trustfix 1.0.3

Non-Human Identity Security Platform — detect OIDC trust policy misconfigurations, validate fixes with a 6-layer Policy Intelligence Engine, and auto-generate Terraform PRs.

TrustFix — Non-Human Identity Security Platform

Secure Every Non-Human Identity in Your Cloud.

TrustFix detects OIDC trust policy misconfigurations, validates fixes with a 6-layer Policy Intelligence Engine, and auto-generates Terraform PRs — so your CI/CD pipelines never have more access than they need.

Starting with GitHub Actions + AWS. GitLab CI, Azure AD, and GCP Workload Identity coming Q3-Q4 2026.

Quick Start

• Platform: trustfix.dev
• Free GitHub Action: GitHub Marketplace
• CLI: npx oidc-audit scan

What It Detects — 10 Finding Types

Finding	Severity
Missing sub condition — any repo can assume your role	CRITICAL
Overly broad wildcard trust (StringLike)	HIGH
Fork PR risk (hardcoded ARN + pull_request trigger)	HIGH
Wildcard environment	HIGH
Missing audience (aud) condition	HIGH
Expired OIDC provider	MEDIUM
Overprivileged CI/CD role	HIGH
Admin access in CI/CD role	CRITICAL
AI agent overprivileged role	CRITICAL
AI agent missing scope condition	HIGH

Research

We scanned 10,000 public GitHub repositories and 54,767 workflows:

• 80.7% still use static AWS credentials
• 743 repos are critically vulnerable
• Only 13.9% use GitHub environment protection
• Named repos include pytorch, supabase, botpress, and AWS's own karpenter

Full report: trustfix.dev/blog/static-credentials-2026

The NHI Security Platform for DevSecOps

Detect, validate, and auto-remediate trust policy misconfigurations across CI/CD pipelines and cloud providers.

How It Works:

1. Install free GitHub Action → scans every PR
2. Connect AWS account → maps IAM roles to workflows
3. View findings with severity ratings
4. AI generates validated Terraform fix with TrustFix Confidence Score™ (Pro/Team/Enterprise)

Policy Intelligence Engine™ — every fix validated before it reaches your repo:

• Code-aware generation matches your existing Terraform patterns
• Structural verification ensures fix compatibility with your infrastructure
• Proprietary security rules built from production IAM experience
• Mathematically proves access was narrowed, never widened
• Cross-model adversarial review catches edge cases (Team & Enterprise)
• TrustFix Confidence Score™ (0-100) in every PR

NHI Security at Every Scale

Feature	Free	Pro ($499/mo)	Team ($799/mo)	Enterprise
AWS accounts	1	5	15	Custom
GitHub repo connects	—	10	25	Custom
Scanning	Initial + CLI	On-demand	On-demand	On-demand
Finding types	All	All	All	All
AI fix credits	—	50/month	200/month	Custom
TrustFix Confidence Score™	—	Up to 80/100	Up to 100/100	Up to 100/100
Validation layers	—	5 of 6	All 6	All 6
Adversarial review	—	—	✓	✓
SOC2 CC6 export	—	—	✓	✓
SSO / SAML	—	—	—	✓
Support	Community	Email	Slack	Dedicated

TrustFix vs. NHI & IAM Security Tools

Feature	TrustFix	IAM Access Analyzer	Checkov / Trivy	Astrix / Oasis
OIDC-specific detection	✓ (10 types)	Partial	~1 (buggy)	—
Terraform fix generation	✓	—	—	—
TrustFix Confidence Score™	✓	—	—	—
Multi-provider roadmap	✓	—	—	—
Free tier	✓	✓	✓	—

Links

• trustfix.dev
• Blog
• GitHub Marketplace
• npm: oidc-audit
• Docs
• Enterprise: security@trustfix.dev

© 2026 Vikavi Security LLC. All rights reserved.