// tool reference · Vulnerability & Assessment
AI Config & IaC Auditor Free
Paste a Dockerfile, nginx, .env, compose/K8s, Actions or Terraform for ranked misconfigs and fixes.
Open AI Config & IaC Auditor →
What it does
Audits infrastructure-as-code and server configuration — Terraform, Docker, Kubernetes, nginx, Apache — for the misconfigurations that become incidents.
When to use it
- Reviewing IaC before merge; auditing an inherited Dockerfile or nginx config.
Inputs
Field names are the actual form parameters, verified against source.
| Field | Type | Required | Notes |
|---|---|---|---|
| cfg | textarea | required | The configuration. |
| type | select | optional | Config type. Auto-detected when omitted. |
What you get back
Findings with severity and the corrected directive.
Worked example
Input
FROM ubuntu:latest USER root COPY . /app EXPOSE 22 CMD ["./start.sh"]
Output (abridged)
HIGH 'ubuntu:latest' is unpinned — builds are not reproducible and
you cannot know what shipped. → pin a digest: ubuntu@sha256:…
HIGH Container runs as root. A container escape starts as root.
→ RUN useradd -r -u 10001 app && USER 10001
MEDIUM 'COPY . /app' copies the build context — .git, .env and CI
secrets included. → add a .dockerignore; copy explicit paths.
MEDIUM EXPOSE 22 — SSH in a container is an anti-pattern.
→ use `docker exec`; drop sshd.
How it works
Deterministic rule pass, then AI interpretation.
Privacy
Config is sent to the AI provider. Redact secrets first.
Standards
CIS Docker BenchmarkCIS Kubernetes BenchmarkNIST CSF