Enterprise Security

Infrastructure as Code
Vulnerability Scanner.

Archshield analyzes Terraform configurations to detect security risks, estimate cloud costs, and enforce compliance policies before deployment.

View Project

The Challenge.

Cloud misconfigurations cause 80% of data breaches. Manual code reviews are slow and error-prone. We needed a solution that parses Terraform files (HCL) statically, identifies open ports, unencrypted buckets, and IAM privileges, and provides actionable remediation steps instantly.

0.4s

Analysis Time

Average time to parse and scan a 2000-line Terraform module.

120+

Security Rules

Pre-defined checks for AWS, Azure, and GCP compliance (CIS, NIST).

100%

Local Execution

Code never leaves your infrastructure. Full privacy compliance.

Technical Architecture.

Hexagonal Architecture separating core business logic from outer API layers.

Backend Logic (Python)

FastAPI for high-performance Async I/O.
Pydantic for rigid data validation and schema enforcement.
SQLAlchemy ORM with PostgreSQL for persistent storage.

                    class ArchitectureParser:
                    def scan_resource(self, resource):
                    # Check for unencrypted S3 buckets
                    if resource.type == "aws_s3_bucket":
                    if not resource.server_side_encryption:
                    return "CRITICAL: Bucket missing
                        encryption"

                    # Check for open security groups
                    if resource.ingress.cidr == "0.0.0.0/0":
                    return "WARNING: Port open to world"
                

Infrastructure as CodeVulnerability Scanner.