OIDC trust gap scanner for AWS IAM and GitHub Actions

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for vikavilabs from gravatar.com vikavilabs

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Vijaybhasker Pagidoju
  • Tags oidc , aws , iam , security , github-actions , terraform , devsecops
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

TrustFix

OIDC trust gap scanner for AWS IAM and GitHub Actions. Detects misconfigurations in OIDC trust policies and automatically fixes them via AI-generated Terraform pull requests.

Quick Start

Free GitHub Action: https://github.com/marketplace/actions/trustfix-oidc-security-scanner

Full dashboard + AI remediation: https://trustfix.dev

What It Detects

  • Missing sub condition (any repo in org can assume your production role)
  • Overly broad StringLike patterns in trust policies
  • StringLike where StringEquals should be used
  • Missing aud claim validation
  • Wildcard Principal: "*" in IAM trust policies
  • Unused IAM roles (90+ day inactivity)
  • 6 types of GitHub Actions workflow misconfigurations

How It Works

  1. Install free GitHub Action → scans every PR for OIDC misconfigs
  2. Connect AWS account → maps every IAM role to every workflow that can assume it
  3. Click "Generate Fix PR" → Claude AI generates precise Terraform rewrite
  4. Review and merge → finding closes automatically

Pricing

Detection: Free forever AI Fix PRs: $499/month (Pro), $799/month (Team)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for vikavilabs from gravatar.com vikavilabs

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Vijaybhasker Pagidoju
  • Tags oidc , aws , iam , security , github-actions , terraform , devsecops
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

1.0.3

1.0.2

1.0.1

1.0.0

This version

0.1.1

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

trustfix-0.1.1.tar.gz (2.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

trustfix-0.1.1-py3-none-any.whl (2.2 kB view details)

Uploaded Python 3

File details

Details for the file trustfix-0.1.1.tar.gz.

File metadata

  • Download URL: trustfix-0.1.1.tar.gz
  • Upload date:
  • Size: 2.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for trustfix-0.1.1.tar.gz
Algorithm Hash digest
SHA256 145de4591265990d23f7cffed84261b009588bdcbb6f1171f96ef5b6c23c8e5c
MD5 44df3981d8f1484ab2dcb73e95f2886d
BLAKE2b-256 66ffabcc7961917e16c41fae0d08d1eab554e31d8d02122029b0bb40ff1b91d8

See more details on using hashes here.

File details

Details for the file trustfix-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: trustfix-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 2.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for trustfix-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 93c2752a4853bb9c6e8f53562dbf652ef4c30518826e41a3faed1ed5529fd1d1
MD5 2a3029368df858df1d3c1aa4e9fa6f49
BLAKE2b-256 b85dff58eabb5d867d058a805e817f690b2eb71e35fabdafc4bca570bb97f2a9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page