Skip to main content
InfraAudit connects to your AWS, GCP, Azure, and Kubernetes accounts, pulls inventory and billing data, and runs continuous scans to surface drift, vulnerabilities, overspend, and compliance failures — all in a single platform, without the fragmented tool sprawl most cloud teams live with today.

The problems it solves

Cloud teams typically juggle several separate tools to answer basic operational questions:
  • “Did someone change a production security group in the last 24 hours?”
  • “Why did our AWS bill jump 40% this month?”
  • “Which of our EC2 instances fail CIS Benchmark 1.4?”
  • “Does this Terraform plan actually match what’s running?”
Each question lives in a different dashboard. InfraAudit pulls all of these signals into one backend, correlates them per resource, and gives you one API, one CLI, and one UI to work from.

How it works

1

Connect a cloud account

Supply AWS access keys, a GCP service account JSON, an Azure service principal, or a Kubernetes kubeconfig. Your credentials are encrypted at rest.
2

Sync runs automatically

A background worker pulls resource inventory and billing data on a schedule — every 6 hours for resources, daily for costs.
3

Scans find issues

Scheduled jobs run drift detection, vulnerability scans, and compliance assessments. Each finding is stored with a severity level and a link to the affected resource.
4

Alerts fire on your channels

Findings trigger notifications to Slack webhooks, email addresses, or custom HTTP webhooks — configurable per event type.
5

Recommendations get generated

Gemini AI analyzes findings and produces remediation steps with estimated cost savings and risk impact scores.
6

You act on them

Approve a remediation through the UI, CLI, or API. The fix runs with a 30-minute rollback window in case something goes wrong.

Feature areas

  • Continuous misconfiguration scanning against captured baselines
  • Drift detection across configuration, security, and compliance dimensions
  • Vulnerability scanning via Trivy against the NVD CVE database
  • Severity-classified alerts with Slack, email, and webhook delivery
  • IaC drift: upload Terraform, CloudFormation, or Kubernetes manifests and compare them against live resources
  • Multi-cloud billing ingest from AWS Cost Explorer, Azure Cost Management, and GCP BigQuery export
  • Historical trends by provider, service, and time window
  • 30-, 60-, and 90-day cost forecasting
  • Anomaly detection on daily cost deltas
  • Savings recommendations: Reserved Instances, Spot migration, right-sizing, idle resource cleanup
  • Pre-built frameworks: CIS Benchmarks, SOC 2, NIST 800-53, PCI-DSS, and HIPAA
  • Control-to-resource mapping so failed controls link to the specific resources that caused them
  • Automated assessment runs per framework on a daily schedule
  • PDF and CSV export of assessment results for audit evidence
  • Multi-account assessment with per-account scores
  • Google Gemini (gemini-2.5-pro) analyzes each finding with context about the affected resource
  • Rule-based fallback runs when a Gemini API key is not configured, so recommendations still generate in offline self-hosted deployments
  • Cost recommendations include an estimated monthly savings figure
  • Security recommendations include a risk reduction score and a suggested fix
  • Cron-based job scheduler for resource sync, drift detection, vulnerability scanning, cost sync, and compliance checks
  • Per-job execution history with success/failure status and log output
  • Manual job triggers via the UI, CLI, or API
  • Approval-gated auto-remediation with configurable rollback window

Who it’s for

Platform and DevOps teams

Running workloads across more than one cloud provider and needing a unified view of infrastructure state.

Security engineers

Needing drift detection, vulnerability scanning, and compliance reporting in one place instead of three separate tools.

FinOps practitioners

Tracking cost allocation, forecasting spend, and acting on savings recommendations across providers.

SREs and on-call engineers

Wanting actionable alerts routed to Slack or PagerDuty with enough context to act without switching tools.

Editions

InfraAudit’s Community edition is MIT-licensed and self-hosted. It includes every feature documented here. SaaS editions (Starter, Professional, Enterprise) add managed hosting, priority support, longer data retention, and enterprise SSO. The API, CLI, and feature set are identical across all editions.

Next steps

Core concepts

Learn the vocabulary: providers, resources, drift, baselines, assessments, and more.

Quickstart: SaaS

Sign up and connect your first cloud account in about five minutes.

Quickstart: Self-host

Run InfraAudit on your own infrastructure with Docker Compose.