Skip to content

🍲 Cloud security data in one pot β€” bronze/silver/gold layers for insights & compliance

License

Notifications You must be signed in to change notification settings

dannyota/hotpot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

84 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

🍲 Hotpot

Go License Last Commit Repo Size

Unified security data platform for multi-cloud environments.

Hotpot throws your cloud security data into one pot.

Raw ingredients from GCP, AWS, and on-prem sources simmer through bronze, silver, and gold layers β€” coming out as actionable insights, compliance reports, and AI-powered answers.

Just ask:

"Which VMs exist in GCP but are missing from SentinelOne?"

"What firewall rules reference instances that no longer exist?"

...and get results.

πŸš€ Features

  • Multi-cloud ingestion β€” GCP (Compute, Container, IAM, Resource Manager, VPC Access, Storage, KMS, Logging, DNS, Secret Manager, Cloud SQL), with AWS and VNG Cloud planned
  • Asset inventory β€” Track VMs, disks, networks, projects with change history (SCD Type 4)
  • Durable workflows β€” Temporal-based pipelines with automatic retries and rate limiting
  • AI-powered queries β€” Natural language to SQL via WrenAI + Ollama
  • Hot-reload config β€” Vault or YAML-based configuration with live database reconnection

πŸ—οΈ Architecture

flowchart LR
    Sources[Cloud APIs] --> INGEST[Ingest] --> NORMALIZE[Normalize] --> DETECT[Detect]
    INGEST & NORMALIZE & DETECT --> DB[(PostgreSQL)]
    DB --> Metabase & Agent
Loading
Layer Schema Purpose
Bronze bronze.* Raw API data, preserved as-is
Silver silver.* Normalized, unified asset models
Gold gold.* Alerts, compliance, analytics

βš™οΈ Tech Stack

Component Technology
Language Go
Workflows Temporal
ORM Ent (type-safe, code-first)
Database PostgreSQL (multi-schema)
Admin UI Metabase
Agent WrenAI + Ollama / Vertex AI
Config Vault / YAML with hot-reload

πŸ“– Documentation

Document Description
Architecture System design, project structure
Principles Architecture rules and patterns
Activities Adding new resource pipelines
Ent Schemas Schema patterns for bronze and history
Code Style Coding conventions
Configuration Vault/YAML config setup
Migrations Database migration guide
Contributing Contribution guidelines

πŸ“‹ License

Apache 2.0 β€” see LICENSE.

About

🍲 Cloud security data in one pot β€” bronze/silver/gold layers for insights & compliance

Resources

License

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Releases

No releases published

Languages