CloudSploit develops plugins based on cloud security best practices as defined by the cloud providers, the industry, and standard security and compliance controls. CloudSploit also receives contributions from the community of cloud users via its open source core scanning engine.