Facebook Pixel


BrainIAC uses static code analysis to analyze IAC code to detect security issues before deployment. This tool can scan for issues like security policy misconfigurations, insecure cloud-based services, and compliance issues.

An Open Source tool for Infrastructure as Code

BrainIAC performs a comprehensive code scan and generates reports containing detailed insights into the identified issues.
Magnifying Glass Icon
Scans IAC files for misconfiguration.
Table Icon
Converts between formats such as JSON and Table brainIAC own format.
Book Icon
Has hundreds of pre-defined rules.
File Directory Icon
Scans a target directory to fill in multiple results.
Screenshot of Command Prompt screen running BrainIAC

Provides a comprehensive index of Kubernetes policies

Prevent specific workloads from deploying in the cluster.
•     Finds vulnerabilities with static code analysis
•     Scans for misconfiguration and compliance issues
•     Generates detailed reports
BrainIAC and Kubernetes logo inside the loptop screen icon
BrainIAC and Terraform logo inside the loptop screen icon

Offers an extensive directory of Terraform AWS, ARM and OCI policies index.

Provisioning and managing infrastructure resources.
•     Seamless resource creation
•     Naming convention for resources
•     Ensure access controls

Coming soon in different platforms

BrainIAC will be on more platforms in the future.
•     Azure Resource Manager
•     Google Cloud Platform
•     Alibaba Cloud
•     Kubernetes
•     DigitalOcean
•     Yandex Cloud
•     Palo Alto Networks
•     Docker
•     CloudFormation
•     Serverles Framework
•     AWS SAM
•     ARM Template Files
Docker, CloudFormation and Serverless Framework logo inside the loptop screen icon

Supported Installation OS

BrainIAC currently supports the following operating systems:
Windows Logo
BrainIAC is compatible with Windows OS and is optimized for amd64 architecture. It can be run on Windows machines to protect your IaC files from a variety of potential threats.
Mac OS Logo
With support for both arm64 and amd64 architectures, BrainIAC effectively scans and analyzes your IaC files on Mac.
Linux Logo
BrainIAC provides comprehensive IaC analysis and supports amd64, arm64, ppc64le, and s390x on Linux.

Installation Guide

Supercharge the security of your IaC files and elevate your defenses. Install BrainIAC, the latest open-source security scanning and analysis tool in the market!


curl -sSfL https://raw.githubusercontent.com/carbonetes/brainiac/main/install.sh | sh -s -- -d /usr/local/bin
You can specify a release version and destination directory for the installation:
curl -sSfL https://raw.githubusercontent.com/carbonetes/brainiac/main/install.sh | sh -s -- -d  -v 

Getting Started

You can specify a release version and destination directory for the installation:
brainiac -f 
Scan multiple file in a directory
brainiac -d . 

Using Docker

docker pull carbonetes/brainiac 
Scan a directory
docker run -t -v {path_to_host_folder}:/tmpPath carbonetes/brainiac:latest -d /tmpPath 
Scan a single file
docker run -t -v {path_to_host_folder}:/tmpPath carbonetes/brainiac:latest -f /path/{filename}.{extension} 

Available Commands and their flags with description:

Brainiac [flag] 
Root Flags Description
-f --file File to scan
-d -dir Read directly from a path on disk (any directory) (e.g. 'brainiac -d path/to/dir)' (can not be used together with --file).
-o --output Format to display results (table, json) (default "table")
-v --version Print BrainIAC version

Output Formats

The output format for BrainIAC is configurable as well using the -o (or --output ) option:
The available formats are:
  • table : A Tabular summary (default).
  • json : Use this to get as much information out of BrainIAC.

Get started With BrainIAC