Skip to content

ARGUS

Agentless, offline Azure CSPM + attack-chain analysis. Your data never leaves your environment. Your rules are auditable. You own everything.

  • Get started in 60 seconds Download a binary, run one command, see your Azure posture.

  • 245 Rego rules Browse every check ARGUS performs, mapped to NIST 800-53, MITRE ATT&CK, and four compliance frameworks.

  • 51 attack chains Realistic, end-to-end attack narratives — not just lists of findings.

  • Trust & verification SLSA build provenance, cosign signatures, SPDX SBOM, CVE scan — how to verify every artifact.

Why ARGUS

Most cloud security scanners send your environment data to someone else's SaaS. ARGUS is a single binary that runs in your pipeline, your laptop, or your air-gapped network — and writes its report to your filesystem. It never phones home.

Positioning

Wiz is a dashboard that phones home. ARGUS is a scanner that ships in your pipeline and a dashboard you run yourself. Same findings. Your data. Your rules. Your environment.

What makes it different

ARGUS Typical CSPM SaaS
Runs in your environment
No data egress
Open, auditable rules Rego black box
Attack-chain analysis 51 chains Limited
Compliance packs SOC 2 / HIPAA / PCI / ISO Paid tier
Air-gap support
Price Free (OSS) $50K+/yr

Works everywhere

  • Windows Single .exe — no runtime dependencies.

  • macOS Intel + Apple Silicon binaries.

  • Linux amd64 + arm64 binaries, one-line install.

  • Docker Hardened Chainguard base, SLSA-provenanced.

Coverage at a glance

  • Identity — Entra ID, Conditional Access, PIM, Service Principals, App Registrations
  • Data — Storage, SQL, Cosmos DB, Key Vault, Data Lake, Databricks, Synapse
  • Network — NSGs, VNets, Private Endpoints, VPN, ExpressRoute, Front Door
  • Compute — VMs, VMSS, AKS, App Service, Function Apps, Container Apps
  • AI / ML — Azure OpenAI, Cognitive Services, ML Workspace
  • Integration — API Management, Event Grid, Service Bus, Logic Apps, Traffic Manager
  • Observability — Defender for Cloud, Activity Log, Diagnostic Settings, Sentinel
  • Key Management — Key Vault rotation, HSM, certificate lifecycle
  • Backup — Recovery Services Vault immutability, CRR, retention
  • DevOps — ARM / Bicep / Terraform IaC scanning

Get started See the rule catalog