Use Cases

Security teams use CDK Insights to enforce baseline standards across all CDK projects in their organization. With 280+ built-in rules covering IAM, S3, RDS, VPC, and more, the static analysis engine catches common misconfigurations like overly permissive IAM policies, unencrypted storage, and publicly accessible resources. Every finding includes a severity classification and specific remediation guidance, so developers know exactly what to fix and why it matters. Because analysis runs locally by default, your infrastructure code never leaves your machine.

• 280+ rules covering 25+ AWS services
• Findings grouped by severity with remediation steps
• Local-first analysis keeps your code on your machine
• Filter rules by service or severity to focus reviews

Enterprise organizations need more than ad-hoc scanning. CDK Insights provides team management so you can onboard your entire engineering org, assign subscription licenses to individual seats, and track scan activity across teams. The enterprise dashboard shows finding trends over time, helping you demonstrate compliance improvements during audits. Shared configurations let you standardize rule sets and severity thresholds across projects, so every team follows the same standards without manual coordination.

• Team management with seat-based licensing
• Enterprise dashboard with scan history and trends
• Shared configurations for consistent standards
• CSV export for audit documentation

Small teams move fast, and CDK Insights is built to keep up. Static analysis is free forever with no account required. Run npx cdk-insights scan in any CDK project to get a full report in seconds. As your team grows, add AI-powered recommendations for deeper analysis and contextual suggestions. The GitHub Action takes five minutes to set up and runs on every PR, so security checks happen automatically without slowing down your workflow or requiring a dedicated security engineer.

• Free static analysis with no sign-up required
• npx cdk-insights scan works instantly in any project
• GitHub Action setup in under five minutes
• Upgrade to AI recommendations when you need deeper analysis

DevOps engineers integrate CDK Insights into their CI/CD pipelines to create automated quality gates for infrastructure changes. The GitHub Action posts analysis summaries directly on pull requests, so reviewers see infrastructure findings alongside code diffs. Configure fail-on thresholds to block merges when critical or high-severity issues are found. SARIF output feeds into GitHub Code Scanning for centralized vulnerability tracking. For teams using other CI systems, the CLI supports JSON output that works with any pipeline tool.

• GitHub Action with PR comments and quality gates
• SARIF output for GitHub Code Scanning integration
• Configurable severity thresholds for merge blocking
• JSON output for integration with any CI/CD system