Skip to content

Tools Integration

Melvin PETIT edited this page Jun 17, 2026 · 1 revision

Tools, Integration (IAM, Cloud, CI/CD)

11 tools covering identity, secrets, container/IaC/cloud vulnerability scanning, SAST, DAST and secret detection in repositories.

Deploy with ./medusa.sh deploy <name> or the interactive menu (option 3).

Tool Type Role
keycloak docker IAM, SSO, MFA, identity federation
teleport cli PAM, privileged access SSH/Kubernetes/DB
vault docker Secrets manager (dev mode)
trivy cli Container & IaC vulnerability scanner
semgrep cli SAST, static code analysis
owasp-zap docker DAST, web security scanner
gitleaks cli Secret detection in Git repositories
checkov cli Static IaC analysis (Terraform, Kubernetes)
prowler cli Cloud security audit (AWS/Azure/GCP)
scoutsuite cli Multi-cloud audit with HTML report
falco docker Cloud-native runtime threat detection

keycloak

Identity and access management: SSO, MFA, federation. Image quay.io/keycloak/keycloak:26.2 with a PostgreSQL backend.

  • URL: http://localhost:8180 — admin console at /admin, user admin, password generated and saved to credentials.txt

teleport

cli. Privileged access management for SSH, Kubernetes and databases. Installed via the official goteleport.com installer.

  • Command: teleport
  • Ports: 3023 (SSH proxy), 3080 (web)
  • Some operations require root, the sub-menu offers to re-run with sudo.

vault

HashiCorp Vault secrets manager. Image pinned to hashicorp/vault:1.21.4.

  • URL: http://localhost:8200
  • CLI: export VAULT_ADDR=http://localhost:8200
  • ⚠️ Deployed in dev mode: in-memory storage, single unseal key, predictable root token. Never use this for production secrets. See Security.

trivy

cli. Vulnerability scanner for container images, filesystems and IaC. Installed by downloading the official Aqua installer to a temp file, then running it.

  • Command: trivy
  • Examples: trivy image <image:tag>, trivy fs <path>, trivy config <path>

semgrep

cli. Static application security testing. Installed via pip/pipx.

  • Command: semgrep

owasp-zap

DAST web application scanner. Image pinned to zaproxy/zap-stable:2.17.0.

  • URL: http://localhost:8090/zap/

gitleaks

cli. Detects secrets committed to Git repositories.

  • Command: gitleaks

checkov

cli. Static analysis for IaC (Terraform, CloudFormation, Kubernetes). Installed via pip/pipx.

  • Command: checkov

prowler

cli. Cloud security posture audit for AWS, Azure and GCP. Installed via pip/pipx.

  • Command: prowler
  • The sub-menu helps configure cloud credentials before a scan.

scoutsuite

cli. Multi-cloud security auditing, produces an HTML report.

  • Command: scout (the binary name differs from the tool name)

falco

Cloud-native runtime threat detection. Image pinned to falcosecurity/falco:0.44.1.

  • Runs as a daemon, no web interface. Alerts are emitted to logs; follow them with ./medusa.sh logs falco.

Next: Tools-OT · Ports-Reference

Clone this wiki locally