We can currently scan AWS terraform plans. If you have some other bit of infrastructure you want to analyze (Azure? Vault? Kubernetes?) let us know.
Semdiff is a static analyzer. It imports terraform plans into datalog and uses a combination of a high-performance datalog engine and symbolic reasoning to discover all possible ways resources can interact and checks how these interactions would change after the plan was applied - then presents this in an easy to understand diff-like format.
Most IaC scanners focus on shallow properties of the resources, for example if encryption is enabled on an EFS volume. Semdiff goes a step further and can reason about how resources affect each other, e.g. to determine who can access what resource by analyzing group memberships, IAM policies, SCPs and so on.
Semdiff integrates with Terraform Cloud, Atlantis and Env0. We also have a CLI and a REST API endpoint.
Thank you for signing up, we'll be in touch shortly!