Open Source by Ermetic

Open-source projects are essential for cloud security, fostering transparency, collaboration and innovation. Ermetic believes in empowering developers and experts to collectively enhance software security through open scrutiny and quick fixes. By sharing knowledge and skills, these projects play a vital role in securing sensitive data and infrastructure, ensuring a safer digital ecosystem for all.


CNAPPgoat is an open-source project for provisioning vulnerable components in cloud environments (currently AWS, Azure, GCP). It includes atomic and complex vulnerable scenarios to cover various potential exploitable configurations. The modular structure allows specific scenario provisioning for different use cases. The tool enables defenders to test detection, prevention, and control mechanisms against vulnerabilities and misconfigurations, while aiding offensive professionals by providing practice environments.

Access Undenied on AWS

Access Undenied on AWS is an open source CLI tool that analyzes AWS CloudTrail AccessDenied events, scans the environment to identify and explain the reasons for the events and offers actionable least-privilege remediation suggestions. Give the tool a CloudTrail event with an “Access Denied” outcome, and the tool will tell you how to fix it!

Terraform Lab: A Project and Detailed Playbook on Using VPC Endpoints

This terraform Lab is an open-source project with a detailed playbook that will provide you with hands-on experience provisioning and using a VPC endpoint to better understand how it works. The lab includes a demonstration of how to use certain condition keys that can minimize the fallout from exfiltration of security credentials from EC2 instances due to misconfigurations – a very common initial access vector for malicious actors.

Start a free trial

See how Ermetic can help secure your data.

Get Started

Ermetic for Cloud Security Professionals

  • Get Deep, Multicloud Visibility

    Manage all identities and resources in one platform. Investigate permissions, configurations and relationships

    Learn More
  • Understand the Attack Surface

    Assess & prioritize risk across human and service identities, network configuration, data and compute resources

    Learn More
  • Automate Remediation

    Mitigate risky privileges and faulty configurations through integration with ticketing, CI/CD pipelines, and IaC

    Learn More
  • Enforce Policies and Shift Left

    Define and enforce automated guardrails for access permissions and resource configuration, from dev to production.

    Learn More
  • Detect Anomalies

    Detect suspicious behavior and configuration changes with continuous behavioral analysis and alerts

    Learn More
  • Comply with Standards

    Audit inventory and ensure compliance with CIS, GDPR, SOC2, NIST, PCI DSS, HIPAA, ISO and more

    Learn More

Hear from Our Customers

Skip to content