{"id":21482496,"url":"https://github.com/jonhadfield/ape","last_synced_at":"2025-07-15T13:32:47.836Z","repository":{"id":57601332,"uuid":"100024997","full_name":"jonhadfield/ape","owner":"jonhadfield","description":"AWS account scanner","archived":false,"fork":false,"pushed_at":"2023-07-04T21:19:38.000Z","size":17787,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-10-03T00:18:00.244Z","etag":null,"topics":["aws","golang","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jonhadfield.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-08-11T11:29:31.000Z","updated_at":"2023-01-22T20:32:02.000Z","dependencies_parsed_at":"2024-06-20T11:57:04.205Z","dependency_job_id":"3a7448dc-2683-49ad-a007-83b4b6a7cd57","html_url":"https://github.com/jonhadfield/ape","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonhadfield%2Fape","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonhadfield%2Fape/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonhadfield%2Fape/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonhadfield%2Fape/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jonhadfield","download_url":"https://codeload.github.com/jonhadfield/ape/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226044892,"owners_count":17564915,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","golang","security"],"created_at":"2024-11-23T12:33:56.532Z","updated_at":"2024-11-23T12:33:57.231Z","avatar_url":"https://github.com/jonhadfield.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# ape: AWS account scanner\n[![CircleCI](https://circleci.com/gh/jonhadfield/ape/tree/master.svg?style=shield\u0026circle-token=16e5cf0096cd4f6c7894e10f25b51e07746fa0b7)](https://circleci.com/gh/jonhadfield/ape/tree/master) [![Go Report Card](https://goreportcard.com/badge/github.com/jonhadfield/ape)](https://goreportcard.com/report/github.com/jonhadfield/ape)\n\n- [about](#about)\n- [quickstart](#quickstart)\n- [concept](#concept)\n\n## about\n\nape is a tool for scanning AWS accounts to discover issues such as security vulnerabilities.\nIt's fast, and it's written in Go, so there are no dependencies to install.\n\n## compatibility\n\nOnly tested on Linux and MacOS.\n\n## quickstart\n\n### docker\nThe following will run the [AWS CIS Foundations](https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf) preset against a single account.  \n\n```bash\n$ docker run --rm -t quay.io/jonhadfield/ape \\\n             --run-preset=cis-foundations \\\n             --access-key-id=ACCESS-KEY-ID \\\n             --secret-access-key=SECRET-ACCESS-KEY   \n```\nReplace 'ACCESS-KEY-ID' and 'SECRET-ACCESS-KEY' with your credentials.\nTo create a user with the minimum permissions required to run this preset, see [here](https://github.com/jonhadfield/ape/blob/master/docs/cis-foundations-policy.md). \n\n### install and run\n\nDownload the latest release here: https://github.com/jonhadfield/ape/releases and install:\n\n``\n$ install \u003cape binary\u003e /usr/local/bin/ape\n``\n\nTo run the built-in [AWS CIS Foundations](https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf) preset, [set your AWS credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) and then run:\n\n``\n$ ape --run-preset=cis-foundations\n``\n\n## concept\n\n### the basics\n\nape runs **playbook** files containing a list of tasks called **plays**. Each **play** defines one or more **policies** to run, and it's the policies that tell ape how to find issues through the use of **filters**.\nAll of these are defined using a simple markup language called [YAML](http://yaml.org/).\n\n#### playbook\n\nA playbook file, in its simplest form, is a list of plays. By default, each play will be executed in turn against the account matching the credentials ape is called with. \nOther configuration items, including email and Slack reporting integrations are also defined here. \n\n#### play\n\nA play lists the policies to run and also lets you define which **targets** (AWS accounts) and regions to run them against. \n\n#### policy\n\nA policy defines the AWS **resource** type and one or more **filters** to run against items of that type.\n\t\n#### filter\n\nA filter consists of one or more resource **criterion** (instance attribute) and value to match on.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonhadfield%2Fape","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjonhadfield%2Fape","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonhadfield%2Fape/lists"}