Security & Trust

Catch misconfigurations before they reach production.

Stratocraft analyzes infrastructure-as-code (Terraform, CloudFormation, Kubernetes) to find security gaps before they become production incidents. Every finding includes a copy-ready fix — not just a warning.

What We Do Today

Stratocraft scans your infrastructure config and surfaces security gaps with context, severity, and a specific fix — in under 60 seconds.

  • Scans Terraform, CloudFormation, and Kubernetes configs
  • Cross-resource reasoning — finds systemic security gaps that single-resource tools miss
  • Copy-ready Terraform diffs embedded directly in findings (paste and apply)
  • Streaming findings with benchmark comparisons against CIS and AWS WAF baselines
  • Six industry verticals, four spend tiers — benchmarks tailored to your context
  • Severity scoring with component, issue, risk, and fix for every finding

🔒 No AI Training — Ever

Your infrastructure data is never used to train AI models. Configs are processed for your analysis only, then handled per our retention policy below. No exceptions.

🗄️ Data Retention

ScenarioPolicy
Active accountsRetained while active, deletable on demand
After account deletionAll data purged within 30 days
Anonymous / free analysesAuto-deleted after 30 days

🔐 Encryption

In transit: TLS 1.2+ on all connections.
At rest: AES-256 encryption via managed PostgreSQL.
Credentials: API keys and secrets are never stored — only infrastructure topology is analyzed.

🧱 Infrastructure Isolation

Each analysis runs in an isolated process. No cross-tenant data access. Configs are parsed in memory, not written to disk during analysis.

🛡️ Access Controls

No human access to customer configs by design. Analysis content is not logged. Admin access requires MFA and audit trail.

🚀 Coming Soon

The following capabilities are on the roadmap — not yet built:

  • Drift detection Planned — compare live infrastructure against your IaC baseline; catch resources provisioned outside your config
  • Compliance framework mapping Planned — SOC 2, HIPAA, PCI DSS, NIST mapped to your findings
  • CI/CD integration Planned — block bad configs from reaching production via pre-commit hooks or pipeline gates
  • Continuous monitoring Planned — scheduled re-analysis with delta reports when your infrastructure changes
  • GCP and Azure parity Planned — CloudFormation covers AWS today; GCP/Azure support is in progress

📋 Compliance

GDPR: Compliant — EU data handling, right to deletion
SOC 2 Type II: Planned — we do not claim this today.

Enterprise customers: contact us for our security questionnaire.

Analyze Your Infrastructure →
← Back to Homepage