← Back to Directory

cfn_nag

The premium Open Source alternative to Snyk IaC

🎯 Best for:AWS-centric teams needing deep CloudFormation security linting
Visit WebsiteCompare with Snyk IaC
1.3k
Stars
MITLicense

What is cfn_nag?

A specialized linting tool that identifies insecure patterns in AWS CloudFormation templates. It scans for overly permissive IAM policies and unencrypted resources before deployment.

Tech Stack
RubyInfrastructure & Cloud

Why cfn_nag?

  • Deep IAM policy analysis
  • Easy CI/CD integration
  • Extensible via Ruby

Limitations

  • CloudFormation only
  • Requires Ruby runtime
  • High false-positive rate
2/17/2026
Last Update
209
Forks
84
Issues
MIT
License
Financial Leak Detected

Stop the "SaaS Tax"

Your team could be burning cash. Switching to cfn_nag instantly boosts your runway.

Competitor Cost
-$1,440
/ year (est. based on Snyk IaC)
Self-Hosted
$0
/ year
Team Size10 Users
150+
Launch Detailed Calculator
SAVE 100%

Community Discussion

Comments