LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.
Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.
StackQL is cloud infrastructure automation, asset management and inventory software which allows users to deploy, configure, interact, and inventory cloud infrastructure and SaaS resources using SQL. StackQL can be used for cost optimization, configuration drift, cloud compliance assurance, automated testing in CI/CD routines, as well as conventional Infrastructure-as-Code operations.
https://lnkd.in/gdNtVViT
updated anthropic providers for stackql, incl an anthropic_admin provider for organization and user management, usage and cost reports, rate limits, and Claude Code analytics #stackql#claude#anthropic
Watch a cloud cost leak get detected, proposed, reviewed and killed — the full loop, in a short clip. 👇
No agent installed in your estate. No long-lived cloud keys. No scanner vendor.
The only sensitive credential in the whole pipeline is an Anthropic API key. Every cloud identity is keyless OIDC — the rest of what you store are non-secret identifiers (role ARNs, tenant/subscription IDs), not keys.
You bootstrap that OIDC federation with a paste-run script in your own cloud console — no Terraform, no creds shipped (or hand your IAM team the exact read-only + scoped-write roles and let them stamp it). Nothing long-lived ever leaves GitHub.
And the full principal lifecycle is documented end-to-end: stand the OIDC identities up, and tear them back down. The teardown is dry-run-first and idempotent — you see exactly what it removes before anything happens.
Here's the loop you'll see in the clip:
🔎 An audit reads your control plane over OIDC and finds the waste (here: an unattached EBS volume).
🤖 An agent opens ONE pull request per finding — the exact SQL to fix it, plus a plain-English rationale.
🛫 A preflight check re-queries live state on the PR: "still true? safe to merge."
🚀 You merge. It applies over a scoped-write OIDC identity, then re-verifies the resource is actually gone.
Detection → suggestion → your call → applied → proven. Close cloud findings the way you ship code: one PR at a time.
You decide whether to action each suggestion. The AI proposes; you dispose.
It's a template repo — fork it, paste your Anthropic key, run the OIDC bootstrap script, and let it rip. The bundled checks are FinOps waste; the same PR-per-finding pattern is designed to extend to security posture and access.
👉 https://lnkd.in/gRkGz6RC
Questions? actions@stackql.io#FinOps#CloudSecurity#DevOps#OIDC#AWS#Azure#GCP#PlatformEngineering#AI#StackQL
Cloud audits tell you what's wrong.
SRE work starts when you have to fix it.
This demo shows an automated remediation workflow:
• Run a cloud audit on demand or on a schedule
• Findings are published as structured data
• Per-finding remediation pull requests are opened automatically
• A human reviews and approves the change
• The fix is merged and applied
• A post-apply check verifies the resource is gone
The interesting part isn't the audit.
The interesting part is the auto-generated remediation PR.
Instead of leaving engineers with a list of findings, the system proposes a concrete change that can be reviewed, discussed and merged through normal GitHub workflows.
The automation doesn't get production access.
Humans stay in control.
Powered by StackQL
https://stackql.ioauto@stackql.io#sre#devops#platformengineering#finops#cloud#githubactions#opensource
Free and open-source cross-cloud FinOps review from GitHub Actions.
This run audited:
* 17 AWS regions
* 20 GCP projects
* Azure subscriptions
using OIDC / federated identity only.
No cloud keys.
No agents.
No billing exports.
In this case it identified 14 unattached EBS volumes and produced remediation guidance in about two minutes.
Sample workflow:
https://lnkd.in/gVBd9rUv
🔍 Security-audit your entire cloud estate with SQL — live, straight from a GitHub Action.
We just shipped Deep Audit for the StackQL Cloud Audit Action.
Point it at an org and it descends the whole thing — GCP projects, AWS regions, Azure subscriptions, S3 buckets — then runs security checks across all of them.
No agents. No inventory database to maintain. Every check is a SQL query executed directly against the cloud control plane at run time, so you're auditing what the cloud looks like right now — not last night's snapshot.
Built for org-scale audits:
• One run, three clouds — AWS, Azure and GCP side by side
• Budget guardrails — cap nodes, queries or wall-clock time; if limits are hit, the run analyses partial results instead of stalling
• Streamed findings — results written incrementally, so even heavy rate-limiting still leaves you with a usable report
• Checks are just YAML — fork them, extend them, or write your own
And because it's a GitHub Action, kicking off a deep audit is one line in a workflow:
```
uses: stackql/stackql-audit-action/deep@v0.3
```
👇 30-second demo: workflow file → manual run → scrolling through findings.
Try it / fork it:
https://lnkd.in/gs2YMXKy
💬 This is the free open-source slice. We also support larger managed deployments with broader service coverage, custom policy packs, and estate-wide scheduled audits.
#CloudSecurity#DevSecOps#GitHubActions#AWS#Azure#GCP#SQL#StackQL#SecOps#InfrastructureAsCode#CSPM