Code scanning for configuration files

Reduce false positives, find actionable fixes for cloud, and infrastructure and application configurations before and after provisioning with static analysis
Demo
Start free
GitHub Logo

Install and run locally

> pip3 install coguard-cli
> coguard folder ./your-folder

Install and add it to your GitHub Workflows

> pip3 install coguard-cli
> coguard pipeline github add ./your-repository
> git commit -a -m “Added coguard to the github pipeline”
> git push origin main

CoGuard is not "glorified grep"

CoGuard is a static analyzer that builds a representation of infrastructure and applications from configurations, like a compiler, that is fast, extensible and reduces false positives. We are looking at your unique application and deployment environment for bugs, errors and vulnerabilities.

CoGuard works pre and post provisioning

We connect to your code repository and scan code including Terraform, Kubernetes YAML, Dockerfile and other configuration files. We can also connect (read-only) to your cloud provider and extract your configurations. The configuration files are scanned for misconfigurations, policy violations including compliance frameworks and identify potential breach paths.
iPhone mockupiPhone mockup

FEATURES

IaC, Container and Application Configuration Scanning

Cloud native, hybrid, or on-premise

CoGuard works with complex infrastructures. We support a wide variety of infrastructures from serverless, cloud, hybrid and fully on-premise.

Automating compliance

CoGuard can be added to the CI/CD pipeline allowing for continual compliance testing and monitoring. Allowing teams to demonstrate the ongoing reporting required by various compliance frameworks.

Remediation with or without automation

Manually fixing configuration switches across containers and applications can be tedious. CoGuard provides auto-remediation tools that can create a pull-request and fit in the code review process.

Reduce CVE false positives

CoGuard is looking for security and vulnerabilities from security frameworks. The focus is on actionable configuration changes not CVE noise.

Fast and extensible

CoGuard is built from the ground up to be extensible. Our predicate logic engine allows us to add new technologies or new rulesets that are independent of the configuration of environments.
Demo
Learn More

SUPPORTED TECHNOLOGIES

CoGuard supports your tech stack

CoGuard is easily extensible — this allows teams to extend the policies and configuration rules supported quickly. Don’t see a specific technology, contact us for a timeline estimate.

Public cloud providers

AWS EC2
AWS S3
AWS LightSail
AWS Nitro
AWS VPC
AWS AppRunner
AWS Elastic Beanstalk
Azure
Google Cloud Compute
OVH Cloud
Digital Ocean

Infrastructure as code (IaC)

Terraform
AWS CloudFormation
Azure Resource Manager
Google Cloud Deployment Manager
Chef Server
Netlify
Puppet
Pulumi
Crossplane
Saltstack
Vagrant

Databases/ NoSQL

MySQL
Postgres SQL
AWS RDS
AWS Aurora
MongoDB
Azure SQL
AWS Redshift
AWS Dynamo
Redis

Containers and orchestration

Kubernetes
Docker
Ansible
Helm charts

Websevers

Nginx
Apache httpd
Microsoft IIS
Apache Tomcat

Big Data/ MapReduce

Apache Hadoop
BigTable
AWS EMR
MinIO
ElasticSearch

Streaming services

Apache Kafka
Apache Solr
AWS MSK
AWS Kinesis

Authentication Services

Kerberos
Keycloak
AWS Cognito
HOW TO GET STARTED

Sign up for a developer account

Demo
Start free

Sign up for an account

Create an account. Check out and explore a test environment with sample repositories of web applications and view their reports on CoGuard's interactive dashboard.

Install the command line tools

To scan your own repository, cloud provider, or Docker image, install the CoGuard CLI via PyPI on your system.
pip3 install coguard-cli

You can also enable it in your GitHub Workflows directly.

Run scan

CoGuard will discover configuration files in your code repository. Use the command line tools to scan a repo:

coguard folder ./

This command auto-discovers all relevant configuration files. To review the files prior to scanning, add `--dry-run=true` as command line parameter.

View Report

You can view all reports in your dashboard, including history and trends.  Remediation steps are provided.

Next steps

The free Developer Tier supports common IaC and AMP technology stacks. To scan your full infrastructure and access additional features including auto-remediation, you can book a call with us to learn more and upgrade your account.

View plans and pricing »

CoGuard works for dev & infra teams

What our clients are saying about building infrastructure faster & more securely with CoGuard.
“[CoGuard] has been instrumental for us to fix issues and maintain an overall stability of the system. We were able to do more with the resources available to us.”
Alan Willemsen
ELB Team Lead, Teledyne-FLIR
“CoGuard provides an automated way to identify and map compliance controls to slashing risk for each client. Chainproof can assess the risk of a company’s infrastructure configuration in advance."
Dr. Sebastian Banescu
CEO, Chainproof
"Working with CoGuard, our team was able to improve the reliability of our IT foundation by giving us critical insights into our configuration quality and security in a timely manner."
John Preiditsch
President Six S Partners
The CoGuard report is very insightful and I am happy to learn that we are well protected and know how to address open holes in our cyber defence system. The check from within brought items to the surface that a penetration test failed to recognize.
Dietmar Wennemer
President & CEO, Virtek Vision
“We are asked regularly about our security posture. While we tracked the ELB development well, kept architecture documents up to date and ensured that our SBOM was being accurate and complete, there was the concern about misconfiguration. Not all team members of ours can be expected to be experts in every technology that we use.”
Alan Willemsen
ELB Team Lead, Teledyne-FLIR
Book a call
© 2021-2023 All rights reserved Heinle Solutions Inc.