Argus is AGPL-3.0 licensed. Every check, every line of code — open source forever. The AGPL copyleft ensures the audit engine stays transparent and community-driven.
Why open source
Security audit tools inspect your most sensitive configurations. You deserve to see exactly what code runs against your Google Workspace tenant. No black boxes.
Every check is peer-reviewed. The security community catches edge cases, contributes framework updates, and keeps Argus aligned with evolving best practices.
Your security posture data belongs to you. Export reports in JSON, CSV, or HTML. Run Argus anywhere — your laptop, your CI/CD, your infrastructure.
Project stats
Architecture
src/gws_auditor/ ├── checks/ # 199 decorator-registered security checks │ ├── base.py # @check decorator, make_pass/make_fail helpers │ ├── registry.py # Auto-discovery, filtering, execution │ ├── apps_gmail.py # CIS Section 3.1.3: Gmail (25 checks) │ ├── cisa_scuba.py # CISA SCuBA baselines (44 checks) │ └── ...14 more modules ├── api/ # 11 Google API client wrappers ├── schemas.py # Pydantic validation models ├── ai/ # AI Security Analyst + quality agents ├── dashboard/ # Interactive Plotly Dash dashboard └── reporter/ # HTML, JSON, CSV report generation
Adding a new check?
It's one decorated function. The registry discovers it automatically. Write a function, add the @check decorator, and your check is live across all reports and the dashboard.
Community
Found a bug or missing check? Open a GitHub issue. We triage within 24 hours.
Add new checks, improve existing ones, fix bugs. See CONTRIBUTING.md for guidelines.
Star the repo, share on social media, write about your experience. Every mention helps.
Help us build the most comprehensive open-source Google Workspace security auditing tool. Every star, issue, and pull request makes Argus better for everyone.