Learn how a consultancy adopted and customized the Steampipe AWS Well-Architected Mod to expedite their customers' AWS workload assessments.
Here's how to build a mod to check the top 10 AWS security tips. You can use this pattern to build your own custom mods to check other Top 10 lists.
Learn how to add support for a new pillar, Sustainability, using a custom control.
Our analysis of the latest CIS AWS recommendations.
These changes also create welcome headroom for the Compliance and Sherlock mods.
Learn how to add support for a new pillar, Sustainability, using controls cherrypicked from an existing mod.
Our analysis of the latest CIS OCI recommendations.
We're excited to announce that Steampipe Cloud has received its annual SOC 2 Type II certification.
Discover the great new features in Steampipe's open source v0.20.0 release!
Whether you embed Steampipe in your product or integrate with it, we welcome your stories and contributions!
Compliance checks running in AWS Lambda, and an in-house CMDB queried with a custom plugin, are just some of the uses they've found for Steampipe.
In a workspace, all connections of the same type are automatically aggregated. Now you also can define aggregators for subsets of connections.
Senior SRE / Platform Engineer Paul Solomon highlights his recent use cases with Steampipe.
Now consulting partners can more effectively run assessments, customize their results, and collaborate with clients.
Use Steampipe to join data from Vanta and Tailscale to enforce workstation security requirements to secure your network.
Use relationship graphs to easily navigate your GCP projects and gain insights to how all your resources are interconnected.
If you’re fetching images from Docker Hub, you’ll want to switch over to GHCR.
Ensuring compliance, conformance, and accuracy in your organization's tagging practices
Learn to identify 3rd party access to Amazon Machine Images (AMIs) and IAM cross-account trusts.
Use prebuilt dashboards to answer questions like 'Who can apply verb X to resource Y?', or answer your own questions with the point-and-click RBAC Explorer.
Use relationship graphs to easily navigate your AWS accounts and gain insights to how all your resources are interconnected.
Steampipe can help us participate effectively in a social network where people, not algorithms, control the flow of information.
Learn how to reuse data and make it accessible to your entire organization using Steampipe.
Custom names and tags make benchmark results easier to read, filter, and organize.
Use relationship graphs to easily navigate your Azure subscriptions and gain insights to how all your resources are interconnected.
Our analysis of the Azure recommendations.
Use Steampipe with AWS CodePipeline & CodeBuild to validate your Terraform code before you deploy it.
By default GCP IAM service account keys never expire. Use Steampipe to find expiration dates and prioritize updates for better protection.
Discover the great new features in Steampipe's open source v0.19.0 release!
You could already schedule periodic snapshots of benchmarks and dashboards. Now you can do the same for queries!
Leveraging Steampipe's Relationship Graphs for Penetration Testing in GCP
Use relationship graphs to easily navigate your Kubernetes architecture and gain insights to how all the resources are interconnected.
Safeguarding your Auth0 environment is critical to protect your users. Learn how to protect against threats & enhance security posture with Steampipe.
To track changes over time it's helpful to run snapshots periodically. Now you can schedule them to repeat, and notify your team with summarized results.
The Steampipe ecosystem provides thousands of named resources you can include in custom dashboards. But don't stop there, you can easily mix in your own queries and controls.
Using Steampipe’s CircleCI plugin, you can query your project environment variables, SSH keys, and more into reports you can leverage to prioritize which secrets you need to focus on.
Our analysis of the latest CIS GCP recommendations.
A Steampipe plugin can map a Postgres WHERE clause to an API parameter. We took advantage of that to enable the Vercel plugin to query deployments by date.
Quickly visualize and identify attack paths an attacker could leverage. Relationship graphs provide an interactive visualization to navigate resource relationships and drill into asset details without authenticating into multiple accounts or jumping across regions.
Discover the great new features in Steampipe's open source v0.18.0 release!
Here's a month-by-month review of the highlights.
To improve your application security program, chart the attack surface of your cloud’s network perimeter using Steampipe.
When there isn't a Steampipe plugin to meet your need, the Net plugin's net_http_request table can save the day.
Recap of the interesting security focused announcements.
The magic ingredient is Steampipe's ability to define information security performance metrics as SQL statements.
We highlight AWS's interesting and impactful security announcements in the lead-up to AWS re:Invent.
Gain some practical tips for securing your GitHub organizations based on findings from common security incidents.
We dig into AWS Resource Explorer and discover how Steampipe can use it to enhance our resource coverage.
New plugins, CLI improvements, blog posts, and more: How the Steampipe community rallied together during Hacktoberfest.
Discover the great new features in Steampipe's open source v0.17.0 release!
If you’ve dismissed Oracle as a serious player in the cloud space, you may want to reconsider. Oracle CloudWorld’s keynote was very distinct from other recent cloud events in how Oracle is thinking about multi-cloud. Oracle’s roadmap will matter to cloud security practitioners regardless of your primary cloud provider.
Why, and how, to call Steampipe from any programming language.
A rundown of the major security related announcements from Google Next and Microsoft Ignite with a view into where the major providers are heading with their security product offerings.
New zero-config VPNs like Tailscale disrupt how we traditionally manage endpoints, connectivity, and network security. Steampipe can help manage the security and compliance of your Tailscale network.
Capture full-fidelity snapshots, then share them with others.
Splunk lookup tables can enrich AWS event data with IP-address/name mappings not available in CloudTrail. Here's how to build those tables with Steampipe.
Learn how Steampipe served as the control tower for a systems migration.
The sessions, chalk talks and workshops our resident Cloud Security Architect, Chris Farris, is excited about for re:Invent this year.
Earn swag for contributions to Steampipe!
He led his firm's adoption of Steampipe, and contributed a number of Steampipe plugins.
Learn how this data scientist works faster and smarter thanks to 'select * from cloud;' and 'dashboards as code'.
Set budgets and track usage across AWS accounts using SQL.
It's a few clicks to install mods that use connections in your workspace.
Our analysis of the five new recommendations.
Discover the great new features in Steampipe's open source v0.16.0 release!
ThreatMapper leverages contributions from the open source community to incorporate compliance insights from Steampipe.
Learn how this prolific open source author built his own Steampipe plugins to access a diverse set of SaaS APIs using SQL as the common language.
Steampipe’s openness and support for AWS CIS v1.4.0 were key factors
Discover the great new features in Steampipe's open source v0.15.0 release!
Enrich VPC FLow Logs with geographic locations from ipstack.
Discover the great new features in Steampipe's open source v0.14.0 release!
How to save big in AWS by cleaning up your underused resources, stale data, and more.
An introduction to AWS Thrifty, a mod that finds underutilized AWS resources.
Use the Google Sheets plugin to join spreadsheets with other tables, enforce named ranges, find secrets, and pivot with SQL.
Discover the great new features in Steampipe's open source v0.13.0 release!
Now you can visualize your queries, and easily build your own dashboards based on our library of examples.
Steampipe's Terraform plugin makes your .tf files queryable with SQL. A trio of new mods, for AWS/Azure/GCP, use the plugin to run compliance controls. Now you can check what you've defined as well as what you've deployed!
Discover the great new features in Steampipe's open source v0.12.0 release!
Discover the great new features in Steampipe's open source v0.11.0 release!
Discover the great new features in Steampipe's open source v0.10.0 release!
Use Steampipe to find secrets in all the nooks and crannies of your cloud infrastructure.
The CSV plugin brings spreadsheet data to Steampipe. We show how to write compliance checks for that data.
Steampipe can combine results from primary and subsidiary API calls. But when you don't need the subsidiary results, don't spend the API calls to get them.
We build a data analysis pipeline to explore large GitHub repos. The same method will work with data from any Steampipe plugin.
Discover the great new features in Steampipe's open source v0.9.0 release!
We dig into AWS Cloud Control and explore how Steampipe can use it to enhance our resource coverage.
Review stale issues, visualize release cadence, and find external contributors
A small tweak to the GitHub plugin unlocks new capability
Discover the great new features in Steampipe's open source v0.8.0 release!
Learn what's new in Steampipe's open source v0.7.0 release
Learn more about the new open source features in Steampipe v0.6.0
Analysis of the changes in the CIS v1.4 benchmark for AWS
Learn more about the new open source features in Steampipe v0.5.0
Learn more about the v0.4.0 release of the open source Steampipe CLI.
Join metadata across EC2 instances and IAM instance profiles.
Shift Left Join Security: Threat hunting AWS IPs with Shodan and SQL.
Learn more about the v0.3.0 release of the opensource Steampipe CLI.
Using developer interest in infrastructure as code tools to gauge popularity of cloud providers.
Learn more about the v0.2.0 release of the opensource Steampipe CLI.
A quick reference to AWS IAM wildcard usage.
How Steampipe leveraged Parliament to make SQL queries against IAM even more powerful.
Uncovering the power of SQL to analyze IAM policies via normalization of the AWS IAM policy syntax.
Learn how to generate and check your AWS IAM Credential Report for root accounts and users.
Ensure IAM users only receive permissions via groups.
How to quickly find cloud resources that are missing tags
The extensible SQL interface to your favorite cloud APIs
Articles about Steampipe published elsewhere
