AI-powered infrastructure compliance, drift detection, and auto-diagramming — as a single pipeline step.
DriftOps drops into any CI/CD pipeline as a single step and gives your infrastructure a brain:
| Stage | What happens |
|---|---|
| 🔍 Scan | Reads your Terraform / ARM / Bicep / CDK on every push |
| 📸 Snapshot | Captures infrastructure state, stores it |
| 🔄 Diff | Compares to prior state — what changed, what drifted |
| 🏛️ Comply | AI benchmarks every resource against NIST 800-53 + CIS |
| 📊 Diagram | Auto-generates L1–L4 architecture diagrams |
| 🚦 Gate | Blocks the deploy if critical violations found |
| 💬 Report | Posts AI-written summary to PR as a comment |
Add this to your GitHub Actions workflow:
- name: DriftOps Scan
uses: driftops-dev/driftops@v1
with:
iac_path: './terraform'
compliance_level: 'nist-800-53'
enforce: false # set true to block on violations
env:
DRIFTOPS_TOKEN: ${{ secrets.DRIFTOPS_TOKEN }}- CI/CD: GitHub Actions / Azure DevOps
- Frontend: Cloudflare Pages (React)
- Backend: Cloudflare Workers
- Database: Supabase (Postgres)
- Auth: Supabase Auth
- AI: Groq (free tier) → Claude Haiku at scale
- SSL + Firewall: Cloudflare
Cost to run: $0/month at POC scale.
driftops/
├── action/ # GitHub Action + ADO Extension
├── dashboard/ # Cloudflare Pages frontend
├── worker/ # Cloudflare Worker API
├── supabase/ # Database schema + migrations
└── docs/ # Documentation
- Repo scaffold
- Terraform scanner
- State diff engine
- AI compliance mapping (NIST 800-53)
- GitHub Action packaging
- Dashboard (compliance score + drift timeline)
- Auto-diagram generation (L1–L4)
- Azure DevOps extension
- Enforce / auto-remediation mode
- CIS Benchmark support
- SOC2 mapping
MIT