Corkscrew

golang security cloud cspm duckdb aws azure gcp kubernetes
GitHub

Corkscrew: Multi-Cloud Security Scanner

Corkscrew is a modular cloud configuration scanner designed to discover, analyze, and map cloud resources across any provider. Think of it as “CSPM at home” - a production-grade security posture management tool that rivals commercial solutions without the enterprise price tag.

Key Features:

  • Multi-Cloud Support - Production-ready plugins for AWS (410+ services), Azure, GCP, and Kubernetes
  • Advanced Resource Discovery - Automatic service discovery with dynamic schema generation - no code generation needed
  • Cross-Cloud Analysis - Correlate resources across providers using IP addresses, DNS, and network topology
  • Security Posture Management - 19 specialized analysis tables including privilege escalation paths, risk assessments, and compliance mappings
  • DuckDB Integration - Powerful SQL-based querying for all your cloud resources
  • High Performance - Goroutines enable concurrent scanning across multiple services and regions

Architecture Highlights:

Corkscrew uses HashiCorp’s go-plugin library with gRPC to create a modular system where CloudProvider plugins handle resource discovery while the core CLI manages data persistence and querying. This design provides:

  • Separation of Concerns - Plugins focus on discovery, CLI handles data management
  • No Database Conflicts - Eliminates plugin database locking issues
  • Dynamic Service Support - Automatic detection of new cloud services without code updates
  • Unified Scanner Pattern - Single discovery engine per provider

Provider-Specific Optimizations:

  • AWS Provider - Reflection-based discovery automatically supports 410+ services with intelligent caching (40% memory reduction)
  • Azure Provider - Native Resource Graph integration enables tenant-wide scanning across management groups in minutes
  • GCP Provider - Cloud Asset Inventory integration provides 10x faster bulk resource discovery
  • Kubernetes Provider - Universal CRD support with real-time updates via informers

Why Corkscrew Matters:

Commercial CSPM tools can cost thousands of dollars per month, putting them out of reach for smaller teams, educational institutions, and labs. Corkscrew provides enterprise-grade security scanning capabilities completely free, with the flexibility to customize detection logic for your specific needs. Built in Go for production-scale deployments, it handles thousands of resources across multiple accounts, regions, and cloud providers with ease.

Perfect for security engineers, cloud architects, DevOps teams, or anyone building DIY security automation who needs powerful multi-cloud visibility without breaking the bank.

Check out the repo to start scanning your cloud infrastructure today!