Open Source Infrastructure Auditor by SolDevelo

💰

Reduce Costs

Identify expensive mistakes like oversized instances, unmanaged disks, or missing lifecycle rules.

Learn how we help
🛡️

Fix Security

Scan for open ports, unencrypted storage, and risky IAM policies before deploying to production.

Our security approach

GitHub Ready

Just paste your repository URL. No complex setup or cloud credentials required for the initial scan.

Get expert advice
Comprehensive scans for AWS cost antipatterns, IaC security issues (Checkov), and container vulnerabilities.
Private Mode Scan won't appear in the "Recent Scans" list
Supported: Terraform AWS Kubernetes

🕒 Recent Scans

History of the latest infrastructure scans performed by InfraScan.

v1.0.7 June 2, 2026
  • PDF Export: Reports can now be exported as a print-ready PDF directly from the browser — ideal for sharing with compliance and security teams.
  • Ansible Support: Added scanning support for Ansible playbooks and improved framework detection logic.
  • Improved GitHub Scans: Better framework handling in GitHub repository scanning and enhanced Checkov JSON output parsing.
  • Richer Reporting: Enhanced vulnerability reporting with markdown descriptions, metadata, and structured rendering in the dashboard and PDF exports.
  • Sharing and Navigation: Added report sharing and persistent report routing with semantic URLs.
  • Logging Improvements: Updated logging behavior for better debug and audit output.
v1.0.6 May 13, 2026
  • Container Scanning Improvements: Enhanced container image scanning and added a new `all` framework option with `grype` fallback for better coverage.
  • PDF Branding: Added PDF export with a transparent logo for cleaner, printable reports.
  • Docker Image Tooling: Included AWS CLI in the Docker image for smoother cloud scanning workflows.
  • Scan Result Enhancements: Captured results, summary, and metadata more reliably in the web UI.
  • Bug Fixes: Improved description handling in scanners and fixed PDF generation issues.
v1.0.5 April 10, 2026
  • Kubernetes Manifest Scanning: Added support for scanning Kubernetes manifest files.
  • CI/CD Integration Examples: Added examples for GitHub Actions and GitLab CI/CD.
v1.0.4 April 7, 2026
  • Beautiful Colored CLI Summary: Integrated rich terminal formatting and colors for findings directly in CI/CD logs.
  • Grading Overview: Real-time A-F grades for cost and security displayed directly in logs.
  • CI/CD Optimization: Added display limits to prevent log flooding and ensured text summary is always visible.
  • Improved Report Reliability: Enhanced standalone HTML generation using robust regex injection.
v1.0.3 March 12, 2026
  • Added option to scan in CI/CD using InfraScan CLI
v1.0.2 March 3, 2026
  • Added **Private Mode** toggle: scans can now be performed without appearing in the public "Recent Scans" history
  • Implemented **Pagination** for "Recent Scans" (5 scans per page) for improved navigation and history management
  • Enhanced privacy controls: private scans are still accessible via their unique share links
  • Optimized recent scans loading performance with frontend data slicing
v1.0.1 February 4, 2026
  • Enhanced "One-Pager" dashboard with dynamic container expansion (up to 1400px)
  • Two-column optimized layout: side-by-side Cost and Security findings
  • Branding refresh: Integrated SolDevelo logo and detailed service value propositions
  • Intelligent UX: Automatic feedback request triggered by report engagement (scroll-based)
  • Added "Scroll to Top" functionality for easier navigation of long reports
  • Improved result persistence when switching between application tabs
  • User-friendly terminology: rebranded technical terms to "Cost" and "Security" focus
  • Fixed feedback modal accessibility and closing logic
v1.0.0 January 21, 2026
  • Advanced dual-engine analysis: Real-time pattern matching and deep security inspection
  • Comprehensive rule set covering cost, security, and compliance best practices
  • Multi-tier scanning: Rapid assessment or deep infrastructure audit
  • Enterprise features: Budget tracking, spot instance optimization, and S3 lifecycle management
  • Intelligent repository analysis with automated risk grouping
  • Professional dashboard with severity-based prioritization
  • Optimized for modern AWS and Terraform architectures
Official CLI

🚀 Local & CI/CD Usage

Experience the full power of InfraScan on your terms. Audit private infrastructure securely, integrate into your DevOps pipelines, and generate professional reports locally.

🏠 Run Locally with Docker

Perfect for private projects. Your code stays on your machine, scanned by a self-contained environment.

Terminal / Bash
docker run --rm -v $(pwd):/scan soldevelo/infrascan:latest

💡 Mounts your current directory to /scan and provides immediate CLI feedback.

🤖 GitHub Actions

Stop vulnerabilities before they reach production. Seamlessly integrate InfraScan as a gatekeeper in your PRs.

.github/workflows/infrascan.yml
steps:
  - uses: actions/checkout@v4
  - name: Run InfraScan Audit
    run: |
      docker run --rm \
        -v ${{ github.workspace }}:/scan \
        soldevelo/infrascan:v1.0.5 \
        --fail-on high_critical

📊 Professional HTML Reports

Generate beautiful, shareable HTML audit reports directly from the command line.

Generate audit.html
docker run --rm -v $(pwd):/scan soldevelo/infrascan \
  --format html --out /scan/audit.html

Need more control? Explore all CLI arguments in our Documentation on GitHub.