Automic VaultAutomic Vault

brew

c7n mit Homebrew, apt installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für c7n in AI-Agent-Workflows.

Installation

Weitere Installationsbefehle

macOS

Homebrewverifiziert · 100%
brew install c7n

local Homebrew formula metadata

Linux

Debian aptverifiziert · 92%
sudo apt install python-custodian-doc

Debian stable package indexes · python-custodian-doc · Quelle: deb.debian.org

Überblick

Paketzusammenfassung

Rules engine for cloud security, cost optimization, and governance

Befehle und Aliase

  • custodian

Verlauf

Projektgeschichte und Nutzung

Cloud Custodian, packaged as c7n, is a policy-as-code rules engine for public-cloud governance, security, cost control, and compliance automation. It is a CNCF incubating project and one of the better-known cloud governance CLIs.

Projektgeschichte

Cloud Custodian began at Capital One as a way to replace many ad hoc cloud-management scripts with a shared policy engine. Its README describes the project as a rules engine for managing public cloud accounts and resources, using simple YAML policies composed from resource types, filters, actions, and execution modes.

The project expanded from an AWS-oriented governance tool into a multi-cloud framework supporting AWS, Azure, GCP, OCI, Tencent Cloud, Kubernetes, and related tools. Its documentation presents compliance-as-code as a central model: users validate, dry-run, and review policies before applying them to cloud resources.

The CNCF project page records Cloud Custodian's acceptance into CNCF on June 25, 2020 and its move to incubating maturity on September 14, 2022.

Adoptionsgeschichte

Cloud Custodian's adoption story is unusually strong for a CLI governance tool because it grew out of large-scale production cloud use and then moved into CNCF stewardship. The README describes it as led by a community of hundreds of contributors and battle-tested in very large cloud environments.

The project is distributed as the c7n Python package family, a Docker image, and OS-package-manager formulas such as Homebrew. Its docs also cover companion tools such as c7n-org, c7n-mailer, c7n-left, c7n-kube, and c7n-logexporter, reflecting an ecosystem around core policy evaluation.

Wie es verwendet wird

Users write YAML policies, validate them, dry-run them, and run them with the custodian CLI. Policies can check resources for tag compliance, encryption, public exposure, age, cost waste, and other conditions, then take actions such as tagging, stopping, deleting, notifying, or invoking provider-native eventing.

Cloud Custodian can run as a local or CI job against existing fleets, or it can provision serverless/event-driven execution through cloud provider facilities such as AWS CloudWatch Events, AWS Config rules, Azure Event Grid, GCP Audit Log and Pub/Sub, and similar mechanisms.

Warum Paket-Nerds sich dafür interessieren

For package nerds, c7n is significant because the tiny package name hides a broad cloud-governance platform. Installing a single CLI brings in a policy language, schema tooling, multi-cloud resource providers, serverless deployment paths, reporting, and a family of c7n-* companion packages.

It is also a canonical example of Python CLI tooling becoming infrastructure governance plumbing: a package-manager install turns YAML files into enforceable cloud controls.

Zeitleiste

  • 2015-12-21: The Sphinx documentation scaffold date appears in the docs source.
  • 2020-06-25: Cloud Custodian was accepted into CNCF.
  • 2022-09-14: Cloud Custodian moved to CNCF incubating maturity.
  • 2026: The project remains documented by CNCF as an incubating project.

Related projects

  • c7n-org helps run policies across many accounts or subscriptions.
  • c7n-mailer handles notifications for policy matches.
  • c7n-left applies Custodian-style checks to infrastructure-as-code assets.
  • c7n-kube extends the policy model into Kubernetes.

Sicherheitslage

Risikostufe: orange

infrastructure mutation or orchestration signal.

Risikoklassifikator

orange Risiko · mittel Konfidenz · infrastructure

Warum

  • infrastructure mutation or orchestration signal

Signale

  • text:cloud

Installationsverhalten

  • In den Formelmetadaten ist kein Homebrew-Post-install-Hook erfasst.
  • Homebrew-Bottle-Metadaten sind für 6 Plattformziele verfügbar.
  • Installiert mit 4 Laufzeitabhängigkeiten.

Empfohlene Prüfung

Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
custodiancliglobales Executable

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-07-08
Manager-Version0.9.51.0
Manager aktualisiert2026-06-15
lokale DatenOK
Upstreamnot checked
neueste erkannte Versionnicht erkannt

https://github.com/cloud-custodian/cloud-custodian

Installationsmetadaten

Paketmetadaten

Paketschlüsselbrew:c7n
Version0.9.51.0
PaketmanagerHomebrew
Paketmanager-Seitehttps://formulae.brew.sh/formula/c7n
Homepagehttps://cloudcustodian.io
Repositoryhttps://github.com/cloud-custodian/cloud-custodian
Upstream-Dokumentationhttps://cloudcustodian.io/docs
LizenzApache-2.0
Quellarchivhttps://github.com/cloud-custodian/cloud-custodian/archive/refs/tags/0.9.51.0.tar.gz
Zuletzt aktualisiert2026-06-15T10:20:11-04:00
Pulseupdated
Abhängigkeitencryptography, libyaml, python@3.14, rpds-py
Bottleverfügbar (auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnicht definiert
Dienstkeiner deklariert

Registry-Fakten

Details aus der Quelldatenbank

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namec7n
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

Source-Datenbank-Treffer

Andere Paketmanager-Einträge

Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.

Debian apt92%

python-custodian-doc 2024.10.16-1

flexible just-in-time job management framework in Python (doc)

https://github.com/materialsproject/custodian

sudo apt install python-custodian-doc
  • Section: doc
  • Architecture: all
  • Source Package: custodian
  • 1 Abhängigkeiten
  • installed executable or alias match
  • Abgeglichen nach: Custodian
Debian stable package indexes · deb.debian.org · Debian stable package indexes: python-custodian-doc from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt92%

python3-custodian 2024.10.16-1

flexible just-in-time job management framework in Python

https://github.com/materialsproject/custodian

sudo apt install python3-custodian
  • Section: python
  • Architecture: all
  • Source Package: custodian
  • 6 Abhängigkeiten
  • 1 optionale Abhängigkeiten
  • installed executable or alias match
  • Abgeglichen nach: Custodian
Debian stable package indexes · deb.debian.org · Debian stable package indexes: python3-custodian from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment