Make changes with confidence

Did we truly revoke Alice's permissions? Semdiff will tell you - directly on the PR.

Device frame

Take the guesswork out of security configuration

Always know what you're actually granting access to

  • Semdiff2 cut
  • Semdiff2 cut
  • Semdiff2 cut

Free for small teams

Use Semdiff for up to 100 analysis runs / month for free.

  • Free

    ideal for small teams or side-projects. Includes all analysis features up to 100 analysis runs a month.
  • Enterprise

    Contact us
    Perfect for teams of any scale. Run semdiff on-prem, on your own cloud or as SaaS, create custom analyses and integrations. Includes premium support.

So, what is semdiff exactly?

Semdiff is a terraform static analyzer for AWS. It scans your PRs that contains terraform code, analyzes how that change would affect the permissions of every user, taking into account group memberships, IAM conditions, SCPs and so on, and shows the effective difference as a simple, condensed diff.

Semdiff makes reviewing terraform PRs easier

One benefit of using Semdiff is speeding up PR reviews. Manual reviews are much easier when you know exactly who gains or loses what permissions. You can also specify rules such as "if no users gain any new permissions then no review is required from security", and semdiff will automatically approve these PRs for you.

Prevent data breaches with semantic analysis

The most common cause of data breaches is cloud misconfiguration, usually improper permissions or network security settings. Detecting these at scale requires a deep understanding of how permissions and network security policies are evaluated and how a change would affect your whole infrastructure. This is the power of semantic analysis .


Check out these posts form our blog!

The case for semantic analysis

What is semantic analysis and why should you care?
Swiss cheese