Pure HTML / CSS / JavaScript in the browser: no Node.js, no npm, no bundlers, no ES modules. Scripts load with <script src="..."> only.
See the repository ../README.md for layout, constraints, and regenerating services-extended.js.
cd app && python3 -m http.server 8080Visit http://127.0.0.1:8080/.
| Area | Notes |
|---|---|
| AWS | Full local AWS SDK v2 min bundle (js/providers/aws-sdk-*.min.js). Catalog: services.js + merged services-extended.js (~330+ logical services). Quick / deep / full scan modes; AWS_CORS_BLOCKED_SERVICES skips known CORS failures. Connection test: STS getCallerIdentity. |
| Azure | Pasted management token + fetch, nextLink pagination; VMs, App Services/Functions, Storage, SQL, Key Vault. |
| GCP | Pasted OAuth access token + REST (projects, Storage, SQL, etc.). |
| Storage | Last scan results in IndexedDB (js/core/storage.js), localStorage fallback — no secrets. |
| File | Role |
|---|---|
index.html |
Entry point + script order (SDK before providers). |
css/style.css |
Layout, theme. |
js/core/utils.js |
UI helpers, CSV/export helpers. |
js/core/storage.js |
Scan persistence. |
js/core/services.js |
AWS_SERVICES base catalog, AWS_CORS_BLOCKED_SERVICES, AWS_EXCLUDED_SERVICES, AWS_QUICK_SCAN_KEYS, AWS_SCAN_CONFIG (concurrency + retryFailedRegionsWhenPartialSuccess), timeouts. |
js/core/services-extended.js |
Generated — extra AWS_SERVICES entries (do not edit by hand). |
js/providers/aws.js |
AWSScanner. |
js/providers/azure.js, gcp.js |
ARM / GCP fetch scanners. |
js/app.js |
CloudInventoryApp — tabs, scans, export. |
js/providers/aws-sdk-*.min.js |
Full browser SDK v2 bundle (large). |
Phases described in older docs (e.g. security rules, honeytokens) are not implemented here unless added explicitly.