CodeShield - See all attack paths in your cloud

See your cloud from an attacker’s perspective

Agentless Setup

Connect CodeShield to your AWS account(s)
and start scanning. No need to install further tools or runtime agents.

Cloud Model Generation

CodeShield builds a complete graph of your AWS cloud and combines all findings from AWS Config, Inspector, etc. into a single graph – giving you the big picture.

Attack Path Detection

CodeShield shows how attackers can combine multiple weaknesses and IAM privileges to move forward in your cloud.

1-click graph view

Discover critical attack paths and privilege escalations

CodeShield correlates vulnerabilities and misconfigurations into one single graph. This helps identify IAM privilege escalation vulernabilities and attack paths, that attackers can use to exploit your cloud.

While misconfigurations, vulnerabilities, or over-permissioned IAM policies can be dangerous on their own, successful attacks are built on combinations of multiple weaknesses. CodeShield reveals hidden connections, and checks if there are dangerous IAM policies that allow an attacker to further move or pivot inside your cloud.

Try it out

Seamless Integration

Integrate the AWS tools you already use

CodeShield automatically integrates findings from AWS Config, Amazon Inspector, and IAM Access Analyzer for computing attack paths and their impact on your cloud.

So you can achieve a full coverage of your AWS cloud, including serverless functions, databases and buckets, EC2 instances and ECS docker containers, network configurations and security groups, API gateways, IAM policies, and many more.