🏛️ Colosseum

Colosseum is an orchestration framework that consolidates multiple Infrastructure-as-Code (IaC) security scanners into a single, unified interface. It provides a terminal user interface (TUI)that allows users to visualize, filter, and navigate through security findings across multiple IaC files.

---

Features

• Unified Orchestration:
  Run multiple IaC security scanners (e.g., Checkov, trivy, Kics) from one central tool.

• Interactive Terminal UI:
  A clean, split-pane interface lets you browse scanned files and findings efficiently.

• Aggregated Reporting:
  Consolidates all findings by severity levels — Critical, High, Medium, and Low.

• Cross-Cloud Support:
  Supports multiple IaC templates for AWS, Azure, GCP, Kubernetes, etc based on the scanners it wraps around.

• Developer-Friendly Workflow:
  Navigate results quickly.

---

Screenshot

enter a directory to scan

wait for it to run

Navigate your vulns

Get details

---

⚙️ Installation

git clone https://github.com/montcao/colosseum.git
cd colosseum
go build

Or run directly:

go run . 

Important !!!!

Right now colosseum requires that you have trivy and checkov downloaded on your machine/accessible on the cli or it won't work. There are plans to handle it with an install script or to extend the libraries like how it works with KICS right now.

---

🧭 Usage

Run Colosseum in your IaC workspace:

colosseum 

Use the terminal interface:

• ↑/↓: Navigate through files or findings
• →/←: Switch panes
• /: Filter results
• q: Quit

---

🧱 Supported Scanners

• Checkov
• trivy
• Kics

---

Use Cases

• Continuous IaC security auditing
• Developer-side vulnerability checks before deployment
• Cross-cloud compliance validation
• CI/CD security integration

---

Contributing

1. Fork the repo
2. Create your feature branch
3. Submit a pull request

---

License

MIT License © 2025 Montcao