Skip to main content
The infraudit CLI is a single static binary that mirrors everything the web platform offers. You can connect cloud accounts, trigger scans, review findings, approve remediations, and pipe structured output to downstream tools — all without opening a browser.

What you can do with the CLI

  • Log in once and let scripts reuse the stored session token
  • Run drift detection, vulnerability scans, and compliance assessments on demand
  • Fetch results as table, json, or yaml output
  • Integrate security gates into CI/CD pipelines using --output json with jq
  • Manage multiple InfraAudit instances by switching config files or setting INFRAUDIT_SERVER_URL

Command groups

provider

Connect, sync, and disconnect AWS, GCP, and Azure accounts.

resource

List and inspect cloud resources discovered by provider syncs.

drift

Detect, list, and resolve infrastructure configuration drift.

vulnerability

Run vulnerability scans and review CVE findings by severity.

cost

View cost trends, forecasts, anomalies, and savings opportunities.

compliance

Run CIS, SOC2, NIST, PCI-DSS, and HIPAA assessments.

kubernetes

Register clusters and inspect workloads, pods, and services.

iac

Upload Terraform or CloudFormation files and detect IaC drift.

remediation

Approve, execute, and roll back automated fix actions.

recommendation

View AI-powered cost, security, and compliance suggestions.

alert

List, acknowledge, and resolve security and operational alerts.

webhook

Register and test outbound webhooks for InfraAudit events.
The auth and config commands are covered in Authentication and Configuration.

Global flags

These flags apply to every command:
FlagShortDefaultDescription
--serverfrom configOverride the API server URL for a single request
--output-otableOutput format: table, json, or yaml
--config~/.infraudit/config.yamlPath to the config file
--no-colorfalseDisable colored terminal output
--help-hShow help for any command

Output formats

The CLI supports three output formats. Switch between them with -o: Table — human-readable columns, suitable for interactive use: 
infraudit resource list

ID  NAME            TYPE     REGION      STATUS
--  ----            ----     ------      ------
1   web-server-01   ec2      us-east-1   active
2   api-gateway     lambda   us-west-2   active
3   data-bucket     s3       us-east-1   active
JSON — machine-readable, pipe to jq for filtering: 
infraudit resource list -o json | jq '.[].name'
YAML — readable alternative to JSON: 
infraudit drift get 1 -o yaml
Use -o json in CI/CD pipelines so you can parse results with jq and fail the build on critical findings.

Next steps