OpenCSPM subscription plans.

Get started with automated cloud security posture management for free with the Open-Source Community Edition of OpenCSPM. When you're ready to expand coverage, automate, and scale, add a subscription plan to get access to more expertly crafted security controls, robust deployment templates, and frequent control check updates.

Community

Open-source security monitoring platform for one cloud environment

What's included

  • Open-Core platform
  • Comprehensive cloud asset inventory collection
  • Powerful graph database for complex analysis
  • Monitor unlimited resources
  • 100+ pre-built control checks
  • CIS AWS & GCP control checks
  • Pre-built Docker images
  • Run locally or in your cloud environment

One Cloud

Unlimited security monitoring in one cloud environment

What's included

  • Open-Core platform
  • Comprehensive cloud asset inventory collection
  • Powerful graph database for complex analysis
  • Monitor unlimited resources in one cloud account
  • 100+ pre-built control checks
  • CIS AWS & GCP control checks
  • Pre-built Docker images
  • Run locally or in your cloud environment
  • 200+ additional control checks
  • Quarterly premium control pack updates
  • Pre-built IaC deployment templates
  • Pre-built PCI-DSS, CMMC, FedRamp control checks

Multi Cloud

Unlimited security monitoring in unlimited cloud environments

What's included

  • Open-Core platform
  • Comprehensive cloud asset inventory collection
  • Powerful graph database for complex analysis
  • Monitor unlimited resources in unlimited cloud accounts
  • 100+ pre-built control checks
  • CIS AWS & GCP control checks
  • Pre-built Docker images
  • Run locally or in your cloud environment
  • 200+ additional control checks
  • Quarterly premium control pack updates
  • Pre-built IaC deployment templates
  • Pre-built PCI-DSS, CMMC, FedRamp control checks

Managed Service

Unlimited security monitoring completely managed for you

What's included

  • Open-Core platform
  • Comprehensive cloud asset inventory collection
  • Powerful graph database for complex analysis
  • Monitor unlimited resources in unlimited cloud accounts
  • 100+ pre-built control checks
  • CIS AWS & GCP control checks
  • Pre-built Docker images
  • Run locally or in your cloud environment
  • 200+ additional control checks
  • Quarterly premium control pack updates
  • Pre-built IaC deployment templates
  • Pre-built PCI-DSS, CMMC, FedRamp control checks
  • Deployed, tuned, and managed for you

Automate cloud security monitoring

OpenCSPM was built with the cloud security practitioner in mind. Combine comprehensive inventory collection with deep security analysis for a tool that makes cloud security and compliance much more attainable.

Complete inventory
OpenCSPM covers more cloud services than any other CSPM tool.
Adaptive workflow
Surface cloud security issues that matter to you, on your schedule. No more alert fatigue.
Total control
OpenCSPM runs completely in your own environment. None of your sensitive data leaves your control.
Advanced analytics
Critical cloud security questions require deeper analysis than just checking "is this bucket public?".
True compliance
How can you achieve security compliance if the tools you're using can't analyze your full environment?
Prevent regression
OpenCSPM makes it easy to spot configuration drift that negatively affects security posture.
Customize
Easily integrate your own security controls using powerful Cypher graph database queries.
Open-core platform
OpenCSPM is open-core and free to download, run, modify, and extend.

Frequently asked questions

Why did you build this?
We were frustrated with the tools currently available to help automate cloud security. Commercial tools were too unwieldy and expensive, open-source tools lacked the coverage we needed.
What is it built with?
The inventory collection components are written in pure Ruby. Historical data is stored in a PostgreSQL database. Inventory assets are stored in RedisGraph and analyzed with Cypher. The web application is built with Ruby on Rails.
How do I use this thing?
For small scale usage and testing, you can run OpenCSPM on a laptop. All you need is Docker. For larger environments, you'll want to deploy it into your cloud environment.
What is a Control?
We use the term "control" to refer to something you want to check in your cloud environment. Many compliance frameworks look at controls in much the same way.
Can I write my own controls?
Absolutely! The primary requirement is a light understanding of the Cypher query language used by the graph database. Review an existing control from the Community Controls Git repo to see how simple the query language is.
What do I get with a subscription?
With a premium subscription, you'll get access to more control checks, including more complex control checks, and frequent updates as we continuously research and add new cloud security measures.

Ready to dive in? Explore CSPM automation in minutes.

OpenCSPM is an open-core platform. That means all of the core functionality is freely available and open-source.

OpenCSPM screenshot