Free AWS Security Whitepaper
    Toc Consulting Logo
    Back to all tools

    Lambda Security Scanner

    Production-ready Lambda security scanner with multi-framework compliance mapping

    A comprehensive AWS Lambda security scanner with 19 security checks across 5 categories and compliance mapping for 10 frameworks (81 controls). Features multi-threaded scanning, secret detection in environment variables, and interactive HTML dashboards.

    View on GitHub

    Features

    Security Analysis (5 categories, 19 checks)

    • Function Config: deprecated runtimes, env-var secrets, layers, X-Ray, DLQ
    • Access Control: public resource policy, unauthenticated function URL, IAM role scope
    • Network Security: VPC configuration, single-AZ, unrestricted SG egress
    • Logging & Monitoring: log retention, reserved concurrency
    • Code & Supply Chain: code signing, event-source-mapping failure destination

    Compliance

    • AWS FSBP (5 controls)
    • CIS AWS Compute Services Benchmark (8 controls)
    • PCI DSS v4.0.1 (8 controls)
    • HIPAA Security Rule (9 controls)
    • SOC 2 (11 controls)
    • ISO 27001/27017/27018
    • GDPR (8 controls), NIST 800-53 Rev5 (12 controls)

    Output

    • Security score 0-100 per function
    • JSON, CSV, HTML reports
    • Interactive dashboards with charts
    • Safe secret references (Secrets Manager / SSM / KMS) are not flagged

    Installation & Usage

    PyPI Installation

    pip install lambda-security-scanner

    Docker

    docker pull tarekcheikh/lambda-security-scanner:latest

    Commands

    # Scan all Lambda functions
lambda-security-scanner security


# Scan with a specific profile / region
lambda-security-scanner security --profile prod --region eu-west-1


# Output a specific format
lambda-security-scanner security -f html -o ./reports

    Security Checks

    Environment Variable SecretsCRITICAL
    Resource Policy Public AccessCRITICAL
    Function URL No AuthenticationCRITICAL
    Overly Permissive Execution RoleCRITICAL
    Function URL CORS Allows All OriginsHIGH
    Shared Execution RoleHIGH
    Deprecated / EOL RuntimeHIGH
    External Lambda LayersMEDIUM
    Unrestricted SG Egress / Log Retention MissingMEDIUM
    X-Ray Tracing Disabled / No DLQ / No Reserved ConcurrencyLOW

    Compliance Frameworks

    5 controls
    AWS FSBP
    8 controls
    CIS AWS Compute Services Benchmark
    8 controls
    PCI DSS v4.0.1
    9 controls
    HIPAA Security Rule
    11 controls
    SOC 2
    11 controls
    ISO 27001:2022
    8 controls
    GDPR
    12 controls
    NIST 800-53 Rev5

    Need Help Implementing?

    We can help you deploy and customize this tool for your specific needs, or build custom solutions.

    Contact Us