MCPcopy Index your code
hub / github.com/snyk/driftctl

github.com/snyk/driftctl @v0.40.0 sqlite

repository ↗ · DeepWiki ↗ · release v0.40.0 ↗
10,183 symbols 37,895 edges 1,171 files 7,164 documented · 70%
README

This project is now in maintenance mode. We cannot promise to review contributions. Please feel free to fork the project to apply any changes you might want to make.

driftctl

Measures infrastructure as code coverage, and tracks infrastructure drift.

IaC: Terraform. Cloud providers: AWS, GitHub, Azure, GCP.

:warning: This tool is still in beta state and will evolve in the future with potential breaking changes :warning:

Packaging status

Packaging status

Why driftctl ?

Infrastructure drift is a blind spot and a source of potential security issues. Drift can have multiple causes: from team members creating or updating infrastructure through the web console without backporting changes to Terraform, to unexpected actions from authenticated apps and services.

You can't efficiently improve what you don't track. We track coverage for unit tests, why not infrastructure as code coverage?

Spot discrepancies as they happen: driftctl is a free and open-source CLI that warns of infrastructure drifts and fills in the missing piece in your DevSecOps toolbox.

Features

  • Scan cloud provider and map resources with IaC code
  • Analyze diffs, and warn about drift and unwanted unmanaged resources
  • Allow users to ignore resources
  • Multiple output formats

Links

Documentation

Installation

Discord

Contribute

To learn more about compiling driftctl and contributing, please refer to the contribution guidelines and the contributing guide for technical details.

This project follows the all-contributors specification and is brought to you by these awesome contributors.

Build with ❤️️ from 🇫🇷 🇬🇧 🇯🇵 🇬🇷 🇸🇪 🇺🇸 🇷🇪 🇨🇦 🇮🇱 🇩🇪

Security notice

All Terraform state and Terraform files in this repository are for unit test purposes only. No running code attempts to access these resources (except to create and destroy them, in the case of acceptance tests). They are just opaque strings.

Extension points exported contracts — how you extend this code

Supplier (Interface)
Supplier supply the list of resource.Resource, it's the main interface to retrieve remote resources [7 implementers]
enumeration/resource/supplier.go
Middleware (Interface)
(no doc) [50 implementers]
pkg/middlewares/middlewares.go
Enumerator (Interface)
(no doc) [161 implementers]
enumeration/enum.go
ELBRepository (Interface)
(no doc) [6 implementers]
enumeration/remote/aws/repository/elb_repository.go
Alert (Interface)
(no doc) [8 implementers]
enumeration/alerter/alert.go
IaCSupplier (Interface)
IaCSupplier supply the list of resource.Resource, it's the main interface to retrieve state resources [3 implementers]
pkg/resource/supplier.go
StateEnumerator (Interface)
(no doc) [4 implementers]
pkg/iac/terraform/state/enumerator/state_enumerator.go
Output (Interface)
(no doc) [4 implementers]
pkg/cmd/scan/output/output.go

Core symbols most depended-on inside this repo

Get
called by 33726
pkg/memstore/bucket.go
Error
called by 4687
test/aws/mock_FakeRequestFailure.go
String
called by 1526
enumeration/remote/error/errors.go
Equal
called by 1191
enumeration/resource/resource.go
Get
called by 1044
enumeration/remote/cache/cache.go
ResourceType
called by 485
enumeration/diagnostic/diagnostic.go
Len
called by 481
enumeration/remote/cache/cache.go
ResourceId
called by 457
enumeration/resource/resource.go

Shape

Method 8,098
Function 1,310
Struct 539
Interface 223
TypeAlias 12
FuncType 1

Languages

Go100%

Modules by API surface

test/aws/mock_FakeEC2.go1,940 symbols
test/aws/mock_FakeIAM.go540 symbols
test/aws/mock_FakeRDS.go497 symbols
test/aws/mock_FakeApiGateway.go388 symbols
test/aws/mock_FakeS3.go313 symbols
test/aws/mock_FakeCloudFront.go312 symbols
test/aws/mock_FakeCloudformation.go250 symbols
test/aws/mock_FakeElastiCache.go241 symbols
test/aws/mock_FakeRoute53.go230 symbols
test/aws/mock_FakeLambda.go225 symbols
test/aws/mock_FakeApiGatewayV2.go220 symbols
test/aws/mock_FakeAutoscaling.go209 symbols

Dependencies from manifests, versioned

cloud.google.com/gov0.110.0 · 1×
cloud.google.com/go/accesscontextmanagerv1.7.0 · 1×
cloud.google.com/go/assetv1.13.0 · 1×
cloud.google.com/go/computev1.19.1 · 1×
cloud.google.com/go/compute/metadatav0.2.3 · 1×
cloud.google.com/go/longrunningv0.4.1 · 1×
cloud.google.com/go/orgpolicyv1.10.0 · 1×
cloud.google.com/go/osconfigv1.11.0 · 1×
cloud.google.com/go/storagev1.29.0 · 1×
github.com/Azure/azure-sdk-for-gov59.0.0+incompatible · 1×
github.com/Azure/azure-sdk-for-go/sdk/azcorev0.20.0 · 1×

For agents

$ claude mcp add driftctl \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact