AWS CDK Security & Cost AnalysisUse Cases by Team

Security teams use CDK Insights to strengthen CDK security across all projects in their organization. With 100+ built-in rules covering IAM, S3, RDS, VPC, and more, the static analysis engine catches common misconfigurations like overly permissive IAM policies, unencrypted storage, and publicly accessible resources. Every finding includes a severity classification and specific remediation guidance, so developers know exactly what to fix and why it matters. Because analysis runs locally by default, your infrastructure code never leaves your machine.

• 100+ rules covering 35 AWS services
• Findings grouped by severity with remediation steps
• Local-first analysis keeps your code on your machine
• Filter rules by service or severity to focus reviews

Enterprise organizations need more than ad-hoc scanning. CDK Insights provides team management so you can onboard your entire engineering org, assign subscription licenses to individual seats, and track scan activity across teams. The enterprise dashboard shows finding trends over time, helping you demonstrate compliance improvements during audits. Shared configurations let you standardize rule sets and severity thresholds across projects, so every team follows the same standards without manual coordination.

• Team management with seat-based licensing
• Enterprise dashboard with scan history and trends
• Shared configurations for consistent standards
• CSV export for audit documentation

Small teams move fast, and CDK Insights is built to keep up. Static analysis is free forever — no account required, just `npm install cdk-insights`. Sign up for a free account to add 500 AI credits per month on top. As your team grows, upgrade to Pro for 5,000 AI credits/month or Team for collaboration features. The GitHub Action takes five minutes to set up and runs on every PR, so security checks happen automatically without slowing down your workflow or requiring a dedicated security engineer.

• Free static analysis with no sign-up required
• npx cdk-insights scan works instantly in any project
• GitHub Action setup in under five minutes
• Upgrade to AI recommendations when you need deeper analysis

DevOps engineers integrate CDK Insights into their CI/CD pipelines to create automated quality gates for infrastructure changes. As a CDK tool built for pipeline workflows, the GitHub Action posts analysis summaries directly on pull requests, so reviewers see infrastructure findings alongside code diffs. Configure fail-on thresholds to block merges when critical or high-severity issues are found. SARIF output feeds into GitHub Code Scanning for centralized vulnerability tracking. For teams using other CI systems, the CLI supports JSON output that works with any pipeline tool. See all available integrations on the integrations page.

• GitHub Action with PR comments and quality gates
• SARIF output for GitHub Code Scanning integration
• Configurable severity thresholds for merge blocking
• JSON output for integration with any CI/CD system