Open Source CSPM for Azure

Modern Security,
Purely Open.

OpenShield is an enterprise-grade, open-source CSPM engine for Azure. We help engineering teams detect misconfigurations, audit compliance against CIS, SOC2, NIST CSF, and ISO 27001, and automate remediation - all without the six-figure price tag.

Open Dashboard

bash : interactive

Project Philosophy

Security for
Every Team.

OpenShield was built on the principle that basic security visibility shouldn't be a luxury. We're democratizing CSPM with a platform that runs where your resources are, ensuring data never leaves your control.

Automated Audits

Map your infrastructure to CIS, SOC2, NIST CSF, and ISO 27001 requirements automatically.

Instant Remediation

Don't just find bugs—fix them. OpenShield generates atomic CLI playbooks to close security gaps in seconds.

State-Aware Intelligence

Unlike basic scanners, OpenShield correlates findings across multi-subscription environments to identify systemic risks and privilege escalation paths.

Decoupled Architecture

The engine strictly separates cloud SDK handlers from security logic, allowing researchers to contribute new rules with zero changes to the core orchestrator.

React Dashboard

Flask REST API

Engine

PostgreSQL

Azure Cloud

Sentinel

Full Compliance Coverage

OpenShield maps every finding to the CIS Microsoft Azure Foundations Benchmark, SOC2, NIST CSF, and ISO 27001 out of the box.

Native SIEM Export

Findings can be streamed directly to Microsoft Sentinel or exported as JSON for ingestion into existing security pipelines.

Enterprise Multi-Tenant

Designed for Managed Service Providers (MSPs) and enterprises using Azure Lighthouse for multi-tenant security operations.

Public Roadmap

What we have shipped, what we are building now, and what comes next. Vote on features →

Shipped

Now

Later

Releases

Version history and release notes. All releases on GitHub →

Frequently Asked Questions

Common questions about using and contributing to OpenShield.

Trusted By

Teams securing their cloud infrastructure with OpenShield.

Built by the Community

OpenShield is made possible by developers and security researchers worldwide. Join us in making cloud security accessible.

Become a Contributor

Interactive Playground

Experience the engine in real-time. Select a target and run a simulated deep-scan.

Target Environment

Compliance Pack

Live Engine Output

bash : openshield

// Ready to initialize core security modules...

Real-time Insights

Status: Idle

100

Security Score

0

Critical

0

Warning

0

Passed

Finding Stream

Waiting for scan to identify resources...

Rules Gallery

Browse our library of security checks and compliance mappings.

Technical Insights

Deep dives into security research and project updates.

Maintainer Mode Required

Compose Content

Content Type

Slug (ID)

Date

Title

Excerpt

Author

Cover Image

Click to upload or drag and drop

PNG, JPG or WEBP — max 700 KB for GitHub upload

Content (Markdown)

Security: GitHub Access Token Get Token

Tokens are never stored. Requires repo scope to create branches and PRs.

Live Preview

Start typing to see your post come to life...

Events

Join the OpenShield community in person and online.

Modern Security, Purely Open.

Security forEvery Team.