Code scanning for configuration files

Reduce false positives, find actionable fixes for cloud infrastructure and application configurations before and after provisioning with static analysis

Start free

Install and run locally

> pip3 install coguard-cli
> coguard folder ./your-folder

Install and add it to your GitHub Workflows‍

> pip3 install coguard-cli
> coguard pipeline github add ./your-repository
> git commit -a -m “Added coguard to the github pipeline”
> git push origin main

FEATURES

IaC, Container and Application Configuration Scanning

Cloud native, hybrid, or on-premise

CoGuard works with complex infrastructures. We support a wide variety of infrastructures from serverless, cloud, hybrid and fully on-premise.

Automating compliance

CoGuard can be added to the CI/CD pipeline allowing for continual compliance testing and monitoring. Allowing teams to demonstrate the ongoing reporting required by various compliance frameworks.

Remediation with or without automation

Manually fixing configuration switches across containers and applications can be tedious. CoGuard provides auto-remediation tools that can create a pull-request and fit in the code review process.

Reduce CVE false positives

CoGuard is looking for security and vulnerabilities from security frameworks. The focus is on actionable configuration changes not CVE noise.

Fast and extensible

CoGuard is built from the ground up to be extensible. Our predicate logic engine allows us to add new technologies or new rulesets that are independent of the configuration of environments.

Learn More

SUPPORTED TECHNOLOGIES

CoGuard supports your tech stack

CoGuard is easily extensible — this allows teams to extend the policies and configuration rules supported quickly. Don’t see a specific technology, contact us for a timeline estimate.

Public cloud providers

AWS EC2
AWS S3
AWS LightSail
AWS Nitro
AWS VPC
AWS AppRunner
AWS Elastic Beanstalk
Microsoft Azure
Google Cloud Compute
GCP App Engine
GCP Compute Engine
GCP Cloud Storage
GCP Kubernetes Engine
GCP Cloud Function
GCP Cloud Disk
GCP Cloud Firewall
GCP Cloud Instance
GCP Cloud Subnetwork
GCP Container Cluster
OVH Cloud
Digital Ocean

Infrastructure as code (IaC)

Terraform
AWS CloudFormation
Azure Resource Manager
Google Cloud Deployment Manager
Chef Server
Netlify
Puppet
Pulumi
Crossplane
Saltstack
Vagrant

Databases/ NoSQL

MySQL
Postgres SQL
AWS RDS
AWS Aurora
Azure SQL
AWS Redshift
AWS Dynamo
GCP BigTable
GCP BigQuery
GCP Cloud SQL
GCP Memorystore
MongoDB
Redis

Source Control & CI/CD

Git
GitHub
Gitlab
Gitlab CI/CD
BitBucket
BitBucket Pipelines
Jenkins
AWS CodeCommit
AWS CodeDeploy
AWS CodeBuild
AWS CodePipeline
GCP Cloud Deploy
GCP Cloud Build

Websevers

Nginx
Apache httpd
Microsoft IIS
Apache Tomcat

Big Data/ MapReduce

Apache Hadoop
GCP BigTable
AWS EMR
MinIO
ElasticSearch

Streaming services

Apache Kafka
Apache Solr
AWS MSK
AWS Kinesis
GCP Pub/Sub
GCP Dataflow

Authentication Services

Kerberos
Keycloak
AWS Cognito

Identity

AWS Identity and Access Management
AWS KMS
GCP IAM
GCP KMS

Containers and orchestration

Kubernetes
Docker
Ansible
Helm charts

HOW TO GET STARTED

Sign up for a developer account

Start free

Sign up for an account

Create an account. Check out and explore a test environment with sample repositories of web applications and view their reports on CoGuard's interactive dashboard.

Install the command line tools

To scan your own repository, cloud provider, or Docker image, install the CoGuard CLI via PyPI on your system.
pip3 install coguard-cli

You can also enable it in your GitHub Workflows directly.

Run scan

CoGuard will discover configuration files in your code repository. Use the command line tools to scan a repo:
‍
coguard folder ./
‍
This command auto-discovers all relevant configuration files. To review the files prior to scanning, add `--dry-run=true` as command line parameter.

View Report

You can view all reports in your dashboard, including history and trends. Remediation steps are provided.

Next steps

The free Developer Tier supports common IaC and AMP technology stacks. To scan your full infrastructure and access additional features including auto-remediation, you can book a call with us to learn more and upgrade your account.

View plans and pricing »

CoGuard works for dev & infra teams

What our clients are saying about building infrastructure faster & more securely with CoGuard.

“[CoGuard] has been instrumental for us to fix issues and maintain an overall stability of the system. We were able to do more with the resources available to us.”

Alan Willemsen

ELB Team Lead, Teledyne-FLIR

“CoGuard provides an automated way to identify and map compliance controls to slashing risk for each client. Chainproof can assess the risk of a company’s infrastructure configuration in advance."

Dr. Sebastian Banescu

CEO, Chainproof

"Working with CoGuard, our team was able to improve the reliability of our IT foundation by giving us critical insights into our configuration quality and security in a timely manner."

John Preiditsch

President Six S Partners

The CoGuard report is very insightful and I am happy to learn that we are well protected and know how to address open holes in our cyber defence system. The check from within brought items to the surface that a penetration test failed to recognize.

Dietmar Wennemer

President & CEO, Virtek Vision

“We are asked regularly about our security posture. While we tracked the ELB development well, kept architecture documents up to date and ensured that our SBOM was being accurate and complete, there was the concern about misconfiguration. Not all team members of ours can be expected to be experts in every technology that we use.”