Catch misconfigs before they deploy

Part of MANTIS Control

Scan Terraform, CloudFormation, and Kubernetes manifests against security rules. Get fix suggestions in the same language.

Current — Insecure
resource "aws_s3_bucket" "data" {
bucket = "company-reports"
}
 
resource "aws_s3_bucket_acl" "data" {
bucket = aws_s3_bucket.data.id
acl = "public-read"
}
 
resource "aws_s3_bucket_versioning" "data" {
bucket = aws_s3_bucket.data.id
versioning_configuration {
status = "Disabled"
}
}
Fixed — Secure
resource "aws_s3_bucket" "data" {
bucket = "company-reports"
}
 
resource "aws_s3_bucket_acl" "data" {
bucket = aws_s3_bucket.data.id
acl = "private"
}
 
resource "aws_s3_bucket_versioning" "data" {
bucket = aws_s3_bucket.data.id
versioning_configuration {
status = "Enabled"
}
}

Terraform

HCL parsing with full resource graph resolution. Understands modules, variables, and implicit dependencies.

CloudFormation

JSON and YAML templates. Resolves Fn::Ref, Fn::Sub, and cross-stack references for accurate analysis.

Kubernetes YAML

Deployments, services, RBAC, network policies. Catches privilege escalation, exposed ports, and missing limits.

Compliance Mapping

CIS Benchmarks

Compute, Storage, IAM, Networking

SOC 2

Access Control, Encryption, Logging

PCI DSS

Network Segmentation, Key Management

HIPAA

PHI Encryption, Access Audit, Backup

Upload your first template

Drop a Terraform file or connect your repo. Results in seconds with fix suggestions in your language.

Start Free