{"id":43932816,"url":"https://github.com/peachycloudsecurity/iac-security-scanner","last_synced_at":"2026-02-18T18:00:49.625Z","repository":{"id":331989557,"uuid":"1132304557","full_name":"peachycloudsecurity/iac-security-scanner","owner":"peachycloudsecurity","description":"Free Browser Based Infrastructure as Code security scanner - Scan Terraform, Kubernetes, Docker, CloudFormation files for vulnerabilities in your browser. 200+ security rules, GitHub repo scanning, PDF reports. Privacy-first, no uploads.","archived":false,"fork":false,"pushed_at":"2026-01-25T00:39:17.000Z","size":2804,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-25T12:40:36.582Z","etag":null,"topics":["browser-based","cloud-security","docker-security","iac-security","kubernetes-security","security-analysis","terraform-scanner"],"latest_commit_sha":null,"homepage":"https://peachycloudsecurity.com/apps/scanner","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/peachycloudsecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-11T17:57:48.000Z","updated_at":"2026-01-25T06:12:19.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/peachycloudsecurity/iac-security-scanner","commit_stats":null,"previous_names":["peachycloudsecurity/iac-security-scanner"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/peachycloudsecurity/iac-security-scanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peachycloudsecurity%2Fiac-security-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peachycloudsecurity%2Fiac-security-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peachycloudsecurity%2Fiac-security-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peachycloudsecurity%2Fiac-security-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/peachycloudsecurity","download_url":"https://codeload.github.com/peachycloudsecurity/iac-security-scanner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peachycloudsecurity%2Fiac-security-scanner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29588776,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-18T16:55:40.614Z","status":"ssl_error","status_checked_at":"2026-02-18T16:55:37.558Z","response_time":162,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["browser-based","cloud-security","docker-security","iac-security","kubernetes-security","security-analysis","terraform-scanner"],"created_at":"2026-02-07T00:18:56.459Z","updated_at":"2026-02-18T18:00:49.613Z","avatar_url":"https://github.com/peachycloudsecurity.png","language":"TypeScript","readme":"# IaC Security Scanner\n\nBrowser-based Infrastructure as Code security scanner. Analyzes Terraform, Kubernetes, Docker, and CloudFormation files directly in your browser. No server, no uploads, everything runs client-side.\n\n## Features\n\n- 180+ security rules covering common misconfigurations\n- Supports Terraform, Kubernetes, Docker, CloudFormation\n- GitHub repository scanning with rate limit handling\n- PDF report export\n- Single file HTML output for easy deployment\n\n## Quick Start\n\n### Prerequisites\n\nNode.js 18+ and npm\n\n### Installation\n\n```bash\ngit clone https://github.com/yourusername/iac-security-scanner.git\ncd iac-security-scanner\nnpm install\n```\n\n### Development\n\n```bash\nnpm run dev\n```\n\nOpens at `http://localhost:5173`\n\n### Build\n\n```bash\nnpm run build\n```\n\nBuilds a single `index.html` file in the `docs/` folder. Open `docs/index.html` in your browser to use the scanner.\n\nThe build bundles all CSS and JavaScript inline into one HTML file using vite-plugin-singlefile.\n\n### Deployment\n\nUpload `docs/index.html` to any static hosting service. Works with GitHub Pages, Netlify, Vercel, or any web server.\n\nFor GitHub Pages, enable Pages in repository settings and point to the `docs` folder. The included GitHub Actions workflow automatically builds on push to main branch.\n\n## Usage\n\n1. Upload a file or paste code\n2. Enter a GitHub repository URL to scan entire repos\n3. Review findings with severity ratings\n4. Export PDF reports\n\n## Supported File Types\n\n- Terraform: `.tf`, `.tfvars`, `.hcl`\n- Kubernetes: `.yaml`, `.yml`\n- Docker: `Dockerfile`, `docker-compose.yml`\n- CloudFormation: `.template`, `.json`, `.yaml`, `.yml`\n\n## GitHub Repository Scanning\n\nScan public GitHub repositories by entering the repository URL. The scanner handles rate limiting automatically with 200ms delays between requests. Unauthenticated GitHub API limit is 60 requests per hour.\n\n## Project Structure\n\n```\nsrc/\n├── components/     # React components\n├── rules/          # 180+ security rules by IaC type\n├── parsers/        # File parsers for each format\n├── engine/         # Core scanning logic\n└── utils/          # GitHub client, PDF export, etc.\n```\n\n## Build Scripts\n\n- `npm run dev` - Development server\n- `npm run build` - Production build to `docs/` folder\n- `npm run preview` - Preview production build locally\n- `npm run lint` - Run ESLint\n\n## Technical Details\n\n- Client-side only, no server required\n- Single file HTML output for production\n- Security rules based on Checkov and tfsec\n- Custom parsers for each IaC format\n- PDF generation with jsPDF\n\n## Troubleshooting\n\n**No findings detected**: Check file format is supported and syntax is valid.\n\n**GitHub scanning errors**: Rate limit (403) or private repository (404). Wait a few minutes and retry.\n\n**Large repositories**: May take several minutes. Progress is shown during scanning.\n\n## Credits\n\nSecurity rules inspired by:\n- Checkov (bridgecrewio/checkov)\n- tfsec (aquasecurity/tfsec)\n- GitHub scanning functionality from sbomplay (cyfinoid/sbomplay)\n\n## License\n\nGPL-3.0. See LICENSE file for details.\n\n## Disclaimer\n\nThis tool is designed for security auditing and analysis of Infrastructure as Code configurations you own or have explicit permission to analyze. Always ensure you have proper authorization before scanning repositories or configurations you don't own. The authors are not responsible for any misuse of this software.\n\nThis website, apps, scanner and results are provided strictly for educational purposes, independently authored and not endorsed by the author's employers or any corporate entity, provided without warranties or guarantees, with no liability accepted for misuse or misapplication.\n\n## Peachycloud Security\n\nHands-On Multi-Cloud \u0026 Cloud-Native Security Education\n\nCreated by The Shukla Duo (Anjali \u0026 Divyanshu), this tool is part of our mission to make cloud security accessible through practical, hands-on learning. We specialize in AWS, GCP, Kubernetes security, and DevSecOps practices.\n\n### Learn \u0026 Grow\n\nExplore our educational content and training programs:\n\n[YouTube Channel](https://www.youtube.com/@peachycloudsecurity) | [Website](https://peachycloudsecurity.com) | [1:1 Consultations](https://topmate.io/peachycloudsecurity)\n\nLearn cloud security through hands-on labs, real-world scenarios, and practical tutorials covering GCP \u0026 AWS, GKE \u0026 EKS, Kubernetes, Containers, DevSecOps, and Threat Modeling.\n\n### Support Our Work\n\nIf this tool helps you secure your infrastructure, consider supporting our educational mission:\n\n[Sponsor on GitHub](https://github.com/sponsors/peachycloudsecurity)\n\nYour support helps us create more free educational content and security tools for the community.\n","funding_links":["https://github.com/sponsors/peachycloudsecurity"],"categories":["Infrastructure as Code"],"sub_categories":["IaC Security Scanner"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeachycloudsecurity%2Fiac-security-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpeachycloudsecurity%2Fiac-security-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeachycloudsecurity%2Fiac-security-scanner/lists"}