Show HN: Open-Source and Cross-Cloud Policies-as-Code Solution

4 points

2 years ago

Hi HN !

I'm excited to share with you a tool i've worked on, and that could help you in many situations.

If you have any feedback on the idea, the script or anything else related to the project, I'd love to hear from you.

TLDR : Kexa is a Open Source and Cross-Cloud script that read YAML rules, gather resources from cloud providers, cloud services, and report you and your teams if a rule has been broken.

The greatest advantage of this script is that it has been designed to be fully extensible, making it easy to write new rules, add new addons or add new functionalities, while remaining lightweight and easy to deploy anywhere.

You can check how it look like here : https://kexa.io/

And on Github : https://github.com/4urcloud/Kexa

*Main features :*

Let me list to you a few use cases, with the associated 'addons' (cloud services, providers) that can already be used in the current state :

- Azure, AWS, GCP :

- Check for orphan resources (costs optimizations)

- Verify dangerous network rules (security)

- Ensure tags are compliant with standards (compliance)

- Verify for secrets or token rotation/expiration (security)

- Ensure user are using MFA (security)

- Kubernetes :

- Ensure pods are running (operational excellence)

- Ensure names compliance (compliance)

- Github

- Ensure runners are online (operational excellence)

- Ensure branches are protected (security)

- HTTP

- Check for certificates expiration or presence (security)

- Check for response code (operational excellence)

The notification system allow you to be notified by Mail, SMS, Teams, Webhook as well as setting different alert level and channel for each rules file you're editing.

CIS Benchmarks have been followed by our Teams to create a set of rules for Azure, that will allow you to have a quick report on your compliance to those Benchmarks !

More CIS Benchmarks rules are coming for all providers, inform us if you're interested.

We've developed a SaaS where you can visualize Kexa scans results and historic, and explore the resources that raised the error.

*How can you run it ?*

In any cloud functions, with the Github action available here: https://github.com/marketplace/actions/kexa-action

Or even locally if you want a quick report on a set of rules (ex: CIS Benchmarks rules that are available as Kexa rules for Azure and more to come)

If you're interested, you can follow the documentation here : https://github.com/4urcloud/Kexa/blob/main/documentation/Doc...

And if you like the project, do not forget to star us on Github ! https://github.com/4urcloud/Kexa

Thank you for reading, hoping i'll have your feedback on this