Get started in 60 seconds

Scan your first AWS account and see your compliance score

Quick Start

Install

# macOS (Homebrew)
brew install intendcloud/tap/intend

# Linux
curl -sSL https://intendcloud.com/install.sh | bash

# Or download binary
# Visit github.com/intendcloud/platform/releases

Requirements: macOS (arm64/amd64), Linux (amd64), or Windows (amd64). Requires AWS CLI configured with appropriate permissions.

Configure AWS Credentials

# Make sure you have AWS credentials configured
aws configure

# Or set environment variables
export AWS_PROFILE=production
export AWS_REGION=us-east-1

Required IAM permissions: ReadOnly access to scan AWS resources. Minimum: SecurityAudit managed policy.

Run Your First Scan

intend audit --frameworks cis-aws

~60s

Typical scan time

120

CIS AWS controls

Free forever

View Your Report

# Report opens in browser automatically
# Or find it at:
./audit-report-$(date +%Y%m%d).html

Report opens automatically in your default browser. Interactive HTML with filtering, charts, and exportable findings.

Common Commands

CLI Commandsbash

# Scan Terraform code + live AWS
intend audit --terraform-dir ./infra

# Multi-account scan
intend audit --accounts 123456789,987654321

# Generate Terraform fixes
intend audit --fix --fix-output ./fixes/

# CI/CD mode (exit 1 on critical findings)
intend audit --ci --severity-threshold critical

# Compare against baseline
intend audit --baseline ./last-scan.json

# Specific frameworks (requires license)
intend audit --frameworks soc2,iso27001

# All frameworks
intend audit --frameworks all

# Export in different formats
intend audit --output-format pdf
intend audit --output-format json
intend audit --output-format csv

Exit Codes

0 - Success, no critical findings

1 - Findings above threshold

2 - Scan error

Output Formats

html - Interactive report (default)

pdf - For auditors

json - For automation

csv - For spreadsheets

sarif - For GitHub Security

Configuration File

Save time by creating an audit-config.yaml file in your project root. CLI flags override config file values.

audit-config.yamlyaml

# audit-config.yaml
intend_audit:
  version: "1.0"

provider:
  name: aws
  region: us-east-1
  profile: production

terraform:
  directories:
    - path: ./infra/production
    - path: ./modules/networking

compliance:
  frameworks:
    - cis-aws
    - soc2
  severity_threshold: high
  
reporting:
  formats: [html, pdf, json]
  output_dir: ./reports/
  
scan_options:
  drift_detection: true
  auto_remediation: true
  remediation_output: ./fixes/

Run intend audit in the same directory to use this config automatically.

CI/CD Integration

GitHub Actions

.github/workflows/compliance.ymlyaml

# .github/workflows/compliance.yml
name: Compliance Scan
on: 
  push:
    branches: [main, develop]
  pull_request:

jobs:
  audit:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
    
    steps:
      - uses: actions/checkout@v3
      
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
          aws-region: us-east-1
      
      - name: Install IntendCloud Audit
        run: |
          curl -sSL https://intendcloud.com/install.sh | bash
          echo "$HOME/.intendcloud/bin" >> $GITHUB_PATH
      
      - name: Run Compliance Scan
        env:
          INTEND_LICENSE_KEY: ${{ secrets.INTEND_LICENSE_KEY }}
        run: |
          intend audit \
            --ci \
            --frameworks cis-aws,soc2 \
            --severity-threshold high \
            --output-format sarif
      
      - name: Upload SARIF to GitHub Security
        uses: github/codeql-action/upload-sarif@v2
        if: always()
        with:
          sarif_file: audit-results.sarif
      
      - name: Upload HTML Report
        uses: actions/upload-artifact@v3
        if: always()
        with:
          name: compliance-report
          path: audit-report-*.html

GitLab CI

.gitlab-ci.ymlyaml

# .gitlab-ci.yml
compliance_scan:
  stage: test
  image: ubuntu:22.04
  
  before_script:
    - apt-get update && apt-get install -y curl
    - curl -sSL https://intendcloud.com/install.sh | bash
    - export PATH="$HOME/.intendcloud/bin:$PATH"
  
  script:
    - intend audit --ci --frameworks cis-aws,soc2 --severity-threshold high
  
  artifacts:
    when: always
    paths:
      - audit-report-*.html
      - audit-results.json
    reports:
      junit: audit-results.junit.xml
  
  only:
    - main
    - merge_requests

License Key for Paid Features

For SOC2, ISO 27001, and other paid frameworks, set your license key as an environment variable:

export INTEND_LICENSE_KEY=your_license_key_here

Get your license key from your account dashboard after subscribing.

Supported Frameworks

CIS AWS Foundations

FREE

120 security controls

--frameworks cis-aws

SOC 2 Type II

STARTER

73 trust service criteria

--frameworks soc2

ISO 27001:2022

STARTER

93 information security controls

--frameworks iso27001

DORA

PRO

EU financial services regulation

--frameworks dora

NIST 800-53

PRO

US federal security controls

--frameworks nist-800-53

PCI-DSS v4.0

PRO

Payment card industry standards

--frameworks pci-dss

MAS TRM

PRO

Singapore financial services (MAS Technology Risk Management)

--frameworks mas-trm

BNM RMiT

PRO

Malaysia financial services (Bank Negara Risk Management in Technology)

--frameworks bnm-rmit

Next Steps

GitHub Repository

View source code, report issues, and contribute

Full Documentation

Coming soon - In-depth guides and tutorials

Slack Community

Coming soon - Join other users and get help

Example Reports

Coming soon - View sample audit reports

Getting Help

Email

hello@intendcloud.com

Response within 24 hours

GitHub Issues

Report bugs

Public issue tracker

Slack

Coming soon

Community chat

Ready to scan your AWS environment?

Install the CLI and run your first free CIS scan in 60 seconds

View Pricing