Steampipe is the universal interface to APIs. Use SQL to query cloud infrastructure, SaaS, code, logs, and more.
With Steampipe you can:
Check → Ensure that cloud resources comply with security benchmarks such as CIS, NIST, and SOC2.
The Steampipe community has grown a suite of plugins that map APIs to tables.
|Cloud||AWS, Alibaba, Azure, GCP, IBM, Oracle …|
|SaaS||Airtable, Jira, GitHub, Google Workspace, Salesforce, Slack, Stripe, Zoom …|
|Security||CrowdStrike, PAN-OS, VirusTotal, Shodan, Trivy …|
|Identity||Azure AD, Duo, Keycloak, Google Directory, LDAP …|
|DevOps||Docker, Grafana, Kubernetes, Prometheus …|
|Net||Baleen, Cloudflare, crt.sh, Gandi, IMAP, ipstack, updown.io, WHOIS …|
|IaC||CloudFormation, Terraform …|
|Logs||Algolia, AWS CloudWatch, Splunk, Datadog …|
|Social||HackerNews, Twitter, Reddit, RSS …|
|Your API||Build your own custom plugins|
The interactive query shell is one way you can query those tables.
You can also use psql, pgcli, Metabase, Tableau, or any client that can connect to Postgres.
The downloads page shows you how but tl;dr:
Linux or WSL
sudo /bin/sh -c "$(curl -fsSL https://raw.githubusercontent.com/turbot/steampipe/main/install.sh)"
brew tap turbot/tap brew install steampipe
steampipe plugin command to install it.
steampipe plugin install net
Run your first query!
select * from net_certificate where domain = 'google.com';
It's just SQL!
You can run queries on the command line and include them in scripts.
Other commands run benchmarks, launch Steampipe as a service, and start the dashboard server.
Queries can run in batch mode.
You can bundle connections (e.g. for many AWS accounts) using an aggregator.
The Steampipe community has also grown a suite of mods which are sets of benchmarks that check your cloud resources for compliance, and dashboards that visualize your resources.
|Compliance||Check AWS, Azure, GCP, etc for compliance with HIPAA, PCI, etc|
|Cost||Review what AWS, Azure, GCP, and other clouds are costing you|
|Insights||Visualize cloud resources with charts, tables, and interactive widgets|
|Security||Use CIS, NIST, FedRAMP etc to assess the security of AWS, Azure, GCP, etc|
|Tags||Verify the consistency of tags applied to AWS, Azure, and GCP resources|
|Your mod||Build your own benchmarks and dashboards|
Benchmarks and dashboards use SQL to gather data and HCL to flow the data into benchmark controls and dashboard widgets. You can use the existing suites of benchmarks and dashboards, or build derivative versions, or create your own.
git clone https://github.com/turbot/steampipe-mod-net-insights cd steampipe-mod-net-insights
All the benchmarks:
steampipe check all
A single benchmark:
steampipe check benchmark.dns_best_practices
A single control:
steampipe check control.dns_ns_name_valid
The home page lists available dashboards. Click
DNS Best Practices to view that dashboard.
Note that the default domains are
github.com. You can change those defaults to check other domains.
The AWS Insights mod, for example, provides dozens of dashboards that exercise the full set of widgets. To use these dashboards, first install the AWS plugin and authenticate. Then clone
AWS Insights, change to its directory, launch
steampipe dashboard, and open
We thrive on feedback and community involvement!
Want to get involved? → Learn how to contribute.
Want to work with the team? → We are hiring!
Want a hosted version of Steampipe? Bring your team to Steampipe Cloud.