Finding and fixing security risks in your systems is obviously important, and a necessary part of any security program. Terrascan and Accurics were purposely built to address that need. But reacting to problems is not the only way to improve security.
Accurics is excited to release our latest open source project, KaiMonkey, to help teams address security from a different perspective.
KaiMonkey is an intentionally vulnerable infrastructure project which teams can use to better understand the security challenges of cloud infrastructures. It includes examples of various types of common risks, and can be used to augment your knowledge and improve detection and response plans or architectural mitigation.
It's also a great way to try out Terrascan or Accurics! It has known problems, so you will definitely have violations to work with, and you can explore our various integrations and capabilities without having to make changes to your own projects.
We started with Terraform HCL and AWS resources, and we plan to enhance it over time to include more IaC providers, more cloud environments, and more risk examples. We welcome your contributions and suggestions, if you have something specific in mind.
Please check it out in GitHub, and let us know what you'd like to see!