Turul Download Why Turul Features Privacy GitHub →
v0.9.3 — Apache 2.0

Multi-cloud analysis,
on your laptop. Not in someone else's cloud.

Turul is a desktop app for AWS and GCP. 200+ scanners across cost, security posture, IAM, network reachability, CIS compliance, and Well-Architected — with built-in AI chat. Credentials live in your OS keychain. The database lives on your machine. Nothing is sent to a third-party SaaS.

Download View on GitHub
CI CodeQL OSSF Scorecard Latest release License: Apache-2.0

Download

Latest release: v0.9.3 · Pick your platform.

macOS

11 Big Sur or newer.

Apple Silicon (.dmg) Intel (.dmg)

Windows

Windows 10 or newer.

x64 installer (.exe) ARM64 installer (.exe)

Linux

glibc 2.28+ (Ubuntu 22.04+, Fedora 38+).

x64 (.AppImage) x64 (.deb) ARM64 (.AppImage) ARM64 (.deb)

macOS builds are not yet notarized — on first launch, right-click the app icon and choose Open to bypass Gatekeeper.

Why Turul

For solo engineers, freelancers, small teams, and regulated environments where data can't leave the laptop.

Turul SaaS CSPMs (Wiz, Prisma) CLI tools (Steampipe, CloudQuery)
Where data livesLocal SQLite on your laptopVendor cloudLocal DB / DW (BYO)
Setup timeInstall installer, point at AWS / gcloudOrg rollout, cross-account IAM rolesInstall + write SQL
UINative desktop appWeb consoleNone — bring-your-own
Cost analysisCost Explorer + GCP Billing + GKE drill-downVendor pricingDIY queries
Multi-cloudAWS + GCPYesYes
Open sourceApache-2.0NoApache-2.0 / MPL

Features

Everything an engineer needs to understand a single AWS / GCP environment.

A

AWS scanning

117 service scanners, multi-region, multi-account.

G

GCP scanning

85 service scanners, multi-project, multi-account.

$

Cost analysis

Cost Explorer + GCP Billing with trends, forecasts, and GKE cluster / namespace / workload drill-down.

S

Security posture

Security Hub, SCC, AWS CIS v3 (120+ controls), GCP CIS, best-practice checks.

I

IAM analysis

Unused roles, overly-permissive policies, cross-account / cross-project trust, service-account keys.

N

Network reachability

EC2 / RDS via security groups + NACLs, GCP VPC firewall analysis.

W

Well-Architected

AWS 6-pillar reviews via the WA API; GCP-native 5-pillar checks.

Topology diagrams

Network, Application, and Data views — plus a full topology graph.

Assessment scoring

Cost / Security / Reliability / Compliance / IAM A–F grades with persisted history.

Tag & label governance

9-layer async pipeline for AWS tags and GCP labels.

AI chat

AWS Bedrock-powered assistant with tool calling over AWS, GCP, and the local DB.

Reports

PDF, Excel, and CSV export for assessments, costs, and optimization.

Privacy & security

  • Credentials are stored locally, encrypted with AES-256-GCM, and protected by a master password (Touch ID supported on macOS).
  • The local SQLite database never leaves your machine.
  • Outbound traffic is limited to AWS / GCP APIs (and AWS Bedrock if you opt into AI chat). No telemetry, no analytics, no cloud sync.
  • Repository security: branch protection on main, signed-tag releases, CodeQL, OSSF Scorecard, Trivy, dependency review, secret scanning + push protection, all third-party Actions pinned to commit SHAs.
  • Vulnerabilities can be reported privately via the GitHub Security Advisory or per the Security policy.