Now scanning NIST 800-53 Rev 5 · Free to start

Your infrastructure
deserves a brain

One pipeline step. AI-powered compliance checks, drift detection, and plain-English fix instructions — posted to every PR automatically.

Start free → View on GitHub

.github/workflows/driftops.yml 3 lines to get started

# Add to any repo with Terraform - name: DriftOps Compliance Scan uses: driftops-dev/driftops@v1 with: iac_path: './terraform' compliance_level: 'nist-800-53' enforce: false

// live demo

Every PR gets an AI compliance report

DriftOps automatically posts a detailed report as a PR comment — score, violations, and copy-paste Terraform fixes.

github-actions bot commented just now

✅ DriftOps — Infrastructure Compliance Report

84/100

Status: Passed

Violations: 4 (3 critical)

Drift: ✅ None detected

Resources: 5 scanned

Executive Summary

Initial scan identified critical security vulnerabilities requiring immediate attention. Three critical violations detected across database, storage, and IAM configurations that must be remediated before production deployment.

Top 3 Immediate Actions

CRIT Enable storage encryption for aws_db_instance.insecure_db — set storage_encrypted = true in database_violations.tf
CRIT Configure server-side encryption for aws_s3_bucket.public_bucket — add server_side_encryption_configuration block with AES256
HIGH Restrict IAM policy aws_iam_policy.over_privileged — enforce least privilege, remove wildcard permissions

// how it works

From zero to compliant in one deploy

Add 3 lines to your pipeline. Everything else is automatic.

📦

Add to your pipeline

Drop 3 lines of YAML into any GitHub Actions, Azure DevOps, GitLab, or Jenkins workflow. No agents, no sidecars, no infrastructure to manage.

🔍

Scan on every deploy

DriftOps scans your Terraform, ARM, and CDK files. Builds a full resource inventory. Snapshots state. Diffs vs prior deploy to detect drift.

🏛️

Benchmark against NIST

AI reads NIST 800-53 Rev 5 and maps every control to your actual infrastructure. Scores 0–100. Flags critical violations with exact resource names.

🧠

AI writes the fix

Generates a plain-English compliance report with copy-paste Terraform fixes. Posts it as a PR comment automatically. No dashboards to check.

// capabilities

Everything your pipeline needs

Built for DevOps engineers who don't have time for security theater.

🎯

NIST 800-53 Rev 5

Full coverage across AC, AU, CM, IA, SC, SI control families. AI interprets the actual standard — not hardcoded rules.

📡

Drift Detection

Snapshots infrastructure state on every deploy. Diffs vs prior commit. Catches unauthorized changes before they hit production.

💬

PR Comments

AI-written compliance report posted automatically on every pull request. Score bar, violations, risk assessment, and fix instructions.

🔒

Enforce Mode

Optionally block deploys when critical violations are found. Gate keeper for your entire infrastructure lifecycle.

🗺️

Auto Diagrams

Generates L1–L4 architecture diagrams on every deploy. Always up to date. Never out of sync with reality. (Coming soon)

⚡

Platform Agnostic

GitHub Actions, Azure DevOps, GitLab CI, Jenkins, CircleCI, Bitbucket, AWS CodePipeline. Works everywhere your code runs.

// pricing

Start free. Scale when ready.

No credit card required. No enterprise sales calls. No $500K contracts.

Free

$0/mo

For individuals and open source projects.

Up to 3 repositories
100 scans / month
NIST 800-53 compliance
PR comments
Drift detection
Dashboard access

Get started free

Your infrastructuredeserves a brain