Integrate Steampipe with Vulnetix. Query cloud infrastructure with SQL and run CIS, PCI-DSS, and NIST compliance benchmarks via Powerpipe. Export findings as JSON for upload to Vulnetix.
SQL / RegoCLI toolJSONCSVHTML
Install & scan
$ # Linux/macOS install script sudo /bin/sh -c "$(curl -fsSL https://raw.githubusercontent.com/turbot/steampipe/main/install.sh)" # Homebrew brew tap turbot/tap && brew install steampipe # Install AWS plugin steampipe plugin install aws # Install Powerpipe (for benchmarks) brew install powerpipe # or: sudo /bin/sh -c "$(curl -fsSL https://powerpipe.io/install/powerpipe.sh)" $ # Install AWS compliance mod powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance # Start Steampipe service steampipe service start # Run CIS v3.0 benchmark and export JSON powerpipe benchmark run aws_compliance.benchmark.cis_v300 --output=json --export=steampipe-compliance.json
Run Steampipe in CI
Scan on every push and upload the results to Vulnetix:
- name: Install Steampipe and Powerpipe
run: |
sudo /bin/sh -c "$(curl -fsSL https://raw.githubusercontent.com/turbot/steampipe/main/install.sh)"
sudo /bin/sh -c "$(curl -fsSL https://powerpipe.io/install/powerpipe.sh)"
steampipe plugin install aws
- name: Run CIS AWS compliance benchmark
run: |
powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
steampipe service start
powerpipe benchmark run aws_compliance.benchmark.cis_v300 --export=steampipe-cis.json
- name: Upload to Vulnetix
run: vulnetix upload --file steampipe-cis.json
Centralise Steampipe results in Vulnetix
Upload Steampipe JSON, CSV, HTML output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.