Free & Open Source

Spot security risks &
cut cloud costs instantly

Upload Terraform, Kubernetes YAML, Helm, Docker Compose, Dockerfile, Serverless, OpenAPI, GitHub Actions, Ansible, CloudFormation, ARM, draw.io, AWS Config, GCP Asset Inventory — or describe in plain English. 59+ security checks and 15+ cost optimisations, including AI/ML workload analysis.

Start Analyzing View on GitHub

ArchLens Report — my-startup-aws

[CRIT] S3 bucket 'assets' is publicly accessible terraform Fix: Set bucket ACL to private. Use pre-signed URLs for public content. [CRIT] Deployment 'api' runs a privileged container kubernetes Fix: Remove privileged: true. Use specific capabilities instead. [HIGH] LLM API keys may not be managed securely ai stack Fix: Store API keys in Secrets Manager. Use IAM roles — not hardcoded env vars. [HIGH] Workflow 'deploy.yml' has unpinned third-party actions github actions Fix: Pin actions to a full commit SHA (e.g. uses: org/action@a1b2c3d). [COST] GPU/ML compute — use Spot instances for training ai stack Fix: AWS Spot saves up to 90%. Checkpoint every epoch to resume on interruption. [COST] RDS db.r5.2xlarge may be oversized — est. -$687/mo terraform Fix: Switch to db.r5.large after reviewing CloudWatch metrics.

What it does

Everything you need to review your architecture

🔒

Security Analysis

59+ checks across cloud infra, Kubernetes, CI/CD pipelines, and AI stacks — public buckets, unencrypted data, overpermissive IAM, privileged containers, missing NetworkPolicies, exposed LLM endpoints, and more.

💰

Cost Optimization

15+ optimisations: oversized RDS, GPU spot instances for AI training, LLM API caching, SageMaker serverless rightsizing, NAT Gateway vs VPC endpoints, Reserved Instance savings, and more.

🤖

AI/ML Architecture Analysis

Detects your AI workload type — RAG pipeline, fine-tuning, real-time inference, batch processing, MLOps — and fires targeted findings: GPU cost, LLM key security, vector DB auth, semantic caching, and training/serving skew.

📄

Multi-Format Input

15 parsers: Terraform, Kubernetes YAML, Helm charts, Docker Compose, Dockerfile, Azure ARM, CloudFormation, Serverless Framework, OpenAPI/Swagger, GitHub Actions, Ansible, AWS Config, GCP Asset Inventory, draw.io, and plain English.

🔎

Actionable Findings

Every finding includes a clear fix recommendation and estimated monthly savings — not just a list of problems.

📄

Export Reports

Download findings as JSON or Markdown to share with your team or include in architecture review docs.

How it works

Three steps to a safer, cheaper stack

Provide your architecture

Upload any of 15 supported formats — Terraform, Kubernetes, Helm, Docker, Serverless, OpenAPI, Ansible, ARM and more — or describe in plain English

AI analyzes it

Runs 77+ security rules and cost checks across cloud infra, Kubernetes, containers, IAM, networking, CI/CD, and APIs

Get actionable findings

See exactly what to fix and how much you could save per month

Supported inputs

Works with what you already have

📄 Terraform (.tf)

☁ CloudFormation

💬 Plain English

👁 draw.io diagram

☁ AWS Config export

☁ GCP Asset Inventory

⎈ Kubernetes YAML

🚧 Helm Chart

🐋 Docker Compose

🐋 Dockerfile

☁ Azure ARM

📄 Serverless Framework

📄 OpenAPI / Swagger

⚙ GitHub Actions

⚙ Ansible Playbook

✏ Interactive Builder

Analyze your architecture

Whichever way you start, you get the same report below — security findings with fixes, estimated monthly savings, and JSON / Markdown export.

📂

Click to upload or drag & drop

Terraform · Kubernetes YAML · Helm · Docker Compose · Dockerfile · Azure ARM · CloudFormation · Serverless Framework · OpenAPI/Swagger · GitHub Actions · Ansible · draw.io · Text

🔎

Don't have a file to upload?

Pick the services in your stack — security & cost suggestions appear live as you go.

Your stack:

Click services above to add them

Analyzing your architecture...

Architecture

Security Findings

Cost Optimizations

Security Findings 0

Cost Optimizations 0

Spot security risks &cut cloud costs instantly