CSPM scans include various security checks in the form of "plugins." The names of the plugins reflect the names of the relevant resources and the specific checks being performed on them; for example, "AWS EC2 Security Group Open Ports" and "AWS S3 Bucket Public Access".


CSPM plugins are written to evaluate cloud provider API response data. Plugins interpret this data in the context of the security control being evaluated, any custom inputs or settings, and the account conditions, to produce scan results. Aqua has over 400 plugins for its CSPM capability, which covers numerous services across all supported cloud providers.


For complete documentation, visit Plugins on the Aqua Platform Documentation Portal.