Free IaC / Dockerfile Misconfiguration Scanner
Paste a Dockerfile, docker-compose file, Kubernetes manifest or Terraform and get a quick static review of common security misconfigurations — running as root, privileged containers, the Docker socket mount, host-namespace sharing, open 0.0.0.0/0 rules, public storage ACLs and hard-coded secrets. Runs in your browser.
What this iac scanner checks
How it works
In-browser· nothing is uploaded- 1You paste a Dockerfile, docker-compose, Kubernetes manifest or Terraform; we auto-detect the format and lint it in your browser.
- 2We flag root/privileged containers, the Docker socket mount, host-namespace sharing, 0.0.0.0/0 ingress, public storage ACLs, disabled encryption and hard-coded secrets.
- 3The analysis runs client-side — nothing you paste leaves the page.
What it doesn’t do: It is a fast best-effort lint of high-impact misconfigs, not a full policy engine like Checkov/KICS.
Why it matters
Infrastructure misconfigurations — a privileged container, a mounted Docker socket, a security group open to the world — are a leading cause of cloud breaches, and they are easy to miss in review. A fast static check catches the common, high-impact ones before they reach production.
Frequently asked questions
Which formats are supported?
Dockerfile, docker-compose, Kubernetes manifests (YAML) and Terraform (HCL). The format is auto-detected, and a hard-coded-secret scan runs over all of them.
Is this a full policy engine?
No — it is a fast, best-effort static lint covering common high-impact misconfigurations. For exhaustive policy-as-code coverage, pair it with a tool like Checkov or KICS in CI.
Is my IaC uploaded?
No. The analysis runs entirely in your browser — nothing you paste leaves the page.