NewN-Day-BenchLearn more
winfunc
INFRA

Infrastructure & Cloud

Find misconfigurations and exposures across cloud environments and infrastructure.

Winfunc scans your infrastructure-as-code, cloud configurations, and container definitions to detect misconfigurations, exposed secrets, and compliance violations before they reach production. Supports Terraform, CloudFormation, Pulumi, Kubernetes manifests, and Dockerfiles.

Key Capabilities

Infrastructure-as-Code scanning for Terraform, CloudFormation, and Pulumi
Kubernetes manifest security analysis and policy enforcement
Docker image and Dockerfile vulnerability scanning
Cloud IAM policy review — overly permissive roles and unused credentials
Secrets detection in configuration files and environment variables
Network exposure analysis — open ports, public endpoints, missing firewalls
CIS Benchmark compliance mapping for AWS, GCP, and Azure
Storage misconfiguration detection — public S3 buckets, unencrypted volumes
Drift detection between declared infrastructure and actual cloud state
Integration with cloud provider APIs for real-time posture assessment
Severity-based prioritization with business context
Automated remediation suggestions with IaC patch generation

IaC Analysis

Deep static analysis of Terraform, CloudFormation, and Pulumi templates. Detects misconfigurations, insecure defaults, and compliance violations before deployment.

Cloud Posture Management

Continuous assessment of your cloud environment against CIS benchmarks and industry best practices. Identifies drift between intended and actual configuration.

Container Security

Scan Dockerfiles and container images for known CVEs, misconfigured permissions, and insecure base images. Integrates into your CI pipeline for pre-deploy gates.

Secrets Detection

High-precision detection of API keys, tokens, passwords, and certificates embedded in IaC templates, configuration files, and environment definitions.

Compliance Mapping

Automatically map findings to compliance frameworks — CIS, SOC 2, ISO 27001, PCI DSS, HIPAA. Generate audit-ready reports with evidence and remediation guidance.

Network Exposure

Identify publicly accessible resources, open security groups, missing encryption in transit, and network paths that violate your security policy.

Ready to secure your codebase?