Skip to main content

InfraGuard

Policy Defined. Infrastructure Secured.

An Infrastructure as Code compliance pre-check CLI for Alibaba Cloud ROS templates. Catch security and compliance issues before they ever reach production.

$ brew tap aliyun/infraguard https://github.com/aliyun/infraguard && brew install infraguard
or
$ go install github.com/aliyun/infraguard/cmd/infraguard@latest
infraguard — scan
$ infraguard scan template.yaml -p rule:aliyun:ecs-available-disk-encrypted
🔴 High #1 Encryption protects data at rest from unauthorized access.

  template.yaml:8
  ┌────────┬─────────────────────────────┐
  │      6 │       ZoneId: cn-hangzhou-h │
  │      7 │       Size: 40              │
  │ >    8 │       Encrypted: false      │
  └────────┴─────────────────────────────┘

  Rule ID: rule:aliyun:ecs-available-disk-encrypted
  Resource: Disk
  Recommendation: Set the 'Encrypted' property of ECS disks to true.

──────────────────── Scan Results ────────────────────
  Total: 1 | High: 1 | Medium: 0 | Low: 0
300+Built-in rules
7Languages
1Zero-dependency binary
GoBuilt for speed
Why InfraGuard

Everything you need to ship compliant infrastructure

Pre-deployment Validation

Catch compliance and security issues before they reach production. Scan your ROS templates locally during development.

Hundreds of Built-in Rules

Comprehensive coverage for Aliyun services including ECS, RDS, OSS, ACK, and more with dozens of compliance packs.

Multiple Formats

Get results in table, JSON, or interactive HTML reports. Easily integrate with CI/CD pipelines.

Extensible & Open

Write custom policies using Rego (Open Policy Agent). Built on proven technologies and fully open source.

Internationalization

Full support for 7 languages: English, Chinese, Spanish, French, German, Japanese, and Portuguese. All rules, packs, and documentation available in multiple languages.

Fast & Lightweight

Built in Go for speed and efficiency. Single binary with no dependencies. Scan large templates in seconds.

Consistency at scale

Standardize Your Infrastructure

InfraGuard gives you a unified way to enforce best practices across your organization. Whether you rely on official Aliyun compliance packs or your own custom rules, every deployment stays consistent and secure.

  • Prevent insecure deployments before they happen
  • Standardize infrastructure across every team
  • Automate compliance audits in your CI/CD pipeline
Learn More
1
WriteAuthor your ROS templates as usual
2
ScanInfraGuard checks them against policy
DeployShip with confidence, fully compliant

Ready to secure your infrastructure?

Install InfraGuard and run your first compliance scan in under a minute.