What is Steampipe?

Steampipe is open source software for interrogating your cloud. Run SQL queries, compliance controls and full governance benchmarks from the comfort of your CLI.

Steampipe’s codified operations framework gives you the power to test your cloud resources against security, compliance and cost benchmarks, and to build your own custom control frameworks.

Our multi-threaded Golang CLI makes your custom SQL controls blazing fast with unlimited integration options via our embedded PostgreSQL database.

{` select region, instance_state as state, instance_type as type from aws_ec2_instance; `} {` +-----------+---------+-----------+ | region | state | type | +-----------+---------+-----------+ | eu-west-1 | running | t3.medium | | eu-west-2 | running | m5a.large | | us-east-1 | running | t3.large | +-----------+---------+-----------+ `}

## tl;dr ** → ** **[Faster startup](#faster-startup)**.
** → ** **[Composable mods](#composable-mods)**.
** → ** **[4 new plugins](#new-plugins)**.
** → ** **[Major mod updates](#major-mod-updates)**.
** → ** Even more goodies in the [full release notes](https://github.com/turbot/steampipe/blob/main/CHANGELOG.md#v0110-2021-12-21). ## Faster startup This release includes a number of startup optimizations, including: - The plugin manager instantiates plugins in parallel. - The connection manager uses file modified time instead of filehash to detect connection changes. - When multiple connections share a schema, we only fetch it once. The first time you run `steampipe query` you'll see an immediate difference.

In v0.10 we achieved major gains by spawning database connections to run controls in parallel, and by enabling those parallel controls to share a common plugin-managed cache. v0.11 brings two additional optimizations that benefit control runs. First, we now only create prepared statements for controls that interpolate parameters into SQL statements. When controls use non-parameterized SQL statements, we avoid that overhead. Second, we avoid fetching the database schema for non-interactive query execution. Here's the difference for a single control run. v10: ``` time steampipe check control.cis_v140_1_1 4.44s ``` v11: ``` time steampipe check control.cis_v140_1_1 3.08s ``` ## Composable mods In v0.11 you can build mods that use queries, controls, and benchmarks defined in other mods. The new `mod install` command enables that scenario. For example, let's build a custom mod that derives benchmarks from [AWS Compliance](https://hub.steampipe.io/mods/turbot/aws_compliance) and [Github Sherlock](https://hub.steampipe.io/mods/turbot/github_sherlock), and also extends GitHub Sherlock with a new control. We'll use the the directory `mod_acme` for this example. First, install two mods like so. ``` steampipe mod install github.com/turbot/steampipe-mod-aws-compliance ``` ``` steampipe mod install github.com/turbot/steampipe-mod-github-sherlock ``` This creates `mod.sp`. ```hcl mod "local" { title = "mod_acme" require { mod "github.com/turbot/steampipe-mod-aws-compliance" { version = "latest" } mod "github.com/turbot/steampipe-mod-github-sherlock" { version = "latest" } } } ``` ``` steampipe mod list local ├── github.com/turbot/steampipe-mod-aws-compliance@v0.22 └── github.com/turbot/steampipe-mod-github-sherlock@v0.5 ``` Now we'll do three things in a separate new file, `acme.sp`. 1. Create a version of `aws_compliance` that cherrypicks just sections 1, 2, and 3 from `cis_v140`. 2. Create a version of `github_sherlock` that cherrypicks two of its four benchmarks. 3. Add a semantic versioning check to our own version of `github_sherlock`. ```sql benchmark "acme_cis_v140" { title = "ACME CIS v1.4.0" description = "Only sections 1, 2, and 3." children = [ aws_compliance.benchmark.cis_v140_1, aws_compliance.benchmark.cis_v140_2, aws_compliance.benchmark.cis_v140_3 ] } benchmark "acme_github_sherlock" { title = "Only issue_best_practices and private_repo, plus a new semver control." children = [ github_sherlock.benchmark.issue_best_practices, github_sherlock.benchmark.private_repo_best_practices, control.repo_uses_semantic_versioning ] } control "repo_uses_semantic_versioning" { title = "Repo uses semantic versioning" sql = <

v0.11.0: Faster startup and composable mods