The all-seeing security audit for Google Workspace. Check your tenant against CIS, CISA SCuBA, Google, and other best-practice frameworks — in minutes.
$ gws-auditor --config config.yaml
◆ Authenticating (service_account)...
✓ Authentication successful
◆ Collecting data from 11 APIs...
✓ Directory, Gmail, Drive, Calendar, Chat, Meet, Groups, DNS
◆ Running 199 security checks...
✓ CIS (84) · CISA (82) · Google (20) · Other (13)
Results:
✓ 142 passed
✗ 28 failed
⚠ 12 warnings
✎ 5 manual review
◆ Reports generated:
reports/audit_20260220.html
reports/audit_20260220.json
reports/audit_20260220.csv
✓ Audit complete — 76% pass rate
Checks aligned with
Argus automates what takes consultants weeks. Connect, scan, and get actionable remediation — all from your terminal.
CIS Benchmark, CISA SCuBA, Google's Security Checklist, and other best-practice guides — all in one unified audit.
AGPL-3.0 licensed. Every check is transparent, auditable, and community-reviewed. No black boxes in your security tooling.
Chat with your audit findings. Get remediation guidance in natural language. Supports OpenAI, Anthropic, and Bedrock.
From connection to report in under 10 minutes.
Service account with domain-wide delegation or OAuth 2.0 user consent. Works with any GWS edition.
Automated data collection from Admin SDK, Cloud Identity, Gmail, Drive, Calendar, Groups, and DNS APIs.
199 checks run against collected data. Each produces PASS, FAIL, WARN, or MANUAL with remediation steps.
HTML dashboard, JSON for automation, CSV for spreadsheets. AI analyst for interactive exploration.
Comprehensive coverage across all Google Workspace services your organization uses.
DMARC, SPF, DKIM, spam, phishing, DLP, forwarding, sync
Sharing, external access, DLP, desktop sync, add-ons
MFA, SSO, session management, recovery, app access, DLP
External sharing, interop, appointments, visibility
History, external access, DLP, content reporting
Join controls, recording, host management, external warnings
External access, creation restrictions, visibility controls
Super admins, user accounts, MFA enrollment, org units
Membership, API access, roster import, class creation
More comprehensive than ScubaGoggles. 100x cheaper than consultants. Fully automated.
| Argus | ScubaGoggles | Manual Audit | Consultant | |
|---|---|---|---|---|
| Frameworks | 4 | 1 (CISA) | Varies | Varies |
| Security Checks | 199 | ~137 | 20-50 | 50-100 |
| Cost | Free / €15/mo | Free | Staff time | $10K-50K |
| Automation | Full | Partial | None | None |
| AI Analysis | — | — | Maybe | |
| Remediation | In-report | Reference | Manual |
Open source forever. Cloud-hosted when you need it.
Everything you need to audit your Google Workspace tenant.
Automated scans, trend tracking, and team collaboration.
Run your first audit in under 10 minutes. Free, open source, no strings attached.