One scan. Complete compliance visibility.

The only tool that correlates Terraform, runtime, and drift for true compliance state

Comprehensive compliance scanning

From detection to remediation, everything you need for audit readiness

See the full picture

Scan Terraform code with Checkov, live AWS with Prowler, detect drift with terraform plan. Most tools show you one. We show you all three.

  • Static analysis of Terraform/OpenTofu code
  • Runtime scanning of live AWS environment
  • Drift detection between code and reality
Multi-source scanning diagram
Terraform Code
Static analysis via Checkov
Live AWS Environment
Runtime scan via Prowler
IntendCloud Audit Report
Correlated findings + drift detection
Cross-framework deduplication example
Finding: S3 Encryption Disabled
Bucket: prod-customer-data
This fix resolves 4 framework violations:
CIS 2.1.1S3 bucket encryption
SOC2 CC6.1Data encryption at rest
ISO 27001 A.8.24Cryptographic controls
PCI-DSS 3.4Encryption of cardholder data

One fix, multiple frameworks

Enable S3 encryption and satisfy CIS 2.1.1, SOC2 CC6.1, ISO 27001 A.8.24, and PCI-DSS 3.4. We show you the overlaps others miss.

  • Automatic mapping across all frameworks
  • Reduces remediation work by 60%+
  • Smart prioritization of high-impact fixes

Catch manual changes before auditors do

Your Terraform says encryption enabled. AWS says disabled. Someone broke it manually 3 days ago. We tell you exactly what drifted and when.

  • Real-time drift detection
  • Identifies manual console changes
  • Compliance impact analysis
Code vs Reality comparison
Terraform Code
✓ Encryption: Enabled
✓ Versioning: On
✓ Public Access: Blocked
Live AWS
✗ Encryption: Disabled
✓ Versioning: On
✓ Public Access: Blocked
Drift Detected
Changed: 3 days ago
Impact: 4 framework violations
auto-fix.tfhcl
# Auto-generated fix for S3 encryption (CIS 2.1.1, SOC2 CC6.1, ISO 27001 A.8.24)
resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
  bucket = aws_s3_bucket.example.id

  rule {
    apply_server_side_encryption_by_default {
      sse_algorithm = "AES256"
    }
  }
}

Don't just report. Fix.

Every finding includes the Terraform code to fix it. Copy, review, apply. No more "here are 47 problems, good luck figuring out the fixes."

  • Production-ready Terraform code
  • Includes framework control IDs in comments
  • Copy-paste ready, no manual translation

Beautiful reports your board will actually read

HTML reports with interactive charts, PDF exports with clean typography, CSV for compliance teams. Evidence packages for auditors with per-control exports.

  • Interactive HTML with dark theme
  • PDF for auditors, JSON/CSV for automation
  • Shareable links for team collaboration
Sample HTML Report Preview
Compliance Score73%
3
Critical
12
High
18
Medium
Top Findings:
• S3 encryption disabled
• CloudTrail logging disabled
• MFA not enforced for IAM users
GitHub Actions Workflow Example
name: Compliance Scan
on: [push, pull_request]
jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run IntendCloud Audit
        run: |
          intend audit --ci \
            --frameworks cis-aws,soc2 \
            --severity-threshold high
      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: audit-results.sarif

Shift-left compliance

Run in GitHub Actions, fail builds on critical findings, track compliance over time. SARIF output for GitHub Advanced Security integration.

  • GitHub Actions, GitLab CI, CircleCI support
  • SARIF output for security dashboards
  • Baseline trending over time

Support for major compliance frameworks

Comprehensive coverage with monthly updates

CIS AWS Foundations

FREE

120 security controls

Benchmark v3.0.0

SOC 2 Type II

PAID

73 trust service criteria

AICPA 2023

ISO 27001:2022

PAID

93 information security controls

Latest 2022 revision

DORA

PRO

EU financial services regulation

Digital Operational Resilience Act

NIST 800-53

PRO

US federal security controls

Revision 5

PCI-DSS v4.0

PRO

Payment card industry standards

Latest version 4.0

MAS TRM

Q2 2026

Singapore financial technology risk

Monetary Authority of Singapore

BNM RMiT

Q2 2026

Malaysia financial technology risk

Bank Negara Malaysia

MAS Cyber Hygiene

Q2 2026

Singapore cyber hygiene notice

MAS FSM-N06

More frameworks added monthly. Request custom framework mapping for Enterprise plans.

Financial Services in APAC?

IntendCloud is the only compliance scanner that maps AWS controls to MAS TRM, BNM RMiT, and regional data protection laws.

Already DORA-compliant in the EU? We show you what's already covered in Singapore and Malaysia — and where the gaps are. Stop maintaining separate compliance spreadsheets for each region.

Singapore MASMalaysia BNMAPAC PDPA

How we compare

The only tool that does it all

CapabilityIntendCloudCheckovProwlerWiz/Orca
IaC Scanning
Runtime Scanning
Drift Detection
Cross-Framework MappingPartial
Terraform Remediation
Beautiful Reports
APAC Framework Support
Price$49/moFreeFree$$$$$

Get early access to free CIS AWS scanning

No credit card required. Join the waitlist for early access.

Join WaitlistSee Pricing