§ Pricing

Custom enterprise contracts.

TrustFix is invitation-only while we onboard our first enterprise customers. Tell us about your team — cloud(s) in scope, security-review timeline, expected user count — and we’ll respond within two business days with terms scoped to your environment.

Request access Talk to the founder

§ 01 · What's in every engagement

One engagement. Everything included.

Detect across 5 platforms

451 detector implementations spanning AWS, GCP, Azure, GitHub, GitLab, and Bitbucket — across IAM trust policies, RBAC bindings, custom roles, CI/CD pipelines, and Workload Identity Federation.

Validate with formal verification

Every fix passes through 8 sequential validation stages, including Z3 SMT-LIB proofs of narrowing-direction invariants over a cross-cloud canonical IAM model.

Ship as pull requests

Native PR delivery to GitHub, GitLab, or Bitbucket. 18 cloud × host × fixKind combinations operational. 450 pre-validated templates.

Encrypt every credential

AES-256-GCM with per-tenant data-encryption keys. organizationId is bound into the encryption context so a database breach cannot decrypt cross-tenant ciphertext.

Audit-grade compliance

6-section SOC2 evidence export with HMAC-signed download URL. SAML 2.0 + OIDC SSO via Clerk. Per-customer entitlements. Customer audit log with configurable retention.

§ 02 · Talk to us

Two business-day response. No sales playbook.

The founder reviews every submission personally.

Request access Try the open-source CLI