiki-cloudrec-iew3sz/hocvhx\"\u003e\u003cimg src=\"https://img.shields.io/badge/文档-简体中文-blue?style=flat-square\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://discord.gg/WpWT9Q8BkD\"\u003e\u003cimg src=\"https://img.shields.io/badge/Disord-Join_CloudRec-brightgreen?logo=discord\u0026style=flat-square\" /\u003e\u003c/a\u003e\n    \u003ca href=\"https://qr.dingtalk.com/action/joingroup?code=v1,k1,rsTf3mOAcQuKrY0//YlclWTUG4zcL9eQGsJIjjDj88A=\u0026_dt_no_comment=1\u0026origin=11\"\u003e\u003cimg src=\"https://img.shields.io/badge/DingTalk-Join_CloudRec-brightgreen?logo=data:image/svg+xml;base64,PHN2ZyB0PSIxNzQ3NzIxMzEzNDg4IiBjbGFzcz0iaWNvbiIgdmlld0JveD0iMCAwIDEwMjQgMTAyNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHAtaWQ9IjcxMzgiIHdpZHRoPSIyMDAiIGhlaWdodD0iMjAwIj48cGF0aCBkPSJNOTA4LjQ3NCAzODEuOTJjLTEuNzY3IDcuNDctNi4xMjggMTguNDE5LTEyLjI0NiAzMS42MjRoMC4xMzJsLTAuNyAxLjIyM2MtMzUuNjk1IDc2LjQ5Mi0xMjguODk0IDIyNi41MTItMTI4Ljg5NCAyMjYuNTEycy0wLjExOS0wLjM1NC0wLjQ4Ni0wLjkzOGwtMjcuMjM1IDQ3LjQ4NWgxMzEuMjU0TDYxOS42MSAxMDIxLjcwNWw1Ni45MDMtMjI3LjEyOUg1NzMuMjM2bDM1Ljg4Ni0xNTAuMTljLTI5LjAzMyA3LjAxMS02My4zNSAxNi42NTQtMTAzLjk5MyAyOS43NCAwIDAtNTQuOTgyIDMyLjI0OS0xNTguMzgyLTYyLjAzNyAwIDAtNjkuNzM2LTYxLjUzMy0yOS4zMDQtNzYuOTA5IDE3LjE5Ni02LjUzOCA4My40OS0xNC44MzIgMTM1LjY0NS0yMS44OTQgNzAuNDg3LTkuNTQzIDExMy44NDgtMTQuNTk2IDExMy44NDgtMTQuNTk2cy0yMTcuMzE2IDMuMjU1LTI2OC44Ny00Ljg2NmMtNTEuNTU3LTguMTItMTE2Ljk1OS05NC4yNzUtMTMwLjg5LTE3MC4wMTkgMCAwLTIxLjU0Ny00MS41OCA0Ni4zMzQtMjEuODk0czM0OC44NTUgNzYuNjMyIDM0OC44NTUgNzYuNjMyLTM2NS40MjMtMTEyLjIwNC0zODkuNzQtMTM5LjU3OGMtMjQuMzEyLTI3LjM3NC03MS41NTctMTQ5LjQyMy02NS40MS0yMjQuNDIgMCAwIDIuNjY1LTE4LjY5OCAyMS44MDQtMTMuNjg3IDAgMCAyNzAuMTQ5IDEyMy42NCA0NTQuODc1IDE5MS4zMjMgMTg0LjcyNCA2Ny42ODMgMzQ1LjMzIDEwMi4xMDggMzI0LjU4IDE4OS43Mzl6IiBmaWxsPSIjMzI5NkZBIiBwLWlkPSI3MTM5Ij48L3BhdGg+PC9zdmc+Cg==\u0026style=flat-square\" /\u003e\u003c/a\u003e\n    \u003ca href=\"https://demo.cloudrec.cloud\"\u003e\u003cimg src=\"https://img.shields.io/badge/Demo-Try_CloudRec-orange?style=flat-square\u0026logo=data:image/svg+xml;base64,PHN2ZyB0PSIxNzQ3NzIxNjg1MDQxIiBjbGFzcz0iaWNvbiIgdmlld0JveD0iMCAwIDEwMjQgMTAyNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHAtaWQ9IjkxMzAiIHdpZHRoPSIyMDAiIGhlaWdodD0iMjAwIj48cGF0aCBkPSJNMjkwLjA5OTIgNDA5LjZIMTU1LjEzNmEzNzEuNDA0OCAzNzEuNDA0OCAwIDAgMC0xNC4yODQ4IDEwMi40YzAgMzUuNTMyOCA0Ljk2NjQgNjkuODg4IDE0LjMzNiAxMDIuNGgxMzQuOTYzMmMtNS42MzItMzIuNzY4LTguNDk5Mi02Ni45MTg0LTguNDk5Mi0xMDIuNCAwLTM1LjQ4MTYgMi44NjcyLTY5LjYzMiA4LjQ5OTItMTAyLjR6IG01Mi4wNzA0IDBhNTQyLjEwNTYgNTQyLjEwNTYgMCAwIDAtOS4zNjk2IDEwMi40YzAgMzUuNzM3NiAzLjA3MiA2OS44ODggOS4zNjk2IDEwMi40SDQ4Ni40VjQwOS42SDM0Mi4xNjk2eiBtNzUuMDA4IDQ2MS4zNjMyQTQ5MS44Nzg0IDQ5MS44Nzg0IDAgMCAxIDMwMS41NjggNjY1LjZIMTczLjk3NzZhMzcyLjA3MDQgMzcyLjA3MDQgMCAwIDAgMjQzLjIgMjA1LjM2MzJ6IG02OS4yMjI0LTMuNTg0VjY2NS42SDM1NC45Njk2YzI0LjA2NCA3Ny4xMDcyIDY3Ljg0IDE0NC4yMzA0IDEzMS40MzA0IDIwMS44MzA0ek00MTcuMTc3NiAxNTMuMDg4QTM3Mi4wNzA0IDM3Mi4wNzA0IDAgMCAwIDE3My45Nzc2IDM1OC40SDMwMS41NjhhNDkxLjg3ODQgNDkxLjg3ODQgMCAwIDEgMTE1LjU1ODQtMjA1LjM2MzJ6IG02OS4yMjI0IDMuNTg0QzQyMi44MDk2IDIxNC4xMTg0IDM3OS4wODQ4IDI4MS4yNDE2IDM1NC45Njk2IDM1OC40SDQ4Ni40VjE1Ni41Njk2ek03MzMuOTAwOCA0MDkuNmM1LjYzMiAzMi43NjggOC40OTkyIDY2LjkxODQgOC40OTkyIDEwMi40IDAgMzUuNDgxNi0yLjg2NzIgNjkuNjMyLTguNDk5MiAxMDIuNGgxMzUuMDE0NGM5LjMxODQtMzIuNTEyIDE0LjI4NDgtNjYuODY3MiAxNC4yODQ4LTEwMi40cy00Ljk2NjQtNjkuODg4LTE0LjMzNi0xMDIuNGgtMTM0Ljk2MzJ6IG0tNTIuMDcwNCAwSDUzNy42djIwNC44aDE0NC4yMzA0YzYuMjQ2NC0zMi41MTIgOS4zNjk2LTY2LjY2MjQgOS4zNjk2LTEwMi40cy0zLjA3Mi02OS44ODgtOS4zNjk2LTEwMi40eiBtLTc1LjAwOCA0NjEuMzYzMkEzNzIuMDcwNCAzNzIuMDcwNCAwIDAgMCA4NTAuMDIyNCA2NjUuNkg3MjIuNDMyYTQ5MS44Nzg0IDQ5MS44Nzg0IDAgMCAxLTExNS41NTg0IDIwNS4zNjMyeiBtLTY5LjIyMjQtMy41ODRjNjMuNTkwNC01Ny41NDg4IDEwNy4zMTUyLTEyNC42NzIgMTMxLjQzMDQtMjAxLjc3OTJINTM3LjZ2MjAxLjgzMDR6TTYwNi44MjI0IDE1My4wODhBNDkxLjg3ODQgNDkxLjg3ODQgMCAwIDEgNzIyLjQzMiAzNTguNGgxMjcuNjQxNmEzNzIuMDcwNCAzNzIuMDcwNCAwIDAgMC0yNDMuMi0yMDUuMzYzMnogbS02OS4yMjI0IDMuNTg0VjM1OC40aDEzMS40MzA0Yy0yNC4wNjQtNzcuMTA3Mi02Ny44NC0xNDQuMjMwNC0xMzEuNDMwNC0yMDEuODMwNHpNNTEyIDk0Ny4yYTQzNS4yIDQzNS4yIDAgMSAxIDAtODcwLjQgNDM1LjIgNDM1LjIgMCAwIDEgMCA4NzAuNHoiIGZpbGw9IiM1MmE4ZjkiIHAtaWQ9IjkxMzEiPjwvcGF0aD48L3N2Zz4K\" /\u003e\u003c/a\u003e\n    \u003c/a\u003e\n  \u003c/p\u003e\n\u003c/div\u003e\n\nCloudRec is an open source multi-cloud security posture management (CSPM) platform designed to help organizations improve the security of their cloud environments. CloudRec provides an open and scalable cloud assets collection framework and an OPA-based rule management engine. Based on CloudRec, you can easily implement comprehensive asset collection, real-time security inspection, and risk event operation in an enterprise cloud environment.\n\n---\n\n# Features\n\n+ [🔗Rich inspection rules ](https://docs.cloudrec.cloud/Introductions/Detectionrules/)in addition to the built-in high-risk rules, it provides a flexible rule configuration engine based on OPA and supports multiple asset association analysis.\n+ [🔗Multi-Cloud support ](https://docs.cloudrec.cloud/Introductions/Multi-Cloudsupport/): Built-in support for Alibaba Cloud, AWS, GCP and other cloud service providers, and can expand proprietary cloud on demand; It also provides Collector collection framework, which can be expanded and support other cloud vendors on demand.\n+ User-friendly page: intuitive UI interface, convenient for users to carry out asset management, rule editing, risk operation, support multi-tenant\n\n## 🌟 Modules\n\n| Function Modules        | Description                                                  |\n| ----------------------- | ------------------------------------------------------------ |\n| **Resource Discovery** | Covers mainstream public cloud platforms, automatically discovers 30+ cloud services and 200+ resource types, provides framework-level supports, and can be easily expanded on demand. |\n| **Risk Detection**     | Based on enterprise-level real-world rules, covering multiple scenarios such as network protection, identity security, security protection, data protection, and log auditing. |\n| **Policy Engine**      | Declarative policy management based on OPA, which can be dynamically adjust without hard coding, and no need to re-deploy |\n| **Repair Closed Loop** | Integrated enterprise WeChat/DingTalk, alarm policy can be flexibly configured |\n\n\n---\n\n# 🚀 Quick Start\n### Deploy Server\n```\ngit clone https://github.com/antgroup/CloudRec.git\n\ncd CloudRec\n\nMYSQL_ROOT_PASSWORD=$(openssl rand -base64 16) docker-compose up -d\n```\nAccess http://localhost:8080 after deployment.\n### Deploy Collector\nLogin and get AccessToken for authentication of collector.\n![accesstoken](doc/images/accesstoken.jpg)\n```\ndocker exec -it cloudrec-cloud-rec-1 bash\n\nnohup ./collectors --accessToken \"${AccessToken}\" \u003e logs/task.log 2\u003e\u00261 \u003c /dev/null \u0026\n```\n\n# 🏗 Architecture\n\n![arch](doc/images/arch.jpg)\n\n# 📚 Key Concepts\n\n## 📡 Collector\n\n```yaml\n# Collector name, if not configured, hostname will be used\nAgentName: \"Alibaba CloudHuawei Cloud, AWS,Tencent Cloud,GCP,Baidu Cloud Collector\"\n# The server URL, http://localhost:8080 is used by default, and can be adjusted according to actual conditions\nServerUrl: \"http://localhost:8080\"\n\n# eg：@every 30s、@every 5m、@every 1h\n# @every 5m means obtaining an account every five minutes. If the current task is finished, skip this task.\nCron: \"@every 5m\"\n\n# If RunOnlyOnce is set to false, the program will be executed once immediately, but the program will not exit. It will be run regularly according to the Cron cycle.\n# If RunOnlyOnce is set to true, the program will be executed once immediately and then exit.\nRunOnlyOnce: false\n\n# Access token, which is used to authenticate the request. You can get it from the server\nAccessToken: \"change your access token\"\n\n#  Deployment site. If the deployment site is configured as 'S1', only cloudAccount of this site can be obtained. If the deployment site is not configured, all cloudAccount can be obtained.\n#  eg:[\"S1\"]\n#  eg:[\"S1\",\"I2\",\"TE\"]\nSites: [  ]\n\n# Pay attention to the risk error information. If the error message contains text, the risk will be submitted to the server\nAttentionErrorTexts: [ \"NoPermission\", \"NotAuthorized\", \"NotApplicable\",\n                       \"Forbidden.RAM\", \"Forbidden\", \"Throttling.User\", \"Throttling\", \"InvalidAccessKeyId.NotFound\", \"ServiceUnavailable\", \"Forbidden\" ]\n```\n\n\n\n## 📜 Rego Policy Sample\n\n```javascript\npackage ecs_security_groups_misconfig\nimport rego.v1\n\ndefault risk := false\nrisk if {\n  has_public_address\n  count(security_groups_misconfig) != 0\n}\n\npublic_ip_address := input.Instance.PublicIpAddress.IpAddress\nhas_public_address if {\n  count(public_ip_address) \u003e 0\n}\n\nsecurity_groups_misconfig contains sg_rule if {\n  sg_rule := input.SecurityGroups[_].Permissions[_]\n  parts := split(sg_rule.SourceCidrIp, \"/\")\n  size := to_number(parts[1])\n  size \u003c= 8\n  sg_rule.Direction == \"ingress\"\n  sg_rule.Policy == \"Accept\"\n}\n```\n\n# 🤝 How to contribute\n\nTo check detailed guidelines for new contributions, please refer (https://docs.cloudrec.cloud/ContributionGuide/ContributionStep.html)\n\n## Contributors Wall\n\u003ca href=\"https://github.com/antgroup/CloudRec/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=antgroup/CloudRec\u0026max=200\" /\u003e\n\u003c/a\u003e\n\n# **\u003cfont style=\"color:rgb(38, 38, 38);\"\u003e📬\u003c/font\u003e** Community\n\n[https://discord.gg/WpWT9Q8BkD](https://discord.gg/WpWT9Q8BkD)\n\n# 📜 LICENSE\n\nThis project uses the Apache-2.0 LICENSE, the full text of which is available in the LICENSE document. Commercial use is subject to supplementary terms.\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fantgroup%2Fcloudrec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fantgroup%2Fcloudrec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fantgroup%2Fcloudrec/lists"}