展示HN：Kexa.io – 开源IT安全与合规性验证

Hi HN,<p>We&#x27;re building Kexa.io (<a href="https:&#x2F;&#x2F;github.com&#x2F;kexa-io&#x2F;Kexa">https:&#x2F;&#x2F;github.com&#x2F;kexa-io&#x2F;Kexa</a>), an open-source tool developed in France (incubated at Euratech Cyber Campus) to help teams automate the often tedious process of verifying IT security and compliance. Keeping track of configurations across diverse assets (servers, K8s, cloud resources) and ensuring they meet security baselines (like CIS benchmarks, etc.) manually is challenging and error-prone.<p>Our goal with the open-source core is to provide a straightforward way to define checks, scan your assets, and get clear reports on your security posture. You can define your own rules or use common standards.<p>We are now actively developing our SaaS offering, planned for a beta release around June 2025. The key feature will be an AI-powered security administration agent specifically designed for cloud environments (initially targeting AWS, GCP, Azure). Instead of just reporting issues, this agent will aim to provide proactive, actionable recommendations and potentially automate certain remediation tasks to simplify cloud security management and hardening.<p>We&#x27;d love for the HN community to check out the open-source project on GitHub. Feedback on the concept or the current tool is highly welcome, and a star if you find it interesting helps others discover the project! If the upcoming AI-powered cloud security agent sounds interesting, we&#x27;d be particularly keen to hear your thoughts or if you might be interested in joining the beta (~June 2025).<p>thank you !!