Frequently Asked Questions

Open Source licenses meet the Open Source Definition (OSD) criteria, giving users the freedom to use, modify, and distribute the software without significant restrictions. Examples include MIT, Apache, and GPL licenses.

Source Available licenses allow access to source code but have restrictions that make them non-open source. Examples include the Elastic License, Server Side Public License (SSPL), and Business Source License (BSL).

This indicates a dual-license model where the software is available under both an open source license and a commercial license. Users can choose which license best suits their needs. The commercial license often includes additional features, support, or different terms.

Self Hosted Only

You must deploy and manage the software on your own infrastructure.

Cloud Service Only

The software is only available as a managed service.

Self Hosted + Cloud Options

You can choose between self-hosting or using a managed service.

Cloud Native Service

The service is tightly integrated with specific cloud platform(s).

Tools are reviewed and updated regularly to ensure accuracy. Community stars and last commit dates for open source projects are updated periodically. New tools are added as they emerge in the cloud security landscape.

Tools are evaluated based on several criteria:

• Active development and maintenance
• Relevance to cloud security
• Production readiness
• Documentation quality
• Community adoption (where applicable)

Tools marked as "Sponsored" have paid for enhanced visibility in the directory. This does not affect the factual information presented or placement in search results based on relevance to your query. All sponsored tools meet the same quality criteria as non-sponsored listings.

Tools marked as Multi-Cloud indicate general support for multiple cloud providers (AWS, Azure, GCP, etc.). However, the depth and breadth of support can vary significantly between providers and specific features. For example:

• Tool A might offer full feature parity across AWS and Azure, but only basic monitoring for GCP
• Tool B could provide deep AWS integration with real-time protection, while offering only periodic scanning for other clouds
• Tool C may support configuration management across all clouds but limit advanced features to specific providers

I strongly recommend thoroughly evaluating each tool's specific capabilities for your cloud providers of interest. Based on my experience, I've chosen not to track feature-level cloud support because it varies so much that a tick in the box would likely mislead. Spend some time assessing this for yourself.