OCI Security Posture Monitor - A Cloud Security Posture Management (CSPM) tool for Oracle Cloud Infrastructure.

CloudSentry scans your OCI tenancy for security misconfigurations, stores findings in PostgreSQL, visualizes security posture in Grafana, and sends real-time alerts via Slack.

• 21 Security Checks across 5 categories:

  • Storage (5 checks): Public buckets, versioning, lifecycle, encryption, PAR permissions
  • Network (5 checks): Permissive security lists/NSGs, unused rules, WAF, flow logs
  • Compute (4 checks): Public IPs, boot volume encryption, monitoring, legacy shapes
  • IAM (4 checks): MFA, API key rotation, permissive policies, inactive users
  • Database (3 checks): Private endpoints, public access, encrypted connections

• CIS Benchmark Mapping - Checks mapped to CIS OCI Benchmark controls

• PostgreSQL Persistence - Track finding history, resolution, and trends

• Grafana Dashboard - Pre-built security posture visualization

• Slack Alerts - Real-time notifications for critical/high findings

• Compliance Scoring - Track CIS compliance percentage over time

• Python 3.9+
• Docker & Docker Compose (for PostgreSQL + Grafana)
• OCI CLI configured (~/.oci/config)

# Clone the repository
git clone https://github.com/sinCodes11/cloudsentry.git
cd cloudsentry

# Create virtual environment
python -m venv venv
source venv/bin/activate  # or `venv\Scripts\activate` on Windows

# Install dependencies
pip install -r requirements.txt

# Copy and configure
cp config.example.yaml config.yaml
cp .env.example .env
# Edit config.yaml and .env with your settings

# Start PostgreSQL and Grafana
docker-compose up -d

# Initialize database
python main.py init-db

# Dry run (no database, no alerts)
python main.py scan --dry-run

# Full scan
python main.py scan

# Scan specific compartment
python main.py scan -C ocid1.compartment.oc1..xxx

# Export findings to JSON
python main.py scan -o findings.json

# List available checks
python main.py checks

# View open findings
python main.py findings
python main.py findings --severity CRITICAL
python main.py findings -f json

# View compliance score
python main.py compliance

# Suppress a finding
python main.py suppress STORAGE-001 bucket-name

# Test Slack integration
python main.py test-slack

oci:
  config_file: ~/.oci/config
  profile: DEFAULT
  compartments:
    - ALL  # Scan all compartments recursively

database:
  host: localhost
  port: 5432
  name: cloudsentry
  user: cloudsentry
  password: ${DB_PASSWORD}  # From environment

alerts:
  slack:
    enabled: true
    webhook_url: ${SLACK_WEBHOOK}
    min_severity: HIGH  # CRITICAL, HIGH, MEDIUM, LOW

DB_PASSWORD=your_database_password
SLACK_WEBHOOK=https://hooks.slack.com/services/xxx/xxx/xxx
GRAFANA_PASSWORD=admin

Access Grafana at http://localhost:3000 (default: admin/admin)

The pre-built dashboard includes:

• Total findings by severity
• CIS compliance score trend
• Findings by resource type
• Recent open findings table
• Top failing checks

┌─────────────────┐     ┌──────────────┐     ┌─────────────┐
│   OCI Tenancy   │────▶│  CloudSentry │────▶│  PostgreSQL │
│  (SDK Scan)     │     │   Scanner    │     │  (Findings) │
└─────────────────┘     └──────┬───────┘     └──────┬──────┘
                               │                    │
                               ▼                    ▼
                        ┌──────────────┐     ┌─────────────┐
                        │    Slack     │     │   Grafana   │
                        │   Alerts     │     │  Dashboard  │
                        └──────────────┘     └─────────────┘

# Install dev dependencies
pip install -e ".[dev]"

# Run tests
pytest

# Format code
black cloudsentry/

# Type checking
mypy cloudsentry/

Exit codes for CI pipelines:

• 0: No critical or high findings
• 1: High severity findings detected
• 2: Critical severity findings detected

# Example GitHub Actions usage
python main.py scan --dry-run || exit $?

MIT License - see LICENSE for details.

Daniel Gregg Jr

• GitHub: @sinCodes11
• LinkedIn: danielsin-1881ske89