Everything you need. Nothing you don't.
A complete cloud security platform — scanning, graph analysis, prevention, remediation, and AI integration — in one open source tool.
MCP-Native AI Integration
The first cloud security tool built on the Model Context Protocol. AI agents interact with your security posture through structured tool calls — scan accounts, query the attack graph, check compliance, and apply remediation. Works with Claude, ChatGPT, and any MCP-compatible agent.
- Structured MCP tools with typed parameters
- Resources for reading security data
- Prompt templates for common workflows
- HTTP and stdio transport support
Attack Path Analysis
Every cloud resource goes into a Neo4j graph database. Resources are nodes, relationships are edges. Stratusec finds chains of misconfigurations that create real attack paths — not just isolated findings.
- Neo4j-powered security graph
- Automatic relationship mapping across services
- Blast radius analysis for any resource
- Toxic combination detection
OPA Guardrails
Prevent misconfigurations before they deploy. Write policies in Rego, evaluate against infrastructure definitions, and enforce in CI/CD. 200+ built-in policies for AWS, Azure, and GCP.
- 200+ pre-built Rego policies
- CI/CD integration (GitHub Actions, GitLab CI)
- Drift detection for deployed resources
- Policy validation and dry-run
Auto-Remediation
Every finding comes with specific remediation code — not just documentation links. Auto-apply with mandatory dry-run, rollback snapshots, and full audit logging.
- Finding-specific CLI commands and Terraform patches
- Dry-run mode for all remediation actions
- Automatic rollback on failure
- Approval workflows for sensitive changes
AI Chat (Bring Your LLM)
Built-in AI assistant that uses the same MCP tools to answer security questions about your cloud. Works with OpenAI, Anthropic, or Ollama for a fully local, private experience.
- Context-aware conversations about your posture
- Trigger scans and remediation through chat
- Supports OpenAI, Anthropic, Ollama
- Your API keys stay on your infrastructure
Policy Generation
Generate cloud-native enforcement policies from security checks. AWS SCPs, Config Rules, Control Tower guardrails, Azure Policies, and GCP Organization Policies.
- AWS SCP, Config Rule, and Control Tower generators
- Azure Policy and Blueprint generators
- GCP Organization Policy generators
- Terraform and CloudFormation output
The full platform
Every capability you need for production cloud security.
Multi-Cloud
AWS, Azure, GCP, and Kubernetes from a single platform.
200+ Security Checks
Misconfigurations, exposed resources, weak IAM, encryption gaps, logging failures.
8 Compliance Frameworks
CIS Benchmarks, SOC 2, HIPAA, PCI-DSS, NIST 800-53, ISO 27001, GDPR, and FedRAMP mapping.
Neo4j Graph
Full resource relationship mapping. Query with Cypher for custom analysis.
Real-Time Dashboard
Next.js UI with security posture score, findings management, and command bar (⌘K).
CLI & API
Full REST API with Swagger docs. CLI for automation and CI/CD integration.
Self-Hosted
One docker compose up. Your data stays on your infrastructure. Always.
Open Source
Apache 2.0. Read every line of code. Contribute, modify, distribute freely.
Architecture
Modern, scalable, and production-ready.
┌─────────────────────────────────────────────────────┐
│ stratusec-core │
│ (shared library: models, scanners, checks, OPA) │
└────────────────────────┬────────────────────────────┘
│
┌──────────┴──────────┐
▼ ▼
┌─────────────────┐ ┌──────────────────────┐
│ Stratusec OSS │ │ Stratusec Enterprise │
│ API + MCP │ │ API + Full MCP │
│ :8000 │ │ :8100 │
└────────┬────────┘ └──────────┬───────────┘
│ │
┌────────▼────────────────────────▼──────────┐
│ Shared Infrastructure │
│ PostgreSQL · Neo4j · Redis · OPA │
└────────────────────────────────────────────┘