trustfix 1.0.1

Non-Human Identity Security Platform — detect OIDC trust policy misconfigurations, validate fixes with a 6-layer Policy Intelligence Engine, and auto-generate Terraform PRs.

TrustFix — Non-Human Identity Security Platform

Secure Every Non-Human Identity in Your Cloud.

TrustFix detects OIDC trust policy misconfigurations, validates fixes with a 6-layer Policy Intelligence Engine, and auto-generates Terraform PRs — so your CI/CD pipelines never have more access than they need.

Starting with GitHub Actions + AWS. GitLab CI, Azure AD, and GCP Workload Identity coming Q3-Q4 2026.

Quick Start

• Platform: trustfix.dev
• Free GitHub Action: GitHub Marketplace
• CLI: npx oidc-audit scan

What It Detects — 10 Finding Types

Finding	Severity
Missing sub condition — any repo can assume your role	CRITICAL
Overly broad wildcard trust (StringLike)	HIGH
Fork PR risk (hardcoded ARN + pull_request trigger)	HIGH
Wildcard environment	HIGH
Missing audience (aud) condition	HIGH
Expired OIDC provider	MEDIUM
Overprivileged CI/CD role	HIGH
Admin access in CI/CD role	CRITICAL
AI agent overprivileged role	CRITICAL
AI agent missing scope condition	HIGH

Research

We scanned 10,000 public GitHub repositories and 54,767 workflows:

• 80.7% still use static AWS credentials
• 743 repos are critically vulnerable
• Only 13.9% use GitHub environment protection
• Named repos include pytorch, supabase, botpress, and AWS's own karpenter

Full report: trustfix.dev/blog/static-credentials-2026

The NHI Security Platform for DevSecOps

Detect, validate, and auto-remediate trust policy misconfigurations across CI/CD pipelines and cloud providers.

How It Works:

1. Install free GitHub Action → scans every PR
2. Connect AWS account → maps IAM roles to workflows
3. View findings with severity ratings
4. AI generates validated Terraform fix with Confidence Score (Pro/Team)

Policy Intelligence Engine™ — every fix validated through 6 layers:

• Structural validation
• 150+ semantic contract assertions
• Permission delta (proves access was narrowed, not widened)
• Multi-model adversarial review (Team tier)
• TrustFix Confidence Score™ (0-100) in every PR

NHI Security at Every Scale

	Free	Pro ($499/mo)	Team ($799/mo)
Scanning	Unlimited	Unlimited	Unlimited
Finding types	10	10	10
AWS accounts	1	5	Unlimited
AI fix credits	—	50 credits/month	200 credits/month
Confidence Score	—	✓	✓
Adversarial review	—	—	✓
SOC2 CC6 evidence	—	—	✓

TrustFix vs. NHI & IAM Security Tools

Feature	TrustFix	IAM Access Analyzer	Checkov / Trivy	Astrix / Oasis
OIDC-specific detection	✓ (10 types)	Partial	~1 (buggy)	—
Terraform fix generation	✓	—	—	—
Confidence Score	✓	—	—	—
Multi-provider roadmap	✓	—	—	—
Free tier	✓	✓	✓	—

Links

• trustfix.dev
• Blog
• GitHub Marketplace
• npm: oidc-audit
• Docs

© 2026 Vikavi Security LLC. All rights reserved.