Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

IAC Audit Pack

БесплатноНе проверен

Four IaC audits in one call: Compose, Dockerfile, GitHub Actions, Kubernetes. 131 checks.

GitHubEmbed

Описание

Four IaC audits in one call: Compose, Dockerfile, GitHub Actions, Kubernetes. 131 checks.

README

Unbearable IaC Audit Pack — all four audit Actors under one MCP endpoint. Snyk-comparable scope at a fraction of the cost. Pay-per-event — only billed when a tool is actually called.

64 checks. 20 categories. 4 audit engines. 1 MCP endpoint.


What's included

Package Checks Categories Primary tool
Docker Compose audit 25 9 audit_compose
Dockerfile audit 19 5 audit_dockerfile
GitHub Actions audit 21 6 audit_github_actions
HU Postcode Validator 5 tools validate_postcode, lookup_city, …

Plus two bundle-only tools:

  • audit_all — paste a dict of filenames → content; auto-detects Dockerfile, compose, and workflow files and runs the right audit on each
  • list_all_checks — full cross-package check catalog in one call

Quick start (Claude Desktop)

{
  "mcpServers": {
    "iac-audit-pack": {
      "type": "http",
      "url": "https://unbearable-dev--iac-audit-pack.apify.actor/mcp",
      "headers": {
        "Authorization": "Bearer <your-apify-token>"
      }
    }
  }
}

Tool catalog

Aggregation (bundle-only)

Tool Description
audit_all(files, min_severity?) Multi-file detection + combined audit report
list_all_checks() All 64 checks across all three audit packages

Docker Compose (25 checks, 9 categories)

Tool Description
audit_compose(compose_yaml?, compose_url?, min_severity?) Full 25-check audit
check_privilege Privileged mode, cap_add, user namespace
check_network Host networking, exposed dangerous ports
check_secrets Hardcoded passwords, tokens in env vars
check_filesystem Docker socket mounts, host path mounts
check_resources Missing memory/CPU limits
check_image_hygiene Unpinned tags, latest usage
check_runtime_lifecycle Restart policies, healthchecks
check_logging Logging driver config
check_compose_hygiene Version field, service naming
list_checks_compose(category?) Check catalog

Dockerfile (19 checks, 5 categories)

Tool Description
audit_dockerfile(dockerfile_content?, dockerfile_url?, min_severity?) Full 19-check audit
check_base_image_dockerfile Unpinned base, latest, root user in FROM
check_instructions_dockerfile ADD vs COPY, COPY ordering, ENV secrets
check_security_dockerfile USER root, privilege escalation patterns
check_efficiency_dockerfile Layer count, cache busting
check_secrets_dockerfile Hardcoded secrets in RUN/ENV/ARG
list_checks_dockerfile(category?) Check catalog

GitHub Actions (21 checks, 6 categories)

Tool Description
audit_github_actions(workflow_yaml?, workflow_url?, min_severity?) Full 21-check audit
check_secrets_gha Leaked tokens, secret in run: blocks
check_permissions_gha Overly broad write-all permissions
check_action_pinning_gha Unpinned action refs (not SHA-pinned)
check_runner_security_gha Self-hosted runner risks
check_workflow_config_gha pull_request_target misuse, script injection
check_supply_chain_advanced_gha TeamPCP-class supply-chain patterns (GHA-201..208)
list_checks_github_actions(category?) Check catalog

HU Postcode Validator (5 tools)

Tool Description
validate_postcode(postcode) Settlement + county for a HU postcode
lookup_postcode(postcode) Alias for validate_postcode
lookup_city(city) All postcodes for a city (diacritic-insensitive)
validate_address(postcode, city) Postcode/city pairing validation
list_postcodes_in_county(county_name) All postcodes in a county
budapest_district_lookup(district_number) Budapest I-XXIII → postcodes

Pricing

Event USD
audit_all or any single-domain audit call $0.10
Single-domain audit (audit_compose, audit_dockerfile, audit_github_actions) $0.05
list_checks / discovery calls $0.005

Pay-per-event — no subscription, no monthly minimums. You pay only when a tool is invoked.

Architecture

Package-import (not proxy): all four sub-packages are bundled directly into the Actor image. Single cold start, single billing rail, no cross-Actor latency. See DESIGN.md for the full rationale.


Built by Noel @ Unbearable Labs — more like this in the weekly newsletter.

from github.com/UnbearableDev/iac-audit-pack

Установка IAC Audit Pack

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/UnbearableDev/iac-audit-pack

FAQ

IAC Audit Pack MCP бесплатный?

Да, IAC Audit Pack MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для IAC Audit Pack?

Нет, IAC Audit Pack работает без API-ключей и переменных окружения.

IAC Audit Pack — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить IAC Audit Pack в Claude Desktop, Claude Code или Cursor?

Открой IAC Audit Pack на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare IAC Audit Pack with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development