5-Minute Setup

Compliance Scanning on Every PR

Integrate Infraproof with your CI/CD pipeline. Block non-compliant Terraform before it reaches production. Works with GitHub, GitLab, Bitbucket, and any webhook-enabled system.

Get Your API Key See Setup Guide
Setup

Three Steps to Shift-Left Compliance

From sign-up to scanning in under 5 minutes. No agents to install, no complex configuration.

1

Get Your API Key

Sign up for free, go to Settings → Integrations, and create an API key with scan permissions.

2

Add to CI/CD

Copy the workflow snippet for your CI system. Add your API key as a secret.

3

Push & Scan

Every PR now runs compliance checks. Non-compliant code gets blocked with actionable feedback.

Platforms

Works With Your Stack

Native integrations for popular CI/CD platforms. Or use our webhook API for custom pipelines.

GitHub Actions

Native GitHub App integration. Scan PRs automatically, add status checks, and create fix PRs.

# .github/workflows/compliance.yml name: Compliance Check on: [pull_request] jobs: scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Scan Terraform run: | curl -X POST \ -H "X-API-Key: ${{ secrets.INFRAPROOF_API_KEY }}" \ -F "files=@main.tf" \ https://infraproof.io/api/v1/webhooks/scan

GitLab CI

Add compliance checks to your .gitlab-ci.yml. Block merge requests with violations.

# .gitlab-ci.yml compliance_scan: stage: test script: - | curl -X POST \ -H "X-API-Key: $INFRAPROOF_API_KEY" \ -F "files=@main.tf" \ https://infraproof.io/api/v1/webhooks/scan rules: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'

Bitbucket Pipelines

Integrate with Bitbucket Pipelines for automated compliance scanning on every PR.

# bitbucket-pipelines.yml pipelines: pull-requests: '**': - step: name: Compliance Scan script: - | curl -X POST \ -H "X-API-Key: $INFRAPROOF_API_KEY" \ -F "files=@main.tf" \ https://infraproof.io/api/v1/webhooks/scan

Webhook API

Use our REST API with any CI/CD system. Jenkins, CircleCI, Azure DevOps, or custom scripts.

# Generic webhook example curl -X POST \ https://infraproof.io/api/v1/webhooks/scan \ -H "X-API-Key: YOUR_API_KEY" \ -H "Content-Type: multipart/form-data" \ -F "files=@infrastructure/main.tf" \ -F "files=@infrastructure/variables.tf"
Capabilities

What You Get

Checkov + tfsec scanning
NIST 800-171 control mapping
Terraform plan analysis
Block on critical/high findings
AI-generated fix suggestions
Code snippets with line numbers
JSON response for automation
Dashboard visibility

Ready to Shift Left?

Get your API key and start scanning in under 5 minutes. Free tier includes unlimited scans.

Get Started Free