Secure your cloud resources before they're in your cloud

Cloudrail scans your infrastructure-as-code changes for vulnerabilities, stopping deployment before they enter your cloud environment.

resource "aws_subnet" "my_subnet" {
  vpc_id            =
  cidr_block        = ""
  availability_zone = "us-west-2a"

  tags = {
    Name = "tf-example"

Cloudrail for DevOps teams

Cloudrail is a DevSecOps tool that automates the review of your infrastructure, and infrastructure as code.

Cloudrail integrates into your infrastructure deployment pipelines to stop misconfigurations before they reach your production environment. In addition to your pipelines, run it locally to catch errors before you commit.

Expand All Collapse All

What languages / frameworks are supported?

Cloudrail currently supports parsing both terraform and cloudformation files.

Which terraform providers / clouds are supported?

Cloudrail currently supports Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure (azurerm).

Cloudrail In Your Pipeline

Cloudrail is built as a command line tool, so it can be easily integrated into any deployment pipeline. We do however maintain a few integrations with popular CI/CD providers.


Use the Cloudrail orb to perform vulnerability assessments of your Terraform or Cloudformation IaC before it's provisioned.


Perform vulnerability assessments before the terraform apply stage in Env0.

Terraform Cloud

Use Cloudrail with Terraform Cloud to perform vulnerability assessments before "terraform apply".

Ready to write more secure infrastructure code?

Get started today – it’s free and takes 5 minutes.

Get Started