Indeni Cloudrail

Regardless of how you build in the cloud, Cloudrail can help you build with security guardrails. From code to cloud.

Try Cloudrail for Free

What is Cloudrail?

Most cloud security issues are not fixed because the risk of exposure is too low. Cloudrail helps take risk out of the equation by recommending a few fixes in the code.

  • Run security tests for your infrastructure-as-code and automate the workflow into your CI/CD.
  • Generate security attestation to auditors of your code and cloud in seconds.
  • Train your cloud developers into becoming cloud security experts at scale.
  • Give security teams visibility into all assets, deployed or not.
  • Achieve GitOps by tracking any configuration drifts that may occur.


How does Cloudrail work?

Cloudrail is a CLI tool that can run natively in several places of your developer’s workflow. It can run as a CLI tool on your workstation, integrated as a step in your CI workflow, and stop pipelines if a security misconfiguration is found in the Infrastructure-as-Code.

Expand All Collapse All

How does Cloudrail compare to other tools?

Cloudrail is a pioneer in advancing policy-as-code framework for IaC. It was the first to introduce graph theory into Infrastructure-as-Code security and introduced advancements in static code analysis so that organizations can predict what security issues would happen in deploying IaC into an existing cloud infrastructure. Cloudrail was built, from the ground up, to scale to enterprise-grade security analysis.

Why do we need a security analysis tool for our cloud environment?

Managing security evaluations of infrastructure-as-code (IaC) files becomes increasingly difficult as a company grows. Many organizations only have a few engineers with cloud security expertise, and they could have tens of thousands of objects running in production at one time. There may be multiple projects happening at the same time, using the same set of Terraform files, or using separate sets of files targeting the same cloud environment and influencing each other. Reviewing all these files manually is time-consuming and can slow down delivery times. And if something is missed, the consequences can be costly. Research commissioned by IBM revealed the average cost of a data breach in 2020 was nearly $4 million.

What is context and how is Cloudrail different from other infrastructure-as-code security solutions?

While there are other solutions that work in conjunction with your infrastructure automation tools to identify security issues early in the development cycle, they are mostly reactive and limited in scope. They only analyze files in the “build state” and are unable to see how issues will affect existing cloud environments. This allows many security issues to go undetected. These solutions also lack an understanding of the relationships between resources, which leads to many false positives. Cloudrail analyzes infrastructure-as-code files together with the cloud environments they are targeting. Because it is capable of executing complicated rules and understanding the relationships between resources (their “context”), it proactively identifies the most critical issues without excess “noise.” 

How does Cloudrail maintain context?

Cloudrail maintains a graph database that tracks resource relations within the context of the network, compute, storage and IAM space. This allows it to see how one cloud resource has access to another. It can answer simple, yet convoluted questions, such as determining what makes any resource exposed to the public before the customer deploys a project in a particular configuration. 

Indeni’s team of cloud security experts regularly update the context engine to analyze additional risk patterns.

How is Cloudrail different from Application Security Testing (AST)?

Application security testing (AST) is the process of making applications more resistant to security threats, by identifying security weaknesses and vulnerabilities in application source code. AST is security testing for application code, think of Cloudrail as security testing for infrastructure-as-code. IaC security testing is the process of making your infrastructure secure by identifying security violations before the infrastructure is deployed.

How much does Cloudrail cost?

Please see our pricing page. 

How do I get started with Cloudrail?

There are several ways to try Cloudrail. First, you can see how Cloudrail works before you apply it to your own files. Simply go to to see it in action. 

When you’re ready to try it for yourself, go to the AWS Marketplace and try it for free with no obligation under the Flex plan. This gives you 30 free evaluations with no minimum commitment. 

How does Cloudrail benefit my application security process?

Cloudrail provides guardrails to your developers early in the development cycle so they can stay agile without inadvertently compromising security. Cloudrail can detect a misconfiguration or policy violation in an automated fashion. It can be integrated into your CI/CD pipeline to prevent security issues from making into your cloud environment or alert your developer to the issue that needs remediation actions before it is too late. The security shift left approach is good for reducing not only cyber risk but also cost.

Play with our demo environment here

See It in Action