Command Palette

Search for a command to run...

UnylyUnyly
Browse all

IAC Audit Pack

FreeNot checked

Four IaC audits in one call: Compose, Dockerfile, GitHub Actions, Kubernetes. 131 checks.

GitHubEmbed

About

Four IaC audits in one call: Compose, Dockerfile, GitHub Actions, Kubernetes. 131 checks.

README

Unbearable IaC Audit Pack — all four audit Actors under one MCP endpoint. Snyk-comparable scope at a fraction of the cost. Pay-per-event — only billed when a tool is actually called.

64 checks. 20 categories. 4 audit engines. 1 MCP endpoint.


What's included

Package Checks Categories Primary tool
Docker Compose audit 25 9 audit_compose
Dockerfile audit 19 5 audit_dockerfile
GitHub Actions audit 21 6 audit_github_actions
HU Postcode Validator 5 tools validate_postcode, lookup_city, …

Plus two bundle-only tools:

  • audit_all — paste a dict of filenames → content; auto-detects Dockerfile, compose, and workflow files and runs the right audit on each
  • list_all_checks — full cross-package check catalog in one call

Quick start (Claude Desktop)

{
  "mcpServers": {
    "iac-audit-pack": {
      "type": "http",
      "url": "https://unbearable-dev--iac-audit-pack.apify.actor/mcp",
      "headers": {
        "Authorization": "Bearer <your-apify-token>"
      }
    }
  }
}

Tool catalog

Aggregation (bundle-only)

Tool Description
audit_all(files, min_severity?) Multi-file detection + combined audit report
list_all_checks() All 64 checks across all three audit packages

Docker Compose (25 checks, 9 categories)

Tool Description
audit_compose(compose_yaml?, compose_url?, min_severity?) Full 25-check audit
check_privilege Privileged mode, cap_add, user namespace
check_network Host networking, exposed dangerous ports
check_secrets Hardcoded passwords, tokens in env vars
check_filesystem Docker socket mounts, host path mounts
check_resources Missing memory/CPU limits
check_image_hygiene Unpinned tags, latest usage
check_runtime_lifecycle Restart policies, healthchecks
check_logging Logging driver config
check_compose_hygiene Version field, service naming
list_checks_compose(category?) Check catalog

Dockerfile (19 checks, 5 categories)

Tool Description
audit_dockerfile(dockerfile_content?, dockerfile_url?, min_severity?) Full 19-check audit
check_base_image_dockerfile Unpinned base, latest, root user in FROM
check_instructions_dockerfile ADD vs COPY, COPY ordering, ENV secrets
check_security_dockerfile USER root, privilege escalation patterns
check_efficiency_dockerfile Layer count, cache busting
check_secrets_dockerfile Hardcoded secrets in RUN/ENV/ARG
list_checks_dockerfile(category?) Check catalog

GitHub Actions (21 checks, 6 categories)

Tool Description
audit_github_actions(workflow_yaml?, workflow_url?, min_severity?) Full 21-check audit
check_secrets_gha Leaked tokens, secret in run: blocks
check_permissions_gha Overly broad write-all permissions
check_action_pinning_gha Unpinned action refs (not SHA-pinned)
check_runner_security_gha Self-hosted runner risks
check_workflow_config_gha pull_request_target misuse, script injection
check_supply_chain_advanced_gha TeamPCP-class supply-chain patterns (GHA-201..208)
list_checks_github_actions(category?) Check catalog

HU Postcode Validator (5 tools)

Tool Description
validate_postcode(postcode) Settlement + county for a HU postcode
lookup_postcode(postcode) Alias for validate_postcode
lookup_city(city) All postcodes for a city (diacritic-insensitive)
validate_address(postcode, city) Postcode/city pairing validation
list_postcodes_in_county(county_name) All postcodes in a county
budapest_district_lookup(district_number) Budapest I-XXIII → postcodes

Pricing

Event USD
audit_all or any single-domain audit call $0.10
Single-domain audit (audit_compose, audit_dockerfile, audit_github_actions) $0.05
list_checks / discovery calls $0.005

Pay-per-event — no subscription, no monthly minimums. You pay only when a tool is invoked.

Architecture

Package-import (not proxy): all four sub-packages are bundled directly into the Actor image. Single cold start, single billing rail, no cross-Actor latency. See DESIGN.md for the full rationale.


Built by Noel @ Unbearable Labs — more like this in the weekly newsletter.

from github.com/UnbearableDev/iac-audit-pack

Installing IAC Audit Pack

This server has no published package — it is built from source. Open the repository and follow its README.

▸ github.com/UnbearableDev/iac-audit-pack

FAQ

Is IAC Audit Pack MCP free?

Yes, IAC Audit Pack MCP is free — one-click install via Unyly at no cost.

Does IAC Audit Pack need an API key?

No, IAC Audit Pack runs without API keys or environment variables.

Is IAC Audit Pack hosted or self-hosted?

A hosted option is available: Unyly runs the server in the cloud, no local setup required.

How do I install IAC Audit Pack in Claude Desktop, Claude Code or Cursor?

Open IAC Audit Pack on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare IAC Audit Pack with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All development MCPs