NeoShield Security logo NeoShield Security Quantum X

// tool reference · Vulnerability & Assessment

AI Config & IaC Auditor Free

Paste a Dockerfile, nginx, .env, compose/K8s, Actions or Terraform for ranked misconfigs and fixes.

Open AI Config & IaC Auditor →


What it does

Audits infrastructure-as-code and server configuration — Terraform, Docker, Kubernetes, nginx, Apache — for the misconfigurations that become incidents.

When to use it

Inputs

Field names are the actual form parameters, verified against source.

FieldTypeRequiredNotes
cfg textarea required The configuration.
type select optional Config type. Auto-detected when omitted.

What you get back

Findings with severity and the corrected directive.

Worked example

Input

FROM ubuntu:latest
USER root
COPY . /app
EXPOSE 22
CMD ["./start.sh"]

Output (abridged)

HIGH    'ubuntu:latest' is unpinned — builds are not reproducible and
        you cannot know what shipped. → pin a digest: ubuntu@sha256:…

HIGH    Container runs as root. A container escape starts as root.
        → RUN useradd -r -u 10001 app && USER 10001

MEDIUM  'COPY . /app' copies the build context — .git, .env and CI
        secrets included. → add a .dockerignore; copy explicit paths.

MEDIUM  EXPOSE 22 — SSH in a container is an anti-pattern.
        → use `docker exec`; drop sshd.

How it works

Deterministic rule pass, then AI interpretation.

Privacy

Config is sent to the AI provider. Redact secrets first.

Standards

CIS Docker BenchmarkCIS Kubernetes BenchmarkNIST CSF

Related tools

← All tools Manual home