Secure your cloud storage infrastructure with intelligent, real-time scanning and IaC analysis.
StorageGuard is a comprehensive security tool designed to detect misconfigurations, sensitive data exposure, and compliance violations across your cloud storage ecosystem. Whether youre deploying infrastructure via code or managing existing buckets, StorageGuard provides the visibility and control you need to stay secure.
Built with a modern microservices architecture, it supports AWS, Azure, and GCP, offering both real-time monitoring and static analysis for Infrastructure as Code (IaC) templates.
| Feature | Description |
|---|---|
| ☁️ Multi-Cloud Support | Native scanning for AWS S3, Azure Blob Storage, and Google Cloud Storage. |
| 🔍 IaC Security Analysis | Shift-left by scanning Terraform (.tf) and CloudFormation templates before deployment. |
| ⚡ Real-Time Monitoring | Event-driven architecture using SQS/EventGrid/PubSub to detect changes instantly. |
| 🔐 Sensitivity Scanning | Automatically identifying PII, credentials, and secrets within stored objects. |
| 📊 Dynamic Risk Scoring | Prioritize remediation with intelligent risk scores based on exposure and data sensitivity. |
| 🧩 Modular Architecture | Extensible design with separate API, Scanner, and Processing services. |
StorageGuard employs a microservices architecture to ensure scalability and resilience.
graph TD
User[User / CI Pipeline] -->|API Request| API[API Service]
User -->|CLI Command| CLI[CLI Tool]
subgraph Core Services
API -->|Manage Findings| DB[(PostgreSQL)]
API -->|Queue Jobs| Redis[(Redis)]
Scanner[Scanner Service] -->|Process Jobs| Redis
Scanner -->|Store Results| DB
end
subgraph Cloud Providers
Scanner -->|Scan| AWS[AWS S3]
Scanner -->|Scan| Azure[Azure Blob]
Scanner -->|Scan| GCP[GCP Storage]
end
subgraph Event Ingestion
Events[Cloud Events] -->|SQS/EventGrid| Scanner
end
apps/api: The central control plane. A NestJS application that handles user requests, manages findings, and orchestrates scans.apps/scanner: The workhorse. An independent service that executes scan jobs, connects to cloud providers, and performs deep analysis.apps/cli: A developer-friendly command-line interface for integrating StorageGuard into pipelines and local workflows.packages/database: Shared TypeORM data access layer.packages/shared: Common utilities and helper functions.
- Node.js (v18+)
- Docker & Docker Compose
- npm (v9+)
-
Clone the repository:
git clone https://github.com/MasterCaleb254/storageguard.git cd storageguard -
Install dependencies:
npm install
-
Set up environment variables: Copy the example
.envfile and configure your credentials.cp .env.example .env
-
Start the infrastructure: Spin up PostgreSQL and Redis using Docker Compose.
docker-compose up -d
-
Run database migrations:
npm run db:migrate
Start the development servers for all services:
# Start API Service
npm run dev:api
# Start Scanner Service (in a separate terminal)
npm run dev:scannerScan a Terraform directory for security issues:
# Install CLI globally (optional)
npm install -g @storageguard/cli
# Run a scan
storageguard scan --path ./infrastructure --type terraformSubmit a scan job programmatically:
curl -X POST http://localhost:3000/scans \
-H "Content-Type: application/json" \
-d '{
"target": "s3://my-sensitive-bucket",
"provider": "aws",
"scanType": "deep"
}'- Core Scanning Engine (AWS, Azure)
- IaC Static Analysis
- GCP Support Complete
- Web Dashboard (Next.js)
- One-click Remediation
- Compliance Reporting (SOC2, HIPAA)
We welcome contributions! Please see our CONTRIBUTING.md for details on how to submit pull requests, report issues, and suggest improvements.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE for more information.
Built with ❤️