# c7n を Homebrew, apt でインストール

c7n のインストール経路、実行ファイル、メタデータ、AI エージェント向けセキュリティノートを確認します。

## インストール

```sh
sudo av install brew:c7n
```

追加のインストールコマンド:

### macOS

- Homebrew (100%):

```sh
brew install c7n
```

  証拠: local Homebrew formula metadata

### Linux

- Debian apt (92%):

```sh
sudo apt install python-custodian-doc
```

  証拠: Debian stable package indexes: python-custodian-doc from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

## パッケージ情報

- **パッケージキー:** brew:c7n
- **パッケージマネージャ:** Homebrew
- **パッケージマネージャページ:** <https://formulae.brew.sh/formula/c7n>
- **バージョン:** 0.9.51.0
- **ソース概要:** Rules engine for cloud security, cost optimization, and governance
- **ホームページ:** <https://cloudcustodian.io>
- **リポジトリ:** <https://github.com/cloud-custodian/cloud-custodian>
- **上流ドキュメント:** <https://cloudcustodian.io/docs>
- **ライセンス:** Apache-2.0
- **ソースアーカイブ:** <https://github.com/cloud-custodian/cloud-custodian/archive/refs/tags/0.9.51.0.tar.gz>
- **最終更新:** 2026-06-15T10:20:11-04:00
- **生成日時:** 2026-07-08T18:08:21+00:00

## 実行可能ファイル

- custodian (cli)
- custodian (エイリアス)

## 依存関係

- cryptography
- libyaml
- python@3.14
- rpds-py

## インストール挙動

- post-install フック: 未定義
- Bottle: 利用可能 対象 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## バージョンと鮮度

- ページ生成日: 2026-07-08
- マネージャ版: 0.9.51.0
- マネージャ更新日: 2026-06-15
- ローカルデータ: OK
- 上流リポジトリ: https://github.com/cloud-custodian/cloud-custodian
- 情報: No cached GitHub release or tag data was available.
## プロジェクトの歴史と使われ方

Cloud Custodian, packaged as c7n, is a policy-as-code rules engine for public-cloud governance, security, cost control, and compliance automation. It is a CNCF incubating project and one of the better-known cloud governance CLIs.

### プロジェクトの歴史

Cloud Custodian began at Capital One as a way to replace many ad hoc cloud-management scripts with a shared policy engine. Its README describes the project as a rules engine for managing public cloud accounts and resources, using simple YAML policies composed from resource types, filters, actions, and execution modes.

The project expanded from an AWS-oriented governance tool into a multi-cloud framework supporting AWS, Azure, GCP, OCI, Tencent Cloud, Kubernetes, and related tools. Its documentation presents compliance-as-code as a central model: users validate, dry-run, and review policies before applying them to cloud resources.

The CNCF project page records Cloud Custodian's acceptance into CNCF on June 25, 2020 and its move to incubating maturity on September 14, 2022.

### 採用の歴史

Cloud Custodian's adoption story is unusually strong for a CLI governance tool because it grew out of large-scale production cloud use and then moved into CNCF stewardship. The README describes it as led by a community of hundreds of contributors and battle-tested in very large cloud environments.

The project is distributed as the c7n Python package family, a Docker image, and OS-package-manager formulas such as Homebrew. Its docs also cover companion tools such as c7n-org, c7n-mailer, c7n-left, c7n-kube, and c7n-logexporter, reflecting an ecosystem around core policy evaluation.

### 使われ方

Users write YAML policies, validate them, dry-run them, and run them with the custodian CLI. Policies can check resources for tag compliance, encryption, public exposure, age, cost waste, and other conditions, then take actions such as tagging, stopping, deleting, notifying, or invoking provider-native eventing.

Cloud Custodian can run as a local or CI job against existing fleets, or it can provision serverless/event-driven execution through cloud provider facilities such as AWS CloudWatch Events, AWS Config rules, Azure Event Grid, GCP Audit Log and Pub/Sub, and similar mechanisms.

### パッケージ好きにとっての重要性

For package nerds, c7n is significant because the tiny package name hides a broad cloud-governance platform. Installing a single CLI brings in a policy language, schema tooling, multi-cloud resource providers, serverless deployment paths, reporting, and a family of c7n-* companion packages.

It is also a canonical example of Python CLI tooling becoming infrastructure governance plumbing: a package-manager install turns YAML files into enforceable cloud controls.

### タイムライン

- 2015-12-21: The Sphinx documentation scaffold date appears in the docs source.
- 2020-06-25: Cloud Custodian was accepted into CNCF.
- 2022-09-14: Cloud Custodian moved to CNCF incubating maturity.
- 2026: The project remains documented by CNCF as an incubating project.

### Related projects

- c7n-org helps run policies across many accounts or subscriptions.
- c7n-mailer handles notifications for policy matches.
- c7n-left applies Custodian-style checks to infrastructure-as-code assets.
- c7n-kube extends the policy model into Kubernetes.

### ソース

- <https://cloudcustodian.io/docs/>
- <https://cloudcustodian.io/docs/quickstart/index.html>
- <https://github.com/cloud-custodian/cloud-custodian>
- <https://www.cncf.io/projects/cloud-custodian/>


## セキュリティノート

infrastructure mutation or orchestration signal.

- **Geiger リスク:** orange / 中
- infrastructure mutation or orchestration signal

## ソースデータベース詳細

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** c7n
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## 他のパッケージマネージャ記録

- Debian apt - python-custodian-doc - 2024.10.16-1: installed executable or alias match | Debian stable package indexes: python-custodian-doc from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | flexible just-in-time job management framework in Python (doc) | https://github.com/materialsproject/custodian
- Debian apt - python3-custodian - 2024.10.16-1: installed executable or alias match | Debian stable package indexes: python3-custodian from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | flexible just-in-time job management framework in Python | https://github.com/materialsproject/custodian


## 関連リンク

- [Cloud CLI packages](https://www.automicvault.com/ja/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Secret-risk packages](https://www.automicvault.com/ja/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/ja/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/ja/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [python@3.14](https://www.automicvault.com/ja/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [polaris](https://www.automicvault.com/ja/pkg/brew/polaris/) - Shares av.db curated category or tags: cli, cloud-infrastructure, policy, policy-as-code.
- [kwctl](https://www.automicvault.com/ja/pkg/brew/kwctl/) - Shares av.db curated category or tags: cli, cloud-infrastructure, policy.
- [kyverno](https://www.automicvault.com/ja/pkg/brew/kyverno/) - Shares av.db curated category or tags: cli, cloud-infrastructure, policy.
- [amazon-ecs-cli](https://www.automicvault.com/ja/pkg/brew/amazon-ecs-cli/) - Shares av.db curated category or tags: aws, cli, cloud-infrastructure.
- [aws-amplify](https://www.automicvault.com/ja/pkg/brew/aws-amplify/) - Shares av.db curated category or tags: aws, cli, cloud-infrastructure.
- [aws-cdk](https://www.automicvault.com/ja/pkg/brew/aws-cdk/) - Shares av.db curated category or tags: aws, cli, cloud-infrastructure.
- [aws-console](https://www.automicvault.com/ja/pkg/brew/aws-console/) - Shares av.db curated category or tags: aws, cli, cloud-infrastructure.
- [aws-elasticbeanstalk](https://www.automicvault.com/ja/pkg/brew/aws-elasticbeanstalk/) - Shares av.db curated category or tags: aws, cli, cloud-infrastructure.
- [aws-sam-cli](https://www.automicvault.com/ja/pkg/brew/aws-sam-cli/) - Both packages touch the same language runtime or ecosystem. Shared terms: aws, cli, cloud, cloud-infrastructure, cryptography.
- [ansible-lint](https://www.automicvault.com/ja/pkg/brew/ansible-lint/) - Both packages touch the same language runtime or ecosystem. Shared terms: cli, cloud, cloud-infrastructure, code, cryptography.
- [aws-sso-util](https://www.automicvault.com/ja/pkg/brew/aws-sso-util/) - Both packages touch the same language runtime or ecosystem. Shared terms: aws, cli, cloud, cloud-infrastructure, infrastructure.

## Combined YAML source

View the package source record on GitHub. [combined/c7n.yml](https://github.com/automic-vault/db/blob/main/combined/c7n.yml)


## ソース

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
