DEV.co
Open-Source Security · jonrau1

ElectricEye

ElectricEye is a Python-based CLI tool for auditing security posture across multiple cloud providers (AWS, GCP, Azure, OCI) and SaaS platforms (ServiceNow, Microsoft 365, Salesforce, Snowflake). It runs 1000+ security checks mapped to 20+ compliance frameworks and outputs findings to various systems including AWS Security Hub, databases, and messaging platforms.

Source: GitHub — github.com/jonrau1/ElectricEye
1k
GitHub stars
136
Forks
Python
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryjonrau1/ElectricEye
Ownerjonrau1
Primary languagePython
LicenseApache-2.0 — OSI-approved
Stars1k
Forks136
Open issues14
Latest releaseUnknown
Last updated2026-02-09
Sourcehttps://github.com/jonrau1/ElectricEye

What ElectricEye is

Multi-cloud asset discovery and security assessment engine written in Python. Modular architecture based on Auditors (provider-specific modules) that execute Checks against services. Supports cross-account/cross-region scanning, integrates with external tools (VirusTotal, Nmap, Shodan, detect-secrets, CISA KEV), and exports findings via OCSF, JSON, CSV, HTML, or directly to Security Hub, PostgreSQL, MongoDB, DocumentDB, and SQS.

Quickstart

Get the ElectricEye source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/jonrau1/ElectricEye.gitcd ElectricEye# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Multi-cloud compliance and audit reporting

Centralized security posture assessment across AWS, GCP, Azure, and OCI with findings mapped to NIST CSF, PCI-DSS, HIPAA, SOC 2, and other frameworks. Suitable for organizations managing compliance across multiple cloud providers.

Attack surface monitoring and discovery

Integrates Shodan, VirusTotal, and CISA KEV to identify exposed assets, malicious packages, and known exploitable vulnerabilities. Useful for security teams needing internet-facing risk visibility.

SaaS security assessment at scale

Audits non-traditional SaaS services (ServiceNow, Salesforce, M365) alongside cloud infrastructure. Addresses gaps in vendor-native tools by covering 100+ services with atypical coverage.

Implementation considerations

  • Requires Python 3.x environment and pip dependency installation; review requirements.txt for compatibility with your stack.
  • Configuration via TOML file (external_providers.toml) must specify multi-account, multi-region, cloud credentials, and output destinations; misalignment can cause silent failures.
  • External tool integration (Shodan, VirusTotal, CISA KEV) requires API keys and may incur usage costs or rate limits; plan credential rotation and monitoring.
  • Check coverage varies by service and provider; verify specific services relevant to your environment are included before full deployment.
  • Output routing (Security Hub, databases, SQS, Slack) requires pre-provisioned destinations and appropriate IAM/permissions; test end-to-end data flow.

When to avoid it — and what to weigh

  • Need managed/SaaS delivery model — ElectricEye is self-hosted and CLI-driven. Organizations requiring fully managed CSPM platforms should evaluate vendor solutions.
  • Require commercial support and SLAs — This is a community-driven open-source project. No formal support contract, SLA, or vendor backing is available.
  • Limited Python/DevOps expertise in-house — Deployment and configuration require familiarity with Python, TOML config, CLI tooling, and cloud credential management. Not suitable for teams without infrastructure automation experience.
  • Need out-of-the-box UI/dashboarding — ElectricEye produces raw findings in JSON, CSV, HTML, or API payloads. No native web UI; outputs must be consumed by downstream systems (e.g., Security Hub, custom dashboards).

License & commercial use

Apache License 2.0 (Apache-2.0). A permissive OSI-approved license allowing commercial use, modification, and distribution with attribution and liability disclaimer. No copyleft restrictions.

Apache-2.0 is a permissive license. Commercial use, including deployment in production environments and incorporation into proprietary systems, is permitted. No license fees or royalties apply. However, this is a community-maintained project with no commercial support guarantees. Organizations using this commercially should maintain their own fork or contribution strategy for long-term viability.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

CI/CD includes VulnScan (SBOM vulnerability checks) and CodeQL static analysis workflows, indicating security awareness. Apache-2.0 license and open-source model allow community audit. Considerations: (1) Credentials (AWS, GCP, cloud keys, API tokens) must be managed securely—project does not provide secrets management guidance; (2) TOML config file contains sensitive information (accounts, regions, API keys) and must be protected; (3) External integrations (Shodan, VirusTotal) require API keys and introduce supply-chain touchpoints; (4) Output destinations (Security Hub, SQS, databases) must enforce encryption, IAM, and network controls; (5) No formal security policy or vulnerability disclosure process stated in repo. Treat as a tool requiring security-hardened deployment, not a zero-trust appliance.

Alternatives to consider

Prisma Cloud / Palo Alto Networks CSPM

Managed SaaS platform with commercial support, native UI, multi-cloud coverage, and vendor-backed compliance. Higher cost but no self-hosting burden.

Wiz / Snyk Cloud

Cloud-native risk assessment with developer-friendly tooling, automated remediation, and SaaS delivery. Better for DevSecOps-heavy teams; narrower SaaS service coverage.

CloudMapper / ScoutSuite (open-source)

Lighter-weight open-source alternatives for AWS/GCP/Azure auditing. Simpler to deploy but less comprehensive check coverage and fewer output options than ElectricEye.

Software development agency

Build on ElectricEye with DEV.co software developers

Clone the repo, install Python dependencies, configure your cloud credentials in TOML, and run your first audit. Use --list-checks to explore 1000+ security checks across AWS, GCP, Azure, and SaaS platforms.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

ElectricEye FAQ

Can ElectricEye run on a schedule (e.g., nightly scans)?
Yes. Deploy as a cron job, Lambda with scheduled invocation, or container in orchestration platform (Kubernetes CronJob, ECS scheduled task). Execution is CLI-driven, so any scheduler can invoke the Python controller.
Does ElectricEye require write permissions to my cloud accounts?
No. By design, ElectricEye performs read-only audits. However, some outputs (e.g., sending to Security Hub, SQS) require write permissions to those services. Follow least-privilege: grant read on audited resources, write only on output destinations.
What if a check isn't supported for my use case?
ElectricEye is modular. Developers can add custom Auditors and Checks (documented in DEVELOPER_GUIDE.md). Community contributions are encouraged via GitHub; however, no SLA for feature requests.
How do I handle API rate limits from external tools (Shodan, VirusTotal)?
Use the --delay argument to throttle check execution between Auditors. Configure API key quotas with vendors. ElectricEye does not implement built-in backoff or queue management; rate limit handling is your responsibility.

Software development & web development with DEV.co

DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If ElectricEye is part of your open-source security roadmap, our team can implement, customize, migrate, and maintain it.

Get Started with ElectricEye for Multi-Cloud Security

Clone the repo, install Python dependencies, configure your cloud credentials in TOML, and run your first audit. Use --list-checks to explore 1000+ security checks across AWS, GCP, Azure, and SaaS platforms.