SCAN → FIX → PROVE
Read-only access to your cloud. Results in minutes. Evidence you own.
Scan
Grant read-only access to your cloud account. Kloudle syncs your resource inventory and runs 1,800+ security checks. Full results in 5–25 minutes depending on account size.
- Read-only IAM role — no write access needed
- Non-disruptive — no agents on your infrastructure
Fix
Every misconfiguration comes with severity, business impact, and step-by-step remediation. Pitfalls mentioned so you know what can break. Fix with confidence, not guesswork.
- Severity ratings mapped to CIS, NIST, PCI-DSS
- Fix guides written by security engineers
Prove
Generate compliance reports from your own systems of record. Standard reports plus custom formats like Facebook DPA. Evidence you own, not evidence you reconstruct from a vendor dashboard.
- PDF + JSON + CSV exports
- Your evidence chain, your authority
Everything you need to secure your cloud
1,800+ SQL-based checks across 5 cloud providers. Scan from the dashboard, automate via CLI, or let your AI agents run the same engine through MCP. Sovereign or hosted — same capabilities.
Multi-Cloud Scanning
AWS (681 checks), GCP (338), Kubernetes (306), Azure (292), DigitalOcean (273). One engine covers all your infrastructure.
Remediation Guidance
Every finding comes with severity, business impact, step-by-step fix instructions, and pitfalls to watch for. Fix with confidence.
Compliance Reports
Standard and custom compliance reports — CIS, NIST, PCI-DSS, Facebook DPA. PDF, JSON, CSV. Generated from your systems of record.
Agent-Native
MCP server at mcp.kloudle.dev. 7 static binaries your agents download, verify, and run. Same checks as the dashboard — agents and humans share one engine.
CLI for Pipelines
kloudle-scan CLI with sync, check, and scan commands. Structured JSON output with exit codes (0=pass, 1=fail, 2=auth error). Built for CI/CD and agent steering.
Security Hardened
VPN-only access, 2FA everywhere, zero-touch production. We practice what we scan for.
What Works Today
The posture layer is in development. The engine under it is not — scan from the dashboard, automate via CLI, or let your agents run it over MCP.
Scan five clouds from one engine
1,800+ SQL checks across AWS, GCP, Azure, DigitalOcean, and Kubernetes. The checks are SQL you can read. No black-box scoring.
Evidence for your auditors, from your own database
Every scan writes issues to your PostgreSQL in one format. When your SOC 2 or PCI-DSS audit asks for proof, you query it. The evidence is already yours.
Your agents pick up remediation
Any MCP-compatible agent calls search() and get() and works issues with remediation steps included.
Continuous scanning, gated pipelines
Run from CI or cron. Exit codes do the gating: 0 pass, 1 issues found, 2 errors.
Put a Posture Layer in Your Factory
Self-serve signup is closing. Exclusive access opens issue gating across your MCP-connected apps — built on the 1,890 checks that run today.
Or explore Self-hosted deployment and Agent tools