Blog and Resource Center
- Case Study
- How To
- Shift Left Join
News and Reviews
Why build an HTTP client into a database? So you can ingest web data directly!
When there isn't a Steampipe plugin to meet your need, the Net plugin's net_http_request table can save the day.
The Security Practitioner's Guide to AWS re:Invent 2022
Recap of the interesting security focused announcements.
KPIs as code: How CMD Solutions built tools for continuous controls assurance
The magic ingredient is Steampipe's ability to define information security performance metrics as SQL statements.
AWS pre:Invent 2022
We highlight AWS's interesting and impactful security announcements in the lead-up to AWS re:Invent.
Top 3 ways to improve GitHub org security
Gain some practical tips for securing your GitHub organizations based on findings from common security incidents.
A deep dive into AWS Resource Explorer
We dig into AWS Resource Explorer and discover how Steampipe can use it to enhance our resource coverage.
Steampipe Hacktoberfest 2022 Recap
New plugins, CLI improvements, blog posts, and more: How the Steampipe community rallied together during Hacktoberfest.
v0.17.0: Snapshots, share with cloud, workspace profiles
Discover the great new features in Steampipe's open source v0.17.0 release!
Keynote recap of Oracle CloudWorld 2022
If you’ve dismissed Oracle as a serious player in the cloud space, you may want to reconsider. Oracle CloudWorld’s keynote was very distinct from other recent cloud events in how Oracle is thinking about multi-cloud. Oracle’s roadmap will matter to cloud security practitioners regardless of your primary cloud provider.
Steampipe as software component
Why, and how, to call Steampipe from any programming language.
Security recap of 2022 Google Next and Microsoft Ignite
A rundown of the major security related announcements from Google Next and Microsoft Ignite with a view into where the major providers are heading with their security product offerings.
How to approach Tailscale security and compliance
New zero-config VPNs like Tailscale disrupt how we traditionally manage endpoints, connectivity, and network security. Steampipe can help manage the security and compliance of your Tailscale network.
Save and share Steampipe Cloud benchmarks and dashboards
Capture full-fidelity snapshots, then share them with others.
Enrich Splunk events with Steampipe
Splunk lookup tables can enrich AWS event data with IP-address/name mappings not available in CloudTrail. Here's how to build those tables with Steampipe.
Migration tracking with Steampipe
Learn how Steampipe served as the control tower for a systems migration.
Can't miss Security Sessions at re:Invent 2022
The sessions, chalk talks and workshops our resident Cloud Security Architect, Chris Farris, is excited about for re:Invent this year.
What's new in the CIS v1.5 benchmark for Azure
Our analysis of the Azure recommendations.
Hacktoberfest 2022: Steampipe
Earn swag for contributions to Steampipe!
Contributor Spotlight: Graza Andersson
He led his firm's adoption of Steampipe, and contributed a number of Steampipe plugins.
Contributor Spotlight: Ellis Valentiner
Learn how this data scientist works faster and smarter thanks to 'select * from cloud;' and 'dashboards as code'.
Consolidate your billing data across multiple AWS Organizations
Set budgets and track usage across AWS accounts using SQL.
View dashboards and run benchmarks in Steampipe Cloud
It's a few clicks to install mods that use connections in your workspace.
What's new in the CIS v1.5 benchmark for AWS
Our analysis of the five new recommendations.
v0.16.0: Major memory reduction, new benchmarks, secure AWS regions
Discover the great new features in Steampipe's open source v0.16.0 release!
Deepfence ThreatMapper integrates Steampipe to enhance security observability
ThreatMapper leverages contributions from the open source community to incorporate compliance insights from Steampipe.
Contributor Spotlight: François de Metz
Learn how this prolific open source author built his own Steampipe plugins to access a diverse set of SaaS APIs using SQL as the common language.
Gruntwork chooses Steampipe to deliver continuous compliance as a service
Steampipe’s openness and support for AWS CIS v1.4.0 were key factors
v0.15.0: Improved usability, telemetry, 9 new plugins
Discover the great new features in Steampipe's open source v0.15.0 release!
Shift Left Join: Where are those IP addresses coming from?
Enrich VPC FLow Logs with geographic locations from ipstack.
v0.14.0: Benchmark dashboards, Postgres 14, ARM64
Discover the great new features in Steampipe's open source v0.14.0 release!
Top 7 AWS cost-saving strategies
How to save big in AWS by cleaning up your underused resources, stale data, and more.
Use Steampipe to identify cost savings in AWS
An introduction to AWS Thrifty, a mod that finds underutilized AWS resources.
SQL for Google Sheets
Use the Google Sheets plugin to join spreadsheets with other tables, enforce named ranges, find secrets, and pivot with SQL.
v0.13.0: Dashboards, ltree, 6 new plugins
Discover the great new features in Steampipe's open source v0.13.0 release!
Dashboards as Code with HCL + SQL
Now you can visualize your queries, and easily build your own dashboards based on our library of examples.
SQL queries + compliance checks for Terraform files
Steampipe's Terraform plugin makes your .tf files queryable with SQL. A trio of new mods, for AWS/Azure/GCP, use the plugin to run compliance controls. Now you can check what you've defined as well as what you've deployed!
v0.12.0: Templates for control outputs, two new formats
Discover the great new features in Steampipe's open source v0.12.0 release!
v0.11.0: Faster startup and composable mods
Discover the great new features in Steampipe's open source v0.11.0 release!
v0.10.0: Better concurrency and caching
Discover the great new features in Steampipe's open source v0.10.0 release!
Shift Left Join: Find secrets everywhere
Use Steampipe to find secrets in all the nooks and crannies of your cloud infrastructure.
Using SQL to check spreadsheet integrity
The CSV plugin brings spreadsheet data to Steampipe. We show how to write compliance checks for that data.
When not to SELECT *
Steampipe can combine results from primary and subsidiary API calls. But when you don't need the subsidiary results, don't spend the API calls to get them.
A portrait of VSCode's external contributors
We build a data analysis pipeline to explore large GitHub repos. The same method will work with data from any Steampipe plugin.
v0.9.0: Dynamic tables & improved control outputs
Discover the great new features in Steampipe's open source v0.9.0 release!
A deep dive into AWS Cloud Control for asset inventory
We dig into AWS Cloud Control and explore how Steampipe can use it to enhance our resource coverage.
Using Steampipe's GitHub plugin to connect with your open source community
Review stale issues, visualize release cadence, and find external contributors
Adding a column to a Steampipe table
A small tweak to the GitHub plugin unlocks new capability
v0.8.0: Mod Variables, Tags & Syntax Highlighting
Discover the great new features in Steampipe's open source v0.8.0 release!
v0.7.0: AWS multi-account queries & Docker support
Learn what's new in Steampipe's open source v0.7.0 release
v0.6.0: Export and Filter Controls
Learn more about the new open source features in Steampipe v0.6.0
What's new in the CIS v1.4 benchmark for AWS
Analysis of the changes in the CIS v1.4 benchmark for AWS
v0.5.0: Controls, compliance benchmarks (CIS + PCI + custom) and lots of Hub updates
Learn more about the new open source features in Steampipe v0.5.0
New! Named Queries, Search Paths and Workspaces
Learn more about the v0.4.0 release of the open source Steampipe CLI.
Shift Left Join: Find all AWS EC2 instances not using IMDSv2
Join metadata across EC2 instances and IAM instance profiles.
Shift Left Join: Using Shodan to test AWS Public IPs
Shift Left Join Security: Threat hunting AWS IPs with Shodan and SQL.
New: Caching, Config and Improved Quals Handling
Learn more about the v0.3.0 release of the opensource Steampipe CLI.
Analysis of Cloud Provider Market Share – 2021
Using developer interest in infrastructure as code tools to gauge popularity of cloud providers.
New: AWS Multi-Region Queries and Query Caching
Learn more about the v0.2.0 release of the opensource Steampipe CLI.
The Hitchhiker's Guide to IAM Policy Wildcards
A quick reference to AWS IAM wildcard usage.
Steampipe ❤ Parliament
How Steampipe leveraged Parliament to make SQL queries against IAM even more powerful.
Normalizing AWS IAM Policies for Automation
Uncovering the power of SQL to analyze IAM policies via normalization of the AWS IAM policy syntax.
Top 10 Checks: IAM Credential Report
Learn how to generate and check your AWS IAM Credential Report for root accounts and users.
Monitor compliance of the AWS CIS 1.15 benchmark.
Ensure IAM users only receive permissions via groups.
Corral your untagged cloud cattle
How to quickly find cloud resources that are missing tags
Steampipe: select * from cloud;
The extensible SQL interface to your favorite cloud APIs