ElectricEye
ElectricEye is a Python-based CLI tool for auditing security posture across multiple cloud providers (AWS, GCP, Azure, OCI) and SaaS platforms (ServiceNow, Microsoft 365, Salesforce, Snowflake). It runs 1000+ security checks mapped to 20+ compliance frameworks and outputs findings to various systems including AWS Security Hub, databases, and messaging platforms.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | jonrau1/ElectricEye |
| Owner | jonrau1 |
| Primary language | Python |
| License | Apache-2.0 — OSI-approved |
| Stars | 1k |
| Forks | 136 |
| Open issues | 14 |
| Latest release | Unknown |
| Last updated | 2026-02-09 |
| Source | https://github.com/jonrau1/ElectricEye |
What ElectricEye is
Multi-cloud asset discovery and security assessment engine written in Python. Modular architecture based on Auditors (provider-specific modules) that execute Checks against services. Supports cross-account/cross-region scanning, integrates with external tools (VirusTotal, Nmap, Shodan, detect-secrets, CISA KEV), and exports findings via OCSF, JSON, CSV, HTML, or directly to Security Hub, PostgreSQL, MongoDB, DocumentDB, and SQS.
Get the ElectricEye source
Clone the repository and explore it locally.
git clone https://github.com/jonrau1/ElectricEye.gitcd ElectricEye# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Python 3.x environment and pip dependency installation; review requirements.txt for compatibility with your stack.
- Configuration via TOML file (external_providers.toml) must specify multi-account, multi-region, cloud credentials, and output destinations; misalignment can cause silent failures.
- External tool integration (Shodan, VirusTotal, CISA KEV) requires API keys and may incur usage costs or rate limits; plan credential rotation and monitoring.
- Check coverage varies by service and provider; verify specific services relevant to your environment are included before full deployment.
- Output routing (Security Hub, databases, SQS, Slack) requires pre-provisioned destinations and appropriate IAM/permissions; test end-to-end data flow.
When to avoid it — and what to weigh
- Need managed/SaaS delivery model — ElectricEye is self-hosted and CLI-driven. Organizations requiring fully managed CSPM platforms should evaluate vendor solutions.
- Require commercial support and SLAs — This is a community-driven open-source project. No formal support contract, SLA, or vendor backing is available.
- Limited Python/DevOps expertise in-house — Deployment and configuration require familiarity with Python, TOML config, CLI tooling, and cloud credential management. Not suitable for teams without infrastructure automation experience.
- Need out-of-the-box UI/dashboarding — ElectricEye produces raw findings in JSON, CSV, HTML, or API payloads. No native web UI; outputs must be consumed by downstream systems (e.g., Security Hub, custom dashboards).
License & commercial use
Apache License 2.0 (Apache-2.0). A permissive OSI-approved license allowing commercial use, modification, and distribution with attribution and liability disclaimer. No copyleft restrictions.
Apache-2.0 is a permissive license. Commercial use, including deployment in production environments and incorporation into proprietary systems, is permitted. No license fees or royalties apply. However, this is a community-maintained project with no commercial support guarantees. Organizations using this commercially should maintain their own fork or contribution strategy for long-term viability.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Strong |
| Assessment confidence | High |
CI/CD includes VulnScan (SBOM vulnerability checks) and CodeQL static analysis workflows, indicating security awareness. Apache-2.0 license and open-source model allow community audit. Considerations: (1) Credentials (AWS, GCP, cloud keys, API tokens) must be managed securely—project does not provide secrets management guidance; (2) TOML config file contains sensitive information (accounts, regions, API keys) and must be protected; (3) External integrations (Shodan, VirusTotal) require API keys and introduce supply-chain touchpoints; (4) Output destinations (Security Hub, SQS, databases) must enforce encryption, IAM, and network controls; (5) No formal security policy or vulnerability disclosure process stated in repo. Treat as a tool requiring security-hardened deployment, not a zero-trust appliance.
Alternatives to consider
Prisma Cloud / Palo Alto Networks CSPM
Managed SaaS platform with commercial support, native UI, multi-cloud coverage, and vendor-backed compliance. Higher cost but no self-hosting burden.
Wiz / Snyk Cloud
Cloud-native risk assessment with developer-friendly tooling, automated remediation, and SaaS delivery. Better for DevSecOps-heavy teams; narrower SaaS service coverage.
CloudMapper / ScoutSuite (open-source)
Lighter-weight open-source alternatives for AWS/GCP/Azure auditing. Simpler to deploy but less comprehensive check coverage and fewer output options than ElectricEye.
Build on ElectricEye with DEV.co software developers
Clone the repo, install Python dependencies, configure your cloud credentials in TOML, and run your first audit. Use --list-checks to explore 1000+ security checks across AWS, GCP, Azure, and SaaS platforms.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
ElectricEye FAQ
Can ElectricEye run on a schedule (e.g., nightly scans)?
Does ElectricEye require write permissions to my cloud accounts?
What if a check isn't supported for my use case?
How do I handle API rate limits from external tools (Shodan, VirusTotal)?
Software development & web development with DEV.co
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If ElectricEye is part of your open-source security roadmap, our team can implement, customize, migrate, and maintain it.
Get Started with ElectricEye for Multi-Cloud Security
Clone the repo, install Python dependencies, configure your cloud credentials in TOML, and run your first audit. Use --list-checks to explore 1000+ security checks across AWS, GCP, Azure, and SaaS platforms.