image
Dow Jones Hammer is a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts. It has near real-time reporting capabilities (e.g. JIRA, Slack) to provide quick feedback to engineers and can perform auto-remediation of some misconfigurations. This helps to protect products deployed on cloud by creating secure guardrails. Documentation Dow Jones Hammer documentation is available via GitHub Pages at https://dowjones.github.io/hammer/ . Security features Insecure Services S3 ACL Public Access S3 Policy Public Access IAM User Inactive Keys IAM User Keys Rotation CloudTrail Logging Issues EBS Unencrypted Volumes EBS Public Snapshots RDS Public Snapshots SQS Public Policy Access S3 Unencrypted Buckets RDS Unencrypted Instances AMIs Public Access Technologies Python 3.6 AWS (Lambda, Dynamodb, EC2, SNS, CloudWatch, CloudFormation) Terraform JIRA Slack Contributing You are welcome to contribute! Issues: You can use GitHub Issues to report issues. Describe what is going on wrong and what you expect to be correct behaviour. Patches: We currently use dev branch for ongoing development. Please open PRs to this branch. Run tests: Run tests with this command: tox Contact Us Feel free to create issue report , pull request or just email us at [email protected] with any other questions or concerns you have. Download Dow Jones Hammer