Request access to TrustFix

Multi-cloud detection

AWS · GCP · Azure. 451 detector implementations across 5 platforms — OIDC trust gaps, fork-PR risk, over-privileged identities, cross-account trust.

Formal verification

5 Z3 SMT narrowing-direction invariants prove every fix narrows permissions before a PR is opened. No regressions.

Pull request delivery

Fixes ship as Terraform PRs across GitHub, GitLab, and Bitbucket. 18 (cloud × host × fix-kind) orchestration combinations.

Enterprise security

AES-256-GCM envelope encryption, per-tenant DEKs, encryption-context bound to organizationId. KMS-backed credential storage.

SOC2 evidence

6-section audit bundle: access log, credential audit, finding transitions, fix attempts, KMS rotation, encryption evidence. 365-day retention.