cloudgraphdev / cli Goto Github PK

The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent.

License: Mozilla Public License 2.0

JavaScript 5.07% Batchfile 0.04% TypeScript 92.09% AppleScript 1.60% Ruby 1.21%

aws gcp azure graphql devops developer-tools devops-tools kubernetes security-tools cspm

cli's Introduction

CloudGraph is the free open-source universal GraphQL API and Cloud Security Posture Management (CSPM) tool for AWS, Azure, GCP, and K8s. With CloudGraph you get:

Free and effortless compliance checks (i.e. Azure CIS 1.3.1, GCP CIS 1.2, AWS CIS 1.2, AWS CIS 1.3, AWS CIS 1.4, AWS PCI 3.2.1, AWS NIST 800-53 Rev. 4)
Type-Safe asset inventories for all of your resources in all of your cloud environments
Automatically generated documentation and query validation - know if your query is valid before you send it!
Full resource data including relationships between resources so you can understand context
Historical snapshots of your data over time
A single endpoint to query all of your cloud data at once (i.e. get AWS + GCP data in the same query, or compare AWS stage with AWS prod)
Enhanced billing data (AWS only)
Enhanced CloudWatch data (AWS EC2 only)

Cloud Graph lets you Know your cloud in 5 minutes. Built and maintained with love by the team at ❤️ AutoCloud ❤️

🌐 Website

💻 Documentation

💰 Get paid to build CloudGraph providers

Join the conversation

Amazing companies using CloudGraph**
Why CloudGraph
How It Works
Authentication and Permissions
Install
Quick Start
Loading Previous Versions
Supported Services
Example Queries
Query Tools
Community
Contribution Guidelines
Deployment Options
Hosted Version
Debugging
Common Errors
Commands

Amazing companies using CloudGraph**

** usage does not imply endorsement

Why CloudGraph

AWS, Azure, and GPC have done a wonderful job of building solutions that let engineers like us create systems to power our increasingly interconnected world. Over the last 15 years, products such as EC2, S3, RDS, and Lambda have fundamentally changed how we think about computing, storage, and databasing.

With the proliferation of Kubernetes and Serverless in the last 5 or so years, cloud services have become increasingly abstract on top of racks of physical servers. To end-users, everything on the cloud is just an API, so we don't necessarily need to know how Lambda Functions or EKS work under the hood to be able to use them for building applications. With a little documentation, API or console access, and a tutorial anyone can pretty much create anything they need.

These abstractions have led to massive improvements in the overall convenience and breadth of CSP service offerings. What was once a painstaking, time-consuming, and error-prone process of provisioning new servers, databases, or filesystems can now be done in seconds with just the click of a button or deployment of IAC. Since everything is just an API abstraction, when a CAP is ready to introduce a new "product" they simply need to expose a new API - yes, I'm of course simplifying slightly :)

Anyone familiar with the CSPs knows that service APIs are almost always split into modular namespaces that contain dozens, if not hundreds, of separate API methods for single resources. For example, the AWS EC2 service contains over 500 different API methods, with new ones added occasionally. Any company building substantial systems on a CSP is likely using many, many different services.

While a masterpiece of datacenter architecture, this choice of hundreds of services and configuration options put the burden of knowledge on how to properly use these services squarely on us engineers. As a result, we find ourselves having to constantly stay up to date and learn about all the service offerings or new changes. This takes a significant amount of time and mental energy. As developers, it can be difficult, time-consuming, and frustrating to use the AWS CLI to make 5 different API calls to describe, as an example, an AWS ECS cluster, its services, task definitions, tasks, container definitions, etc. We often find ourselves lost in documentation and having to use half a dozen of APIs to get answers to questions like "What exactly is running in this VPC?"

This means that AWS, Azure, and GCP can feel overwhelming quickly even to seasoned cloud architects. While the CSPs are fantastic at building the actual services that power our businesses, not a lot of headway has been into simplifying the day-to-day UX of querying these hundreds of services in a sane manner.

New solutions like the Cloud Control API for AWS have attempted to create a standardized interface for querying many different types of AWS resources. Unfortunately, the Cloud Control API's usage is severely limited, and users still need to know how to correctly query their data. This means more time spent reading documentation and understanding how services work and are related to one another.

While the modularity of the CSP APIs is a great logical organization system and does make sense, it's a burden on end-users in terms of the cognitive overhead and learning curve. Having to remember how hundreds of constantly changing services work and are connected leads to a caffeine addiction and time wasted playing detective.

Wouldn't it be great if we as DevOps/Cloud engineers had a simpler way to get our data out of AWS, Azure, GCP and the others? One that reflected our need to easily query any data about any service in any account without having to spend hours on docs or stack overflow?

It is for these reasons that we built CloudGraph, the GraphQL API for everything cloud. CloudGraph extracts, normalizes, processes, and enriches your cloud data allowing you to access deep insights across multiple providers effortlessly. Check out our blog post The GraphQL API for everything to learn more.

How It Works

Note that CloudGraph requires READ ONLY permissions to run and as such can never mutate your actual cloud infrastructure. Additionally, none of your cloud environment information is ever sent to or shared with CloudGraph, AutoCloud, or any other third parties.

Under the hood, CloudGraph reaches out to your cloud provider(s), sucks up all of the configuration data, processes it, and stores a copy of this data for you in Dgraph. It then exposes an endpoint at http://localhost:8997 that allows you to write GraphQL Queries against your stored data. These queries not only allow you do to anything that you would do with say, the AWS SDK/CLI, but they also allow you to run much more powerful queries as well. CloudGraph ships with pre-packaged GraphQL query tools including GraphQL Playground and Altair but you can also feel free to use your own. It also includes a schema visualization tool called Voyager so you can understand relationships between entities.

Authentication and Permissions

CloudGraph currently supports AWS, Azure, GCP, K8s, and Tencent (several others coming soon). CloudGraph needs read permissions in order to ingest your data. To keep things easy you can use the same permissions that we use internally when we run CloudGraph to power AutoCloud. Here are the auth guides and details for how to generate credentials for each provider (feel free to leave out AutoCloud specific configuration):

Install

System Requirements

Docker

There are 2 ways to install the CloudGraph CLI

Homebrew (Recommended)

You can install CloudGraph using homebrew with the following command: brew install cloudgraphdev/tap/cg

NPM

Requires Node 16+

Use this command to install and update CloudGraph to the latest version.

npm i -g @cloudgraph/cli

You can then add the providers you want (links to provider repos: AWS, Azure, GCP, K8s, Tencent Docs):

cg init aws
cg init azure
cg init gcp
cg init k8s
cg init tencent

You can also add as many as you want all at once

cg init aws azure gcp k8s tencent

And add in compliance policy packs to supplement your data with instant security insights:

cg policy add gcp-cis-1.2.0
cg policy add azure-cis-1.3.1
cg policy add aws-cis-1.2.0
cg policy add aws-cis-1.3.0
cg policy add aws-cis-1.2.0
cg policy add aws-pci-dss-3.2.1
cg policy add aws-nist-800-53-rev4

You can find a list of currently supported policy packs in the Policy Packs repo

Quick Start

You can get up and running with three simple commands:

cg init

This initializes CloudGraph's configuration. This command will ask you a series of questions about what providers you are using and how you would like CloudGraph configured.

cg launch

This command launches an instance of Dgraph, the graphdb CloudGraph uses to store data under the hood. Note that there are 2 ways to launch an instance. BOTH of these require Docker to be installed and running. The preferred solution is to use our cg launch convenience command.

Note that if you do not want to use this command, for example, if you want to launch the Dgraph container in interactive mode, you can use the docker command below.

  docker run -it -p 8995:5080 -p 8996:6080 -p 8997:8080 -p 8998:9080 -p 8999:8000
  --label cloudgraph-cli-dgraph-standalone -v ~/dgraph:/dgraph --name dgraph dgraph/standalone:v21.03.1

cg scan

Scan for cloud infrastructure for all configured providers. This command will reach out and read all of the metadata on your cloud infrastructure. Note that it is completely normal to see warnings and errors while the cg scan command runs, these are usually caused by permissions issues. That said, if you encounter any problematic errors running CloudGraph you can prepend CG_DEBUG=5 to the beginning of your command as in, CG_DEBUG=5 cg scan. This will print out the verbose logs with more information and save the output to cg-debug.log. Please share your logs with us either by opening an issue on GitHub or let us know in our Slack Workspace.

That's it, you are all set to start querying! The query tool you selected during the cg init command will then be opened in your preferred browser to run queries, mutations, and visualizations on all of your cloud infrastructure! Note that if you installed any policy packs, such as AWS CIS 1.2, policy pack insight data will be automatically added to your cloud data!

Note that you may also use any GraphQL query tool you would like by connecting it to http://localhost:8997/graphql.

Stopping the Dgraph instance

To stop the Dgraph instance(stop the dgraph container) run:

cg teardown

Additionally if you wish to remove the container after stopping it, run:

cg teardown --delete-image

Loading Previous Versions

CloudGraph stores as many previous versions of your data as you configured in the cg init command. In order to load and query a previous version of your data simply run the cg load command and select the version of your data you wish to inspect like so:

Supported Services

You can find the list of services currently supported for each provider in the following provider repos:

Example Queries

Link to full documentation: https://docs.cloudgraph.dev/overview.

To use CloudGraph, you will need to be familiar with GraphQL. This section contains a handful of example queries to get you up and running but is by no means exhaustive. If you can dream it up, you can query it! Note that you can find hundreds of additional example queries in the documentation.

Basic Query Syntax Examples:

Note: this section will focus on AWS, but the same ideas apply other provider like Azure and GCP

To explain how CloudGraph works consider the following query that you can run to get the ID and ARN of a single EC2 instance. Note that for the purposes of these examples we will just request the IDs and ARNs of AWS resources to keep things terse, but you can query whatever attributes you want:

query {
  getawsEc2(
    arn: "arn:aws:ec2:us-east-1:123445678997:instance/i-12345567889012234"
  ) {
    id
    arn
  }
}

This query will return a JSON payload that looks like this. All of the following examples will follow suit:

{
  "data": {
    "getawsEc2": {
      "id": "i-12345567889012234",
      "arn": "arn:aws:ec2:us-east-1:123445678997:instance/i-12345567889012234"
    }
  },
  "extensions": {
    "touched_uids": 4
  }
}

Get the ID and ARN of each EC2 in all the AWS accounts you have scanned:

query {
  queryawsEc2 {
    id
    arn
  }
}

Get the ID and ARN of all EC2 instances in one of your AWS accounts by filtering the accountId:

query {
  queryawsEc2(filter: { accountId: { eq: "123456" } }) {
    id
    arn
  }
}

Get the ID and ARN of each EC2 in "us-east-1" using a regex to search the ARN:

query {
  queryawsEc2(filter: { arn: { regexp: "/.*us-east-1.*/" } }) {
    id
    arn
  }
}

Do the same thing but checking to see that the region is equal to "us-east-1" instead of using a regex:

query {
  queryawsEc2(filter: { region: { eq: "us-east-1" } }) {
    id
    arn
  }
}

Do the same thing but checking to see that the region contains "us-east-1" in the name instead of using eq:

query {
  queryawsEc2(filter: { region: { in: "us-east-1" } }) {
    id
    arn
  }
}

Get the ID and ARN of each M5 series EC2 instance in "us-east-1"

query {
  queryawsEc2(
    filter: { region: { eq: "us-east-1" }, instanceType: { regexp: "/^m5a*/" } }
  ) {
    id
    arn
  }
}

Do the same thing but skip the first found result (i.e. offset: 1) and then only return the first two results after that (i.e. first: 2) and order those results by AZ in ascending order (order: { asc: availabilityZone }) so that instance(s) in "us-east-1a" are returned at the top of the list.

query {
  queryawsEc2(
    filter: { region: { eq: "us-east-1" }, instanceType: { regexp: "/^m5a*/" } }
    order: { asc: availabilityZone }
    first: 2
    offset: 1
  ) {
    id
    arn
  }
}

Do the same thing but also include the EBS Volume that is the boot disk for each EC2 instance:

query {
  queryawsEc2(
    filter: { region: { eq: "us-east-1" }, instanceType: { regexp: "/^m5a*/" } }
    order: { asc: availabilityZone }
    first: 2
    offset: 1
  ) {
    id
    arn
    ebs(filter: { isBootDisk: true }, first: 1) {
      id
      arn
      isBootDisk
    }
  }
}

Do the same thing, but also include the SGs and ALBs for each EC2. For the ALBs, get the EC2s that they are connected to along with the ID and ARN of each found EC2 instance (i.e. a circular query).

query {
  queryawsEc2(
    filter: { region: { eq: "us-east-1" }, instanceType: { regexp: "/^m5a*/" } }
    order: { asc: availabilityZone }
    first: 2
    offset: 1
  ) {
    id
    arn
    ebs(filter: { isBootDisk: true }, first: 1) {
      id
      arn
      isBootDisk
    }
    securityGroups {
      id
      arn
    }
    alb {
      id
      arn
      ec2Instance {
        id
        arn
      }
    }
  }
}

Get each VPC, the ALBs and Lambdas in that VPC, and then a bunch of nested sub-data as well. Also get each S3 Bucket in us-east-1. Also get the SQS queue with an ARN of arn:aws:sqs:us-east-1:8499274828484:autocloud.fifo and check the approximateNumberOfMessages. You get the idea, CloudGraph is extremely powerful.

query {
  queryawsVpc {
    id
    arn
    alb {
      id
      arn
      ec2Instance {
        id
        arn
        ebs(filter: { isBootDisk: true }) {
          id
          arn
        }
      }
    }
    lambda {
      id
      arn
      kms {
        id
        arn
      }
    }
  }
  queryawsS3(filter: { region: { eq: "us-east-1" } }) {
    id
    arn
  }
  getawsSqs(arn: "arn:aws:sqs:us-east-1:8499274828484:autocloud.fifo") {
    approximateNumberOfMessages
  }
}

AWS security, compliance, and governance examples:

CloudGraph Policy Packs guarantee compliance across existing infrastructure for a given cloud provider. Packs are based on sets of rules/benchmarks provided by security organizations like the Center for Internet Security with the objective of keeping your infrastructure up-to-date with industry security standards. Once you have added a policy pack using the cg policy add command (i.e. cg policy add aws-cis-1.2.0) each time you run a scan CloudGraph will automatically execute your configured policies. Those results will be stored at Dgraph and linked to your existing resources, making it easy to query your compliance results alongside your resources.

For more information on currently available policy packs please visit our Policy Packs repo

Use the CloudGraph Policy Pack for AWS CIS 1.2 to query all of your CIS findings for all of your AWS Accounts:

query {
  queryawsCISFindings {
    id
    resourceId
    result
    rule {
      id
      description
      severity
    }
  }
}

If you want to query several different compliance findings for a given provider like AWS at once, you can request them like this:

query {
  queryawsFindings {
    CISFindings {
      id
      resourceId
      result
      rule {
        id
        description
        severity
      }
    }
    AutoCloudFindings {
      id
      resourceId
      result
      rule {
        id
        description
        severity
      }
    }
  }
}

For each CIS rule, get the resources that the rule is associated with, in this case we are quering IAM user's data to see which pass and fail:

query {
  queryawsCISFindings {
    id
    resourceId
    result
    rule {
      id
      description
      severity
    }
    iamUser {
      id
      arn
      name
    }
  }
}

If you wanted to understand the CIS rules that apply to a particular IAM User you could use the following query:

query {
  getawsIamUser(id: "123456789") {
    name
    CISFindings {
      id
      resourceId
      result
      rule {
        id
        description
        severity
      }
    }
  }
}

Even if you don't have any policy packs installed, you can still write powerful security queries like this to find all the unencrypted EBS Volumes:

query {
  queryawsEbs(filter: { encrypted: false }) {
    id
    arn
    availabilityZone
    encrypted
  }
}

Find all the public S3 Buckets:

query {
  queryawsS3(filter: { access: { eq: "Public" } }) {
    id
    arn
    access
  }
}

Find all the S3 Buckets that are themselves public or that can have Objects that are public in them:

query {
  queryawsS3(filter: { not: { access: { eq: "Private" } } }) {
    id
    arn
    access
  }
}

Find all the KMS keys in "us-east-1":

query {
  queryawsKms(filter: { arn: { regexp: "/.*us-east-1.*/" } }) {
    id
    arn
    description
    keyRotationEnabled
    tags {
      key
      value
    }
  }
}

Find all the burstable T series instances:

query {
  queryawsEc2(filter: { instanceType: { regexp: "/^t.*/" } }) {
    id
    arn
    availabilityZone
    instanceType
  }
}

Find the default VPCs:

query {
  queryawsVpc(filter: { defaultVpc: true }) {
    id
    arn
    defaultVpc
    state
  }
}

Find the public ALBs:

query {
  queryawsAlb(filter: { scheme: { eq: "internet-facing" } }) {
    id
    arn
    dnsName
    createdAt
    tags {
      key
      value
    }
  }
}

Find all of the EC2s, Lambdas, and VPCs that have a Tag value of "Production":

query {
  queryawsTag(filter: { value: { eq: "Production" } }) {
    key
    value
    ec2Instance {
      id
      arn
    }
    lambda {
      id
      arn
    }
    vpc {
      id
      arn
    }
  }
}

Do the same thing but look for both a key and a value:

query {
  queryawsTag(
    filter: { key: { eq: "Environment" }, value: { eq: "Production" } }
  ) {
    key
    value
    ec2Instance {
      id
      arn
    }
    lambda {
      id
      arn
    }
    vpc {
      id
      arn
    }
  }
}

Do the same thing using getawsTag instead of queryawsTag. Note that when searching for tags using getawsTag your must specify both the key and value as the id like is done below with "Environment:Production":

query {
  getawsTag(id: "Environment:Production") {
    key
    value
    ec2Instance {
      id
      arn
    }
    lambda {
      id
      arn
    }
    vpc {
      id
      arn
    }
  }
}

AWS FinOps examples:

Note that billing data is currently only available for AWS. In order to successfully ingest FinOps related data you must have the Cost Explorer API enabled in your AWS Account. You can view how to do that here

Get the total cost of your AWS Account for the last 30 days, the total cost of your AWS Account month to date, a breakdown of each service and its cost for the last 30 days, and a breakdown of each service and its cost month to date as well as the monthly and month to date average costs:

query {
  queryawsBilling {
    totalCostLast30Days {
      cost
      currency
      formattedCost
    }
    totalCostMonthToDate {
      cost
      currency
      formattedCost
    }
    monthToDate {
      name
      cost
      currency
      formattedCost
    }
    last30Days {
      name
      cost
      currency
      formattedCost
    }
    monthToDateDailyAverage {
      name
      cost
      currency
      formattedCost
    }
    last30DaysDailyAverage {
      name
      cost
      currency
      formattedCost
    }
  }
}

This query will return a JSON payload that looks like this:

{
  "data": {
    "queryawsBilling": [
      {
        "totalCostLast30Days": {
          "cost": 7088.87,
          "currency": "USD",
          "formattedCost": "$7088.87"
        },
        "totalCostMonthToDate": {
          "cost": 7089.28,
          "currency": "USD",
          "formattedCost": "$7089.28"

        },
        "monthToDate": [
          {
            "name": "Amazon Relational Database Service",
            "cost": 548.68,
            "currency": "USD",
            "formattedCost": "$548.68"
          },
          {
            "name": "Amazon Managed Streaming for Apache Kafka",
            "cost": 67.49,
            "currency": "USD",
            "formattedCost": "$67.49"
          },
          {
            "name": "Amazon OpenSearch Service",
            "cost": 1155.04,
            "currency": "USD",
            "formattedCost": "$1155.04"
          }
          ...More Services
        ],
        "last30Days": [
          {
            "name": "AWS Step Functions",
            "cost": 330.20,
            "currency": "USD",
            "formattedCost": "$330.20"
          },
          {
            "name": "Amazon Elastic Container Service for Kubernetes",
            "cost": 194.40,
            "currency": "USD",
            "formattedCost": "$194.40"
          },
          {
            "name": "AmazonCloudWatch",
            "cost": 310.54,
            "currency": "USD",
            "formattedCost": "$310.54"
          }
          ...More Services
        ],
        "monthToDateDailyAverage": [
          {
            "name": "Amazon Relational Database Service",
            "cost": 54.86,
            "currency": "USD",
            "formattedCost": "$54.86"
          },
          {
            "name": "Amazon Managed Streaming for Apache Kafka",
            "cost": 6.74,
            "currency": "USD",
            "formattedCost": "$6.74"
          },
          {
            "name": "Amazon OpenSearch Service",
            "cost": 115.50,
            "currency": "USD",
            "formattedCost": "$115.50"
          }
          ...More Services
        ],
        "last30DaysDailyAverage": [
          {
            "name": "AWS Step Functions",
            "cost": 33.01,
            "currency": "USD",
            "formattedCost": "$33.01"
          },
          {
            "name": "Amazon Elastic Container Service for Kubernetes",
            "cost": 19.44,
            "currency": "USD",
            "formattedCost": "$19.44"
          },
          {
            "name": "AmazonCloudWatch",
            "cost": 31.05,
            "currency": "USD",
            "formattedCost": "$31.05"
          }
          ...More Services
        ],
      }
    ]
  },
  "extensions": {
    "touched_uids": 212
  }
}

Get each EC2 instance in your AWS account along with its daily cost:

query {
  queryawsEc2 {
    arn
    dailyCost {
      cost
      currency
      formattedCost
    }
  }
}

This query will return a JSON payload that looks like this. All of the following examples will follow suit:

{
{
  "data": {
    "queryawsEc2": [
      {
        "arn": "arn:aws:ec2:us-east-1:12345678910:instance/i-0c8b3vhfgf8df923f",
        "dailyCost": {
          "cost": 2.06,
          "currency": "USD",
          "formattedCost": "$2.06"
        }
      },
      {
        "arn": "arn:aws:ec2:us-east-1:12345678910:instance/i-060b3dsfds7sdf62e3",
        "dailyCost": {
          "cost": 2.06,
          "currency": "USD",
          "formattedCost": "$2.06"
        }
      },
     ...More EC2 Instances
    ]
  },
  "extensions": {
    "touched_uids": 28
  }
}

Get each NAT Gateway in your AWS account along with its daily cost:

query {
  queryawsNatGateway {
    arn
    dailyCost {
      cost
      currency
      formattedCost
    }
  }
}

AWS CloudWatch example:

CloudGraph ingests your CloudWatch Metric data and stores it along with select AWS services. This feature is currently in beta and will work for EC2 only:

query {
  queryawsEc2 {
    arn
    cloudWatchMetricData {
      lastWeek {
        cpuUtilizationAverage
        networkInAverage
        networkOutAverage
        networkPacketsInAverage
        networkPacketsOutAverage
        statusCheckFailedSum
        statusCheckFailedInstanceSum
        statusCheckFailedSystemSum
        diskReadOpsAverage
        diskWriteOpsAverage
        diskReadBytesAverage
        diskWriteBytesAverage
      }

      lastMonth {
        cpuUtilizationAverage
        networkInAverage
        networkOutAverage
        networkPacketsInAverage
        networkPacketsOutAverage
        statusCheckFailedSum
        statusCheckFailedInstanceSum
        statusCheckFailedSystemSum
        diskReadOpsAverage
        diskWriteOpsAverage
        diskReadBytesAverage
        diskWriteBytesAverage
      }
      last6Hours {
        cpuUtilizationAverage
        networkInAverage
        networkOutAverage
        networkPacketsInAverage
        networkPacketsOutAverage
        statusCheckFailedSum
        statusCheckFailedInstanceSum
        statusCheckFailedSystemSum
        diskReadOpsAverage
        diskWriteOpsAverage
        diskReadBytesAverage
        diskWriteBytesAverage
      }
      last24Hours {
        cpuUtilizationAverage
        networkInAverage
        networkOutAverage
        networkPacketsInAverage
        networkPacketsOutAverage
        statusCheckFailedSum
        statusCheckFailedInstanceSum
        statusCheckFailedSystemSum
        diskReadOpsAverage
        diskWriteOpsAverage
        diskReadBytesAverage
        diskWriteBytesAverage
      }
    }
  }
}

Thinking in terms of a graph:

When you think, "in terms of a graph", you can do almost anything with CloudGraph. Say for example that you want to know what Lamba functions don't belong to a VPC (i.e. they don't leverage VPC networking). Because CloudGraph connects all resources that have relationships, such as VPC parents to their Lambda children, you are able to answer this question easily. Simply check to see what lambda functions the VPC is "connected" to, and compare that against the list of all lambda functions like so:

query {
  queryawsVpc {
    id
    arn
    lambda {
      id
      arn
    }
  }
  queryawsLambda {
    id
    arn
  }
}

Limitations

Today, the biggest limitation with CloudGraph and our query abilities is we don't support nested filtering based on child attributes. So for example, as cool as it would be to do the following, it's just not possible yet:

query {
  # This won't work just yet...
  queryawsEc2(filter: { ebs: { isBootDisk: true } }) {
    id
    arn
    ebs {
      id
      arn
    }
  }
  # So you have to do this instead :(
  queryawsEc2 {
    id
    arn
    ebs(filter: { isBootDisk: true }) {
      id
      arn
    }
  }
}

This is actually not a limitation of CloudGraph, but rather a feature that still needs to be implemented with Dgraph. You can view and comment on the discussion thread here

Query Tools

CloudGraph ships with 2 awesome query tools and a GraphQL schema explorer. Remember, you can use ANY GraphQL query tool if you would prefer another option, just connect it to your exposed /graphql endpoint!

GraphQL Playground

GraphQL playground has a fluid and engaging UX that is great for querying a GraphQL schema quickly and simply. It has built-in automatically generated documentation and auto-completion while you type. To access playground, either select it as your preferred query tool in the init command OR visit /playground in the server CG spins up.

Altair

Altair is another great GraphQL query tool that packs a ton of features for power users. Do things like autocomplete queries, dynamically add fragments, and export/import collections of queries. To access Altair, either select it as your preferred query tool in the init command OR visit /altair in the server CG spins up.

Voyager

GraphQL Voyager is an awesome way to explore the schema(s) for your CG providers. It gives you a great bidirectional chart containing all your types and queries. You can click entities or arrows to discover connections, search for something specific, and get a deeper understanding of your schema. To access voyager, visit /voyager in the server CG spins up.

Community

Comments, questions, or feedback? Please Join Our Slack Workspace we would love to hear from you.

Contribution Guidelines

If you're interested in contributing to CloudGraph please check out our Contribution Guidelines.

Deployment Options

You can either run CloudGraph locally, or you can deploy it to your cloud provider of choice. Terraform modules and guides for cloud deployments are coming soon!

Hosted Version

Interested in a fully managed SaaS/self hosted version of CloudGraph that has built in 3D visualization capabilities, automated scans, and hundreds of additional compliance checks? Check out AutoCloud for more details.

Debugging

If you encounter any errors running CloudGraph you can prepend CG_DEBUG=5 to the beginning of your command as in, CG_DEBUG=5 cg scan. This will print out the verbose logs with more information that you can then use to either open an issue on GitHub or let us know in our Slack Workspace.

Common Errors

There are some common errors you may see when running CloudGraph that are usually related to permisions or connection issues.

⚠️ unable to make some connections - This warning in the scan report appears when CG tries to make a connection between two resources and is unable to do so. If you see this using one of CG's offically supported providers, please create a new issue so we can solve it. The most common cause of this error is a bug in the underlying provider's resource connection logic.
🚫 unable to store data in Dgraph - This error in the scan report appears when CG tries to insert some cloud provider data into the graph DB and it fails. Any services with this error will be unable to be queried in the GraphQL query tool. This usually happens when CG is unable to grab required data (such as an arn) for a resource due to an error when calling the provider SDK, commonly due to a lack of authorization.
Provider {name}@${version} requires cli version {version} but cli version is ${version} - This warning means you have incompatible versions of CG and the provider you are trying to use. Try updating CG npm install -g @cloudgraphdev/cli and the provider module cg provider update so both are at the latest version. You can also check the proivder's pacakge.json to see what versions of CG support it.
Manager failed to install plugin for {provider} - This error occurs when CG's plugin manager can not find the provider module you want to use. The manager searches the public NPM registry for the provider module. For offically supported providers, just pass the provider name CG init aws. For community supported providers, you must pass the namespace as well CG init @{providerNamespace}/{provider}

Commands

cg help [COMMAND]
cg init [PROVIDER]
cg launch [PROVIDER]
cg load [PROVIDER]
cg policy [PROVIDER]
cg policy add [PROVIDER]
cg policy install [PROVIDER]
cg policy list [PROVIDER]
cg policy remove [PROVIDER]
cg policy update [PROVIDER]
cg provider [PROVIDER]
cg provider add [PROVIDER]
cg provider install [PROVIDER]
cg provider list [PROVIDER]
cg provider remove [PROVIDER]
cg provider update [PROVIDER]
cg scan [PROVIDER]
cg serve [PROVIDER]
cg teardown [PROVIDER]
cg update [PROVIDER]

`cg help [COMMAND]`

Display help for cg.

USAGE
  $ cg help [COMMAND] [-n]

ARGUMENTS
  COMMAND  Command to show help for.

FLAGS
  -n, --nested-commands  Include all nested commands in the output.

DESCRIPTION
  Display help for cg.

See code: @oclif/plugin-help

`cg init [PROVIDER]`

Set initial configuration for providers

USAGE
  $ cg init [PROVIDER] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p <value>]
    [-q playground|altair] [-l <value>] [--use-roles] [-P <value>] [-r]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -r, --resources
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Set initial configuration for providers

EXAMPLES
  $ cg init

  $ cg init aws [Initialize AWS provider]

  $ cg init aws -r [Specify resources to crawl]

See code: src/commands/init.ts

`cg launch [PROVIDER]`

Launch an instance of Dgraph to store data

USAGE
  $ cg launch [PROVIDER] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p <value>]
    [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Launch an instance of Dgraph to store data

EXAMPLES
  $ cg launch

See code: src/commands/launch.ts

`cg load [PROVIDER]`

Load a specific version of your CloudGraph data

USAGE
  $ cg load [PROVIDER] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p <value>]
    [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Load a specific version of your CloudGraph data

EXAMPLES
  $ cg load [Load data for all providers configured]

  $ cg load aws [Load data for AWS]

See code: src/commands/load.ts

`cg policy [PROVIDER]`

Commands to manage policy pack modules, run $ cg policy for more info.

USAGE
  $ cg policy [PROVIDER] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p <value>]
    [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Commands to manage policy pack modules, run $ cg policy for more info.

See code: src/commands/policy/index.ts

`cg policy add [PROVIDER]`

Add new policy packs

USAGE
  $ cg policy add [PROVIDER] [--no-save] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p
    <value>] [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-save                    Set to not alter lock file, just delete plugin
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Add new policy packs

ALIASES
  $ cg add policy

EXAMPLES
  $ cg policy add aws-cis-1.2.0

  $ cg policy add [email protected]

`cg policy install [PROVIDER]`

Install policy packs based on the lock file

USAGE
  $ cg policy install [PROVIDER] [--no-save] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p
    <value>] [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-save                    Set to not alter lock file, just delete plugin
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Install policy packs based on the lock file

ALIASES
  $ cg install policy

EXAMPLES
  $ cg policy install

`cg policy list [PROVIDER]`

List currently installed policy packs and versions

USAGE
  $ cg policy list [PROVIDER] [--no-save] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p
    <value>] [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-save                    Set to not alter lock file, just delete plugin
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  List currently installed policy packs and versions

ALIASES
  $ cg ls policy
  $ cg list policy

EXAMPLES
  $ cg policy list

  $ cg policy list aws

`cg policy remove [PROVIDER]`

Remove currently installed policy pack

USAGE
  $ cg policy remove [PROVIDER] [--no-save] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p
    <value>] [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-save                    Set to not alter lock file, just delete plugin
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Remove currently installed policy pack

ALIASES
  $ cg remove policy
  $ cg policy remove
  $ cg policy rm
  $ cg del policy
  $ cg rm policy

EXAMPLES
  $ cg policy remove

  $ cg policy remove aws-cis-1.2.0

  $ cg policy remove aws-cis-1.2.0 --no-save

`cg policy update [PROVIDER]`

Update currently installed policy packs

USAGE
  $ cg policy update [PROVIDER] [--no-save] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p
    <value>] [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-save                    Set to not alter lock file, just delete plugin
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Update currently installed policy packs

EXAMPLES
  $ cg policy update

  $ cg policy update aws-cis-1.2.0

  $ cg policy update [email protected]

`cg provider [PROVIDER]`

Commands to manage provider modules, run $ cg provider for more info.

USAGE
  $ cg provider [PROVIDER] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p <value>]
    [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Commands to manage provider modules, run $ cg provider for more info.

See code: src/commands/provider/index.ts

`cg provider add [PROVIDER]`

Add new providers

USAGE
  $ cg provider add [PROVIDER] [--no-save] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p
    <value>] [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-save                    Set to not alter lock file, just delete plugin
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Add new providers

ALIASES
  $ cg add provider

EXAMPLES
  $ cg provider add aws

  $ cg provider add [email protected]

`cg provider install [PROVIDER]`

Install providers based on the lock file

USAGE
  $ cg provider install [PROVIDER] [--no-save] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p
    <value>] [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-save                    Set to not alter lock file, just delete plugin
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Install providers based on the lock file

ALIASES
  $ cg install provider

EXAMPLES
  $ cg provider install

`cg provider list [PROVIDER]`

List currently installed providers and versions

USAGE
  $ cg provider list [PROVIDER] [--no-save] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p
    <value>] [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-save                    Set to not alter lock file, just delete plugin
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  List currently installed providers and versions

ALIASES
  $ cg ls provider
  $ cg list provider

EXAMPLES
  $ cg provider list

  $ cg provider list aws

`cg provider remove [PROVIDER]`

Remove currently installed provider

USAGE
  $ cg provider remove [PROVIDER] [--no-save] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p
    <value>] [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-save                    Set to not alter lock file, just delete plugin
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Remove currently installed provider

ALIASES
  $ cg remove provider
  $ cg provider remove
  $ cg provider rm
  $ cg del provider
  $ cg rm provider

EXAMPLES
  $ cg provider remove

  $ cg provider remove aws

  $ cg provider remove aws --no-save

`cg provider update [PROVIDER]`

Update currently installed providers

USAGE
  $ cg provider update [PROVIDER] [--no-save] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p
    <value>] [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-save                    Set to not alter lock file, just delete plugin
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Update currently installed providers

EXAMPLES
  $ cg provider update

  $ cg provider update aws

  $ cg provider update [email protected]

`cg scan [PROVIDER]`

Scan one or multiple providers data to be queried through Dgraph

USAGE
  $ cg scan [PROVIDER] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p <value>]
    [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Scan one or multiple providers data to be queried through Dgraph

EXAMPLES
  $ cg scan

  $ cg scan aws

  $ cg scan aws --dgraph http://localhost:1000 [Save data in dgraph running on port 1000]

  $ cg scan aws --no-serve [Do not start the query engine]

See code: src/commands/scan.ts

`cg serve [PROVIDER]`

Serve a GraphQL query tool to query your CloudGraph data.

USAGE
  $ cg serve [PROVIDER] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p <value>]
    [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Serve a GraphQL query tool to query your CloudGraph data.

EXAMPLES
  $ cg serve

See code: src/commands/serve.ts

`cg teardown [PROVIDER]`

Stops the Dgraph Docker container.

USAGE
  $ cg teardown [PROVIDER] [--delete-image]

FLAGS
  --delete-image  Remove dgraph docker image after stopping it

DESCRIPTION
  Stops the Dgraph Docker container.

EXAMPLES
  $ cg teardown

  $ cg teardown --delete-image

See code: src/commands/teardown.ts

`cg update [PROVIDER]`

Upgrade currently installed plugins.

USAGE
  $ cg update [PROVIDER] [--no-save] [--dev] [-d <value>] [-s dgraph] [--directory <value>] [--no-serve] [-p
    <value>] [-q playground|altair] [-l <value>] [--use-roles] [-P <value>]

FLAGS
  -P, --policies=<value>       Policy Packs to execute during scan
  -d, --dgraph=<value>         Set where dgraph is running (default localhost:8997)
  -l, --version-limit=<value>  Limit the amount of version folders stored on the filesystem (default 10)
  -p, --port=<value>           Set port to serve query engine
  -q, --query-engine=<option>  Query engine to launch
                               <options: playground|altair>
  -s, --storage=<option>       Select a storage engine to use. Currently only supports Dgraph
                               <options: dgraph>
  --dev                        Turn on developer mode
  --directory=<value>          Set the folder where CloudGraph will store data. (default cg)
  --no-save                    Set to not alter lock file, just delete plugin
  --no-serve                   Set to not serve a query engine
  --use-roles                  Set to true to use roleARNs instead of profiles for AWS credentials

DESCRIPTION
  Upgrade currently installed plugins.

ALIASES
  $ cg update

EXAMPLES
  $ cg update

See code: src/commands/update.ts

cli's People

Contributors

Stargazers

Watchers

Forkers

devdoshi avineshwar n0rig apiauth cnuss ashishbhadouria forkkit suryatmodulus vicdecode fbatroni riddopic garfield74 graftan kseckinc evelynmitchell shubham-kaushal optionalg alexrogalskiy amescornish vikingdadmedic mellorison booktube356 0xsojalsec nanaao type-checker 5l1v3r1 coolrb babum10 00mjk hardikkalkani11 tparvu rewanthtammana dhomane imolorhe skurecloud jeffreyfriedman hasnat-afzal novad03 jhult shashank504

cli's Issues

possible to query launch time for ec2 as well?

would like to be able to query for ec2 instances that had launch time prior to X date. with aws cli, i can do something similar to

aws ec2 describe-instances  --query 'sort_by(Reservations[].Instances[], &LaunchTime)[:-1].[InstanceId,PublicIpAddress,LaunchTime]'

to obtain launch time but it seems the cg scan doesn't pick this up yet.

0.13.3: provider aws module check FAILED, unable to find plugin

I updated the cli to the latest version and now im having this issue

:

Scan completes stating there are major issues while formatting and inserting data into dgraph for Azure

Thank you for filling out a bug report, we really appreciate any help in improving the CloudGraph CLI and providers!

Describe the bug
Scan completes printing the time took to scan each service and at the end, displays there are zero resources found for most services except for first few in the list and at the end displays the message in the below screenshot. Command returns 0 resources even though there are resources present in the subscription

To Reproduce
Steps to reproduce the behavior:

Run command 'cg init azure' and provide the required details for authentication
Run Command 'cg launch'
Run Command 'cg scan'

Please include the cg-debug.log file if applicable

Expected behavior
Get the number of resources available for each of the services.

Environment (please complete the following information):

CLI version - @cloudgraph/cli/0.21.4 win32-x64 node-v14.17.6
Provider versions - [email protected]
Context Trying to setup it up on a Local Machine

Error while running cg init

cg init is run on an ec2 instance. The instance does not use any credential files instead uses roles.

Following is the output while running cg niti.
ℹ No lock file found for Cloud Graph, creating one...
Installing aws module version: latest
⠧ Installing aws plugin(node:12370) [DEP0148] DeprecationWarning: Use of deprecated folder mapping "./" in the "exports" field module resolution of the package at /home/ec2-user/.nvm/versions/node/v16.10.0/lib/node_modules/@cloudgraph/cli/node_modules/tslib/package.json.
Update this package.json to use a subpath pattern like "./*".
(Use node --trace-deprecation ... to show where the warning was created)
✔ aws plugin installed successfully!
ℹ aws version locked at: 0.28.2
✖ There was an error writing latest version to the lock file
⚠ Unable to read AWS shared credential file
? Select regions to scan us-east-1, us-east-2
✔ 🎊 AWS configuration successfully completed 🎊
TypeError: Cannot read properties of undefined (reading 'join')

getting error while running CG scan

getting above error while running CG scan, btw we use access and secret as exposed in the environment variable not from the ./.aws/creds or config

CloudQuery Dgraph Destination?

Hey folks!

Im Yevgeny, Founder @ CloudQuery (which you might be familiar with :) ). We recently have number of security and cost vendor migrated to use our ELT engine under the hood so they can focus solely on the business, analysis and visualization logic on top.

I don't know if this is something relevant at this stage but if yes, we could look at adding DGraph to our destinations, which should fit your use-case with minimal schema changes hopefully.

Best,
Yevgeny

Oracle Cloud Provider

As Ankasoft we started to develop Oracle Cloud Provider for CloudGraph.

CIS GCP 1.3 support

CIS has updated GCP CIS to 1.3. Will this be added soon?

Can't install modules (with cg init)

I followed the installation instructions on (from the GitHub README) to the letter, but when I do "sg init gcp" I get this:

$ cg init gcp
\u2139 Found config for cloudGraph, using...
\u2139 Dgraph host set as: http://localhost:8997
\u2139 No lock file found for Cloud Graph, creating one...
\u2139 Installing gcp module version: latest
\u2716 Manager failed to install provider plugin for gcp
\u2716 **Error: provider gcp module check FAILED, unable to find plugin**
\u26a0 There was an error installing or requiring a plugin for gcp, does one exist?
\u2139 For more information on this error, please see https://github.com/cloudgraphdev/cli#common-errors
\u26a0 There was an issue initializing gcp plugin, skipping...
\u2139 CloudGraph config found...

I tried "cg init aws" and get the same error.

Support AWS SSO authentication

Description
Support authentication with AWS SSO

To Reproduce
Steps to reproduce the behavior:

AWS credentials configured via aws sso configure
Run command CG_DEBUG=5 cg scan aws
Getting below error:

✔ accessKeyId: **************
✔ secretAccessKey: ******************************
⠏ SCANNING data for aws    InvalidClientTokenId: The security token included in the request is invalid.
    Code: InvalidClientTokenId

cg-debug.log

No valid credentials found for roleARN: arn:aws:sts::**********:assumed-role/****
AccessDenied: User: arn:aws:sts::**********:assumed-role/****
is not authorized to perform: sts:AssumeRole on resource: arn:aws:sts::**********:assumed-role/****
    at Request.extractError (/opt/homebrew/Cellar/cg/0.21.4/libexec/node_modules/aws-sdk/lib/protocol/query.js:50:29)
    at Request.callListeners (/opt/homebrew/Cellar/cg/0.21.4/libexec/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/opt/homebrew/Cellar/cg/0.21.4/libexec/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/opt/homebrew/Cellar/cg/0.21.4/libexec/node_modules/aws-sdk/lib/request.js:686:14)
    at Request.transition (/opt/homebrew/Cellar/cg/0.21.4/libexec/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/opt/homebrew/Cellar/cg/0.21.4/libexec/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /opt/homebrew/Cellar/cg/0.21.4/libexec/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/opt/homebrew/Cellar/cg/0.21.4/libexec/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/opt/homebrew/Cellar/cg/0.21.4/libexec/node_modules/aws-sdk/lib/request.js:688:12)
    at Request.callListeners (/opt/homebrew/Cellar/cg/0.21.4/libexec/node_modules/aws-sdk/lib/sequential_executor.js:116:18)

Expected behavior
Login with SSO credentials succeeds

Environment

❯ cg --version
@cloudgraph/cli/0.21.4 darwin-x64 node-v16.0.0

Provider versions [email protected]
Context: Local machine

couldn't rewrite mutation addawsDynamoDbTable because failed to rewrite mutation payload because duplicate XID found

I'm getting a "couldn't rewrite mutation addawsDynamoDbTable because failed to rewrite mutation payload because duplicate XID found" error on a DynamoDB table.

I also get "couldn't rewrite mutation addawsTag because failed to rewrite mutation payload because duplicate XID found" on exactly the same arn.

Looking into the json I could find in the ~/.local/share/cloudgraph/cg/version-X/aws_someid.json, I suspect the issue is linked to the fact that specific dynamodb table has two global indexes which appear in the json file with the arn of the table.

That arn appears as is for 3 things: the table itself and the two global indexes.

Let me know if you need more info on the issue.

21 issues were found during rules execution marked as high severity

Hi,

Am getting 'unable to store data in Dgraph' for many service resources of AWS in cloud graph. Screenshot attached below:

Could you please look into the same and help me to resolve it?

Invalid reference format: repository name must be lowercase

Fresh install, failure when running cg launch.

To Reproduce
Steps to reproduce the behavior:

npm install -g @cloudgraph/cli
cg provider add aws
cg init
cg launch

cg launch
i Found config for cloudGraph, using...
i Dgraph host set as: http://localhost:8997
√ Docker found
√ No reusable instances found
√ Pulled Dgraph Docker image
× Failed starting Dgraph instance
× Error: Command failed: docker run -d -p 8995:5080 -p 8996:6080 -p 8997:8080 -p 8998:9080 -p 8999:8000 --label cloudgraph-cli-dgraph-standalone -v C:\Users\USER\AppData\Local\cloudgraph/dgraph:/dgraph --name dgraph dgraph/standalone:v21.03.1
docker: invalid reference format: repository name must be lowercase.
See 'docker run --help'.

Error: Dgraph was unable to start: Failed starting stopped Dgraph instance

Expected behavior

No failure.

Environment (please complete the following information):

OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19043 N/A Build 19043

$ aws --version
aws-cli/2.7.6 Python/3.9.11 Windows/10 exe/AMD64 prompt/off

$ cg -v
@cloudgraph/cli/0.22.0 win32-x64 node-v16.15.1

$ node -v
v16.15.1

VMware Aria Automation 8.X Provider

As Ankasoft we started to develop VMware Aria Automation 8.X Provider for CloudGraph.

Command help for cg provider is misleading

Describe the bug

The CLI help instructions for cg provider currently look like this:

$ cg provider 
Commands to manage provider modules, run $ cg provider for more info.

USAGE
  $ cg provider:COMMAND

COMMANDS
  provider:add      Add new providers
  provider:install  Install providers based on the lock file
  provider:list     List currently installed providers and versions
  provider:remove   Remove currently installed provider
  provider:update   Update currently installed providers
$

One would think that you can e.g. run cg provider:list to get a list of all the providers however running this command will fail:

$ cg provider:list
 ›   Error: command provider:list not found
$

What does actually work is cg provider list:

$ cg provider list
ℹ Found config for cloudGraph, using...
ℹ Dgraph host set as: http://localhost:8997
✔ Provider [email protected] is installed
$

To Reproduce
Steps to reproduce the behavior:

Run e.g. cg provider:list

Expected behavior

Either make cg provider:list work or change the help text to show cg provider list instead :-)

Environment (please complete the following information):

CLI version @cloudgraph/cli/0.15.5 darwin-x64 node-v16.13.1
Context local machine

ENOENT when scan using custom provider

Thank you for filling out a bug report, we really appreciate any help in improving the CloudGraph CLI and providers!

Describe the bug
When creating a new local provider within an organization and try to run the scan command the cli cannot locate the schema graphql file due to the organization subdirectory convention

To Reproduce

Create provider (e.g. @acme/cg-provider-oc)
Link it
Run yarn run:init @acme/oc (succesfully run)
Try to run yarn run:scan
The command fails because it tries to write /Users/user/.local/share/cloudgraph/cg/version-6/@acme/oc_schema.graphql but cannot find the directory. I think the issue is in cli/src/utils/index.ts writeGraphqlSchemaToFile function

export function writeGraphqlSchemaToFile(
  dirPath: string,
  schema: string,
  provider?: string
): void {
  makeDirIfNotExists(dirPath)
  fs.writeFileSync(
    path.join(
      dirPath,
      provider ? `/${provider}_schema.graphql` : '/schema.graphql'
    ),
    schema
  )
}

➜  cli git:(master) yarn run:init @acme/oc
yarn run v1.22.17
$ cross-env NODE_ENV=development ./bin/run init @acme/oc
ℹ Found config for cloudGraph, using...
ℹ Dgraph host set as: http://localhost:8997
⚠ No required cli version found in provider module, assuming compatability
⚠ You are running CloudGraph in devMode. In devMode, CG will assume plugin modules are already installed. use $yarn link {pluginModule} to work with a local copy of a plugin module
✔ provider oc module check complete
ℹ Config for @acme/oc already exists
? Would you like to change @acme/oc's config Yes
? Which oc contexts would you like to scan? context-1
✔ 🎊 oc configuration successfully completed 🎊
ℹ Contexts configured: context-1
ℹ Resources configured: cronJob, deployment, ingress, job, namespace, networkPolicy, node, persistentVolume, persistentVolumeClaim, pod, role, secret, service, serviceAccount, storageClass
ℹ CloudGraph config found...
? Would you like to change CloudGraph config Yes
? Input your dgraph host url, if you are unsure, use the default by pressing ENTER http://localhost:8997
? Enter the maximum number of scanned versions of your cloud data that you would like to store 10
ℹ Note that none of your cloud's information is ever sent to or stored by CloudGraph or third parties
? What tool would you like to query your data with? GraphQL Playground
✔ Your config has been successfully stored at /Users/user/.config/cloudgraph/.cloud-graphrc.json
✔ Your data will be stored at /Users/user/.local/share/cloudgraph/cg
✨  Done in 18.81s.

➜  cli git:(master) yarn run:scan
yarn run v1.22.17
$ cross-env NODE_ENV=development ./bin/run scan
ℹ Found config for cloudGraph, using...
ℹ Dgraph host set as: http://localhost:8997
ℹ Beginning SCAN for @acme/oc
⚠ No required cli version found in provider module, assuming compatability
⚠ You are running CloudGraph in devMode. In devMode, CG will assume plugin modules are already installed. use $yarn link {pluginModule} to work with a local copy of a plugin module
✔ provider oc module check complete
✔ cronJob scan completed
✔ deployment scan completed
✔ ingress scan completed
✔ job scan completed
✔ namespace scan completed
✔ networkPolicy scan completed
✔ node scan completed
✔ persistentVolume scan completed
✔ persistentVolumeClaim scan completed
✔ pod scan completed
✔ role scan completed
✔ secret scan completed
✔ service scan completed
✔ serviceAccount scan completed
✔ storageClass scan completed
✔ Context: context-1 scan completed
✔ @acme/oc data scanned successfully
⠙ updating Schema for @acme/oc    Error: ENOENT: no such file or directory, open '/Users/user/.local/share/cloudgraph/cg/version-7/@acme/oc_schema.graphql'
    Code: ENOENT
error Command failed with exit code 1.

Wildcard regions

Any chance instead of providing a list of regions, you could support a wildcard of some sort "*" for scanning of all regions?

CLI 0.15.4 is broken by oclif dependency update MODULE_NOT_FOUND

The CLI breaks immediately when you try to follow the quickstart guide running:

npm install -g @cloudgraph/cli
cg init

you end up with this nice set of error messages:

$ cg init
ℹ Dgraph host set as: http://localhost:8997


                                          ╋╋╋╋╋╋╋╋╋╋╋╋╋┏┓╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋┏┓╋╋╋╋╋╋╋
                                          ╋┏┓┏┓┏┓╋┏━━┓╋┃┃╋╋┏━━┓╋┏━━┓╋┏┓┏┓╋┏━━┓╋╋╋╋┏┛┗┓╋┏━━┓╋
                                          ╋┃┗┛┗┛┃╋┃┃━┫╋┃┃╋╋┃┏━┛╋┃┏┓┃╋┃┗┛┃╋┃┃━┫╋╋╋╋┗┓┏┛╋┃┏┓┃╋
                                          ╋┗┓┏┓┏┛╋┃┃━┫╋┃┗┓╋┃┗━┓╋┃┗┛┃╋┃┃┃┃╋┃┃━┫╋╋╋╋╋┃┗┓╋┃┗┛┃╋
                                          ╋╋┗┛┗┛╋╋┗━━┛╋┗━┛╋┗━━┛╋┗━━┛╋┗┻┻┛╋┗━━┛╋╋╋╋╋┗━┛╋┗━━┛╋
                                          ╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋

                                         ╋╋╋╋╋╋┏┓╋╋╋╋╋╋╋╋╋╋╋╋╋╋┏┓╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋┏┓╋╋╋┏┓╋
                                         ╋┏━━┓╋┃┃╋╋┏━━┓╋┏┓┏┓╋┏━┛┃╋┏━━┓╋┏━┓╋┏━━┓╋┏━━┓╋┃┗━┓╋┃┃╋
                                         ╋┃┏━┛╋┃┃╋╋┃┏┓┃╋┃┃┃┃╋┃┏┓┃╋┃┏┓┃╋┃┏┛╋┃┏┓┃╋┃┏┓┃╋┃┏┓┃╋┃┃╋
                                         ╋┃┗━┓╋┃┗┓╋┃┗┛┃╋┃┗┛┃╋┃┗┛┃╋┃┗┛┃╋┃┃╋╋┃┏┓┃╋┃┗┛┃╋┃┃┃┃╋┗┛╋
                                         ╋┗━━┛╋┗━┛╋┗━━┛╋┗━━┛╋┗━━┛╋┗━┓┃╋┗┛╋╋┗┛┗┛╋┃┏━┛╋┗┛┗┛╋┏┓╋
                                         ╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋╋┗━━┛╋╋╋╋╋╋╋╋╋╋┗┛╋╋╋╋╋╋╋╋┗┛╋


                                                         ╓──────────────────╖
                                                         ║                  ║
                                                         ║   By AutoCloud   ║
                                                         ║                  ║
                                                         ╙──────────────────╜
(node:3130) [MODULE_NOT_FOUND] Error Plugin: @cloudgraph/cli: Cannot find module '@oclif/plugin-help/lib/command'
Require stack:
- /usr/local/lib/node_modules/@cloudgraph/cli/node_modules/@tiagonapoli/oclif-plugin-spaced-commands/lib/hooks/init.js
- /usr/local/lib/node_modules/@cloudgraph/cli/node_modules/@oclif/config/lib/config.js
- /usr/local/lib/node_modules/@cloudgraph/cli/node_modules/@oclif/config/lib/index.js
- /usr/local/lib/node_modules/@cloudgraph/cli/node_modules/@oclif/command/lib/command.js
- /usr/local/lib/node_modules/@cloudgraph/cli/node_modules/@oclif/command/lib/index.js
- /usr/local/lib/node_modules/@cloudgraph/cli/bin/run
module: @oclif/[email protected]
task: runHook init
plugin: @cloudgraph/cli
root: /usr/local/lib/node_modules/@cloudgraph/cli
See more details with DEBUG=*
(Use `node --trace-warnings ...` to show where the warning was created)
? Which cloud provider would you like to use? aws
ℹ Installing aws module version: latest
✖ Manager failed to install provider plugin for aws
✖ Error: provider aws module check FAILED, unable to find plugin
⚠ There was an error installing or requiring a plugin for aws, does one exist?
ℹ For more information on this error, please see https://github.com/cloudgraphdev/cli#common-errors
⚠ There was an issue initializing aws plugin, skipping...

Since the code in the master branch runs with the provided yarn.lock file I suspect that there's a conflict with some of your dependencies having changed in a breaking way.

Unable to see any results in UI for queryawsCISFindings

Describe the bug
I've followed the instructions in README to install aws-cis-1.3.0 policy and execute the scans. The scan was successful but I'm unable to query the cis findings.

The output shows it identified some issues but I'm unable to query them

I can see some data inside dgraph container,

But when I try to query with graphql, the results are nil.

To Reproduce
Steps to reproduce the behavior:

Started docker instance for dgraph

docker run -d -p 8995:5080 -p 8996:6080 -p 8997:8080 -p 8998:9080 -p 8999:8000 --label cloudgraph-cli-dgraph-standalone -v /Users/rewanthtammana/.local/share/cloudgraph/dgraph:/dgraph --name dgraph dgraph/standalone

Initialized cg, cg init
cg policy add aws-cis-1.3.0
cg scan aws
The scans are successful but unable to query cisbenchmarks from graphql database

Please include the cg-debug.log file if applicable

Expected behavior
queryawsCISFindings is expected to return the identified results.

Environment (please complete the following information):

CLI version: @cloudgraph/cli/0.25.1 darwin-x64 node-v16.0.0
Provider versions: [email protected] & aws-cis-1.3.0 module version: 0.4.0
Context: Local machine

Unable to store Data in Dgraph

I have tried deleting this /root/.local/share/cloudgraph/cg/version-1, as well as running commands such as cg teardown and cg teardown --delete-image in order to fix the issue but the issue still remains. Kindly help me with this.

Untagged Resources

Is there a way or is it possible to add a query for untagged resources?

Select all aws profiles

Is there any way to select all the aws accounts i have configures in the aws cli? because i hace 188 accounts, and adding one by one with "cg init" is a pain. Maybe by editing the configuration file and adding the accounts manually?

Unable to store data in Dgraph

Thank you for filling out a bug report, we really appreciate any help in improving the CloudGraph CLI and providers!

Describe the bug
In the process of executing CG_DEBUG=5 cg scan aws, there is some error messages such as "unable to store data in Dgraph". These are from "alb, apiGatewayRestAPI, cloudwatchEventRule, kinesisFirehose, s3, securityHubStandardSubscription, vpc" services.
I check "Your data for aws has been saved to /root/.local/share/cloudgraph/cg/version-9" messages, for example in "kinesisFirehose" service there is 2 resources in "cg/version-9/aws_1697656492879", but unable to store this data in Dgraph. Understand? Help me.

To Reproduce
Steps to reproduce the behavior:

cg init
cg launch
CG_DEBUG=5 cg scan aws
and error

Please include the cg-debug.log file if applicable

Please solve this problem. Please able to store the data inDgraph.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.