IAC Audit Pack
БесплатноНе проверенFour IaC audits in one call: Compose, Dockerfile, GitHub Actions, Kubernetes. 131 checks.
Описание
Four IaC audits in one call: Compose, Dockerfile, GitHub Actions, Kubernetes. 131 checks.
README
Unbearable IaC Audit Pack — all four audit Actors under one MCP endpoint. Snyk-comparable scope at a fraction of the cost. Pay-per-event — only billed when a tool is actually called.
64 checks. 20 categories. 4 audit engines. 1 MCP endpoint.
What's included
| Package | Checks | Categories | Primary tool |
|---|---|---|---|
| Docker Compose audit | 25 | 9 | audit_compose |
| Dockerfile audit | 19 | 5 | audit_dockerfile |
| GitHub Actions audit | 21 | 6 | audit_github_actions |
| HU Postcode Validator | 5 tools | — | validate_postcode, lookup_city, … |
Plus two bundle-only tools:
audit_all— paste a dict of filenames → content; auto-detects Dockerfile, compose, and workflow files and runs the right audit on eachlist_all_checks— full cross-package check catalog in one call
Quick start (Claude Desktop)
{
"mcpServers": {
"iac-audit-pack": {
"type": "http",
"url": "https://unbearable-dev--iac-audit-pack.apify.actor/mcp",
"headers": {
"Authorization": "Bearer <your-apify-token>"
}
}
}
}
Tool catalog
Aggregation (bundle-only)
| Tool | Description |
|---|---|
audit_all(files, min_severity?) |
Multi-file detection + combined audit report |
list_all_checks() |
All 64 checks across all three audit packages |
Docker Compose (25 checks, 9 categories)
| Tool | Description |
|---|---|
audit_compose(compose_yaml?, compose_url?, min_severity?) |
Full 25-check audit |
check_privilege |
Privileged mode, cap_add, user namespace |
check_network |
Host networking, exposed dangerous ports |
check_secrets |
Hardcoded passwords, tokens in env vars |
check_filesystem |
Docker socket mounts, host path mounts |
check_resources |
Missing memory/CPU limits |
check_image_hygiene |
Unpinned tags, latest usage |
check_runtime_lifecycle |
Restart policies, healthchecks |
check_logging |
Logging driver config |
check_compose_hygiene |
Version field, service naming |
list_checks_compose(category?) |
Check catalog |
Dockerfile (19 checks, 5 categories)
| Tool | Description |
|---|---|
audit_dockerfile(dockerfile_content?, dockerfile_url?, min_severity?) |
Full 19-check audit |
check_base_image_dockerfile |
Unpinned base, latest, root user in FROM |
check_instructions_dockerfile |
ADD vs COPY, COPY ordering, ENV secrets |
check_security_dockerfile |
USER root, privilege escalation patterns |
check_efficiency_dockerfile |
Layer count, cache busting |
check_secrets_dockerfile |
Hardcoded secrets in RUN/ENV/ARG |
list_checks_dockerfile(category?) |
Check catalog |
GitHub Actions (21 checks, 6 categories)
| Tool | Description |
|---|---|
audit_github_actions(workflow_yaml?, workflow_url?, min_severity?) |
Full 21-check audit |
check_secrets_gha |
Leaked tokens, secret in run: blocks |
check_permissions_gha |
Overly broad write-all permissions |
check_action_pinning_gha |
Unpinned action refs (not SHA-pinned) |
check_runner_security_gha |
Self-hosted runner risks |
check_workflow_config_gha |
pull_request_target misuse, script injection |
check_supply_chain_advanced_gha |
TeamPCP-class supply-chain patterns (GHA-201..208) |
list_checks_github_actions(category?) |
Check catalog |
HU Postcode Validator (5 tools)
| Tool | Description |
|---|---|
validate_postcode(postcode) |
Settlement + county for a HU postcode |
lookup_postcode(postcode) |
Alias for validate_postcode |
lookup_city(city) |
All postcodes for a city (diacritic-insensitive) |
validate_address(postcode, city) |
Postcode/city pairing validation |
list_postcodes_in_county(county_name) |
All postcodes in a county |
budapest_district_lookup(district_number) |
Budapest I-XXIII → postcodes |
Pricing
| Event | USD |
|---|---|
audit_all or any single-domain audit call |
$0.10 |
Single-domain audit (audit_compose, audit_dockerfile, audit_github_actions) |
$0.05 |
list_checks / discovery calls |
$0.005 |
Pay-per-event — no subscription, no monthly minimums. You pay only when a tool is invoked.
Architecture
Package-import (not proxy): all four sub-packages are bundled directly into the
Actor image. Single cold start, single billing rail, no cross-Actor latency.
See DESIGN.md for the full rationale.
Built by Noel @ Unbearable Labs — more like this in the weekly newsletter.
Установка IAC Audit Pack
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/UnbearableDev/iac-audit-packFAQ
IAC Audit Pack MCP бесплатный?
Да, IAC Audit Pack MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для IAC Audit Pack?
Нет, IAC Audit Pack работает без API-ключей и переменных окружения.
IAC Audit Pack — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить IAC Audit Pack в Claude Desktop, Claude Code или Cursor?
Открой IAC Audit Pack на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare IAC Audit Pack with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
