Facebook Pixel

Introducing BrainIAC

BrainIAC uses static code analysis to analyze IAC code to detect security issues before deployment. This tool can scan for issues like security policy misconfigurations, insecure cloud-based services, and compliance issues. The BrainIAC tool performs a comprehensive code scan and generates reports containing detailed insights into the identified issues.

Scans IAC files for misconfiguration

Converts between formats such as JSON and Table brainiac own format

Works with major platforms

Scans a target directory to fill in multiple results

Has hundreds of pre-defined rules

Provides a comprehensive index of Kubernetes policies.

Prevent specific workloads from deploying in the cluster.

  • Finds vulnerabilities with static code analysis.
  • Scans for misconfiguration and compliance issues.
  • Generates detailed reports.

Coming Soon Platforms

In the future, BrainIAC will be on more platforms.

  • Terraform(AWS, Azure, and etc.)
  • Docker
  • CloudFormation
  • ARM Template Files

Supported Installation OS

BrainIAC currently supports the following operating systems:


BrainIAC is compatible with Windows OS and is optimized for amd64 architecture. It can be run on Windows machines to protect your IaC files from a variety of potential threats.


With support for both arm64 and amd64 architectures, BrainIAC effectively scans and analyzes your IaC files on Mac


BrainIAC provides comprehensive IaC analysis and supports amd64, arm64, ppc64le, and s390x on Linux.

Installation Guide

Supercharge the security of your IaC files. Get ready to elevate your defenses by installing BrainIAC, the latest open-source security scanning analysis tool available in the market!


curl -sSfL https://raw.githubusercontent.com/carbonetes/brainiac/main/install.sh | sh -s -- -d /usr/local/bin

You can specify a release version and destination directory for the installation:

curl -sSfL https://raw.githubusercontent.com/carbonetes/brainiac/main/install.sh | sh -s -- -d <DESTINATION_DIR> -v <RELEASE_VERSION>

Getting Started

You can specify a release version and destination directory for the installation:

brainiac -f <file>

Scan multiple file in a directory

brainiac -d .

Using Docker

docker pull carbonetes/brainiac

Scan a directory

docker run -t -v {path_to_host_folder}:/tmpPath carbonetes/brainiac:latest -d /tmpPath

Scan a single file

docker run -t -v {path_to_host_folder}:/tmpPath carbonetes/brainiac:latest -f /path/{filename}.{extension}

Available Commands and their flags with description:

Brainiac [flag]
Root FlagsDescription
-f --fileFile to scan
-d -dirRead directly from a path on disk (any directory) (e.g. 'brainiac -d path/to/dir)' (can not be used together with --file).
-o --outputFormat to display results (table, json) (default "table")
-v --versionPrint BrainIAC version

Output Formats

The output format for BrainIAC is configurable as well using the -o (or ‐‐output ) option:

The available formats are: 

  • table : A Tabular summary (default).
  • json : Use this to get as much information out of BrainIAC.

Get started with BrainIAC

Skip to content