Hi HN,<p>We're building Kexa.io (<a href="https://github.com/kexa-io/Kexa">https://github.com/kexa-io/Kexa</a>), an open-source tool developed in France (incubated at Euratech Cyber Campus) to help teams automate the often tedious process of verifying IT security and compliance. Keeping track of configurations across diverse assets (servers, K8s, cloud resources) and ensuring they meet security baselines (like CIS benchmarks, etc.) manually is challenging and error-prone.<p>Our goal with the open-source core is to provide a straightforward way to define checks, scan your assets, and get clear reports on your security posture. You can define your own rules or use common standards.<p>We are now actively developing our SaaS offering, planned for a beta release around June 2025. The key feature will be an AI-powered security administration agent specifically designed for cloud environments (initially targeting AWS, GCP, Azure). Instead of just reporting issues, this agent will aim to provide proactive, actionable recommendations and potentially automate certain remediation tasks to simplify cloud security management and hardening.<p>We'd love for the HN community to check out the open-source project on GitHub. Feedback on the concept or the current tool is highly welcome, and a star if you find it interesting helps others discover the project! If the upcoming AI-powered cloud security agent sounds interesting, we'd be particularly keen to hear your thoughts or if you might be interested in joining the beta (~June 2025).<p>thank you !!
Looks interesting, and I'll be diving into it a bit deeper, but I just wanted to mention that this quote:<p>"<i>even non-experts can guarantee the security of their cloud environments</i>"<p>Even though I understand that this is part of a marketing blurb, not a literal guarantee, it was an immediate yellow-flag for me. No tool can possibly <i>guarantee</i> the security of my cloud environment, so please don't imply/say your tool can. It reminds me of shady VPN companies guaranteeing my security by providing me with "military-grade encryption".<p>To be abundantly clear, I am <i>not</i> saying that this product is shady or anything -- I have not had the time to evaluate it in the depth needed -- but statements like that make the rest of the pitch an uphill battle. For me, at least.
An admittedly superficial comment: what is your logo supposed to be? A mouse? Reminds me of that famous young/old optical illusion: <a href="https://www.braingle.com/brainteasers/26745/old-or-young-woman.html" rel="nofollow">https://www.braingle.com/brainteasers/26745/old-or-young-wom...</a><p>Great job on the tool, by the way. Anything to improve the security posture of companies is a good thing!
I’m always a fan of automated compliance and vulnerability management tooling - looking forward to giving this a spin at some point.<p>One bit of UX feedback: your “Offers” page isn’t rendering correctly on my iPhone (14 Pro) device. The text isn’t wrapping, graphics don’t seem to be scaling, and the columns are misaligned.<p>Once the current network rebuild is done, I’m looking forward to rolling this and Wazuh to try out both.
FYI seems like multiple typos in the GitHub description that shows at the top (not in the readme)<p>Quoting it here:<p>> Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low in infrastructure costs, in turns complexity into simplicity.