Launch HN: Slauth (YC S22) – auto-generate secure IAM policies for AWS and GCP

1

Wiz

Hi HN, We're Daniel and Bruno and working on [Slauth.io]([https://slauth.io/](https://slauth.io/)) or give our open-source CLI a try with one of the sample repo's on [GitHub]([https://github.com/slauth-io/slauth-cli](https://github.com/slauth-io/slauth-cli)) and [Wiz.io]([http://Wiz.io](http://wiz.io/)) visualize IAM misconfigurations post deployment but don't actually change engineering behavior, leaving organizations in a constant loop of engineers deploying over-permissive policies ⇒ security engineers/CISO's getting alerts ⇒ Jira tickets created begging developers to remediate ⇒ New over-permissive policies being deployed again. We interviewed hundreds of developers and DevOps engineers and discovered two key pain points: 1. *IAM is a Hassle:* Developers despise dealing with IAM intricacies.

#Productivity #Developer Tools #Tech 4 social mentions

2

GitHub

Hi HN, We're Daniel and Bruno and working on [Slauth.io]([https://slauth.io/](https://slauth.io/)) or give our open-source CLI a try with one of the sample repo's on [GitHub]([https://github.com/slauth-io/slauth-cli](https://github.com/slauth-io/slauth-cli)) and [Wiz.io]([http://Wiz.io](http://wiz.io/)) visualize IAM misconfigurations post deployment but don't actually change engineering behavior, leaving organizations in a constant loop of engineers deploying over-permissive policies ⇒ security engineers/CISO's getting alerts ⇒ Jira tickets created begging developers to remediate ⇒ New over-permissive policies being deployed again. We interviewed hundreds of developers and DevOps engineers and discovered two key pain points: 1. *IAM is a Hassle:* Developers despise dealing with IAM intricacies.

#Code Collaboration #Git #Version Control 2039 social mentions

3

Ermetic

Hi HN, We're Daniel and Bruno and working on [Slauth.io]([https://slauth.io/](https://slauth.io/)) or give our open-source CLI a try with one of the sample repo's on [GitHub]([https://github.com/slauth-io/slauth-cli](https://github.com/slauth-io/slauth-cli)) and [Wiz.io]([http://Wiz.io](http://wiz.io/)) visualize IAM misconfigurations post deployment but don't actually change engineering behavior, leaving organizations in a constant loop of engineers deploying over-permissive policies ⇒ security engineers/CISO's getting alerts ⇒ Jira tickets created begging developers to remediate ⇒ New over-permissive policies being deployed again. We interviewed hundreds of developers and DevOps engineers and discovered two key pain points: 1. *IAM is a Hassle:* Developers despise dealing with IAM intricacies.

#Cyber Security #Identity And Access Management #Data Security And DLP 2 social mentions

3. *Differentiation:* How are you different from IAMLive, IAMBic AccessAnalyzer or Policy Sentry? To address the first concern, we don't access your code directly. Instead, we offer a CLI that integrates into your CI/CD pipeline, allowing local code scanning. [Slauth.io]([http://slauth.io/](http://slauth.io/)) you actually get a granular least privilege policy. Lastly, access analyzer is used to harden security policies which have already been deployed which is similar to other cloud scanning tools and creates a strange reactive process to security. The new access-analyzer feature checks policy diffs in your CDK but again doesn't actually generate the policy pre-deployment. We recognise some engineers are very capable of creating secure policies but similar to using Checkov and TFscan in the context of IaC deployment, we believe using Slauth.io will become a necessity in your CI/CD when deploying service permissions to make sure no IAM misconfiguration appear in the cloud. Would love to get your feedback and feel free to interact on our Github repo and join our Slack community. <img src="https://drive.google.com/uc?id=1gRjDgEVCayr-AraXGOKNYwMq4QixGED3" height="100px" alt="to the moon logo"/> To the moon.

#Virtual Reality #AI #Video Streaming 20 social mentions