tryterracotta-com

We use cookies for analytics and to improve your experience. See our Cookie Policy for details. Reject Accept --- Pricing Free for developers. Built for platform teams. Developers get smart PR reviews at no cost. Platform teams get the full command center at $49/seat. Only charged when someone authors their first PR. Invite your whole team risk free. Monthly Annual Save 32%Only charged when a developer authors their first PR. Invite your whole team. Billing activates on usage.CommunityFreeNo credit card requiredFor small teams getting started.50 public repo PRs1 private repo (20 PRs/mo)Up to 5 seatsTerraform summary & code reviewAI-powered drift detection (1 repo)Basic support Connect your repos free Platform$49per engineer / monthFor platform engineering teams managing Terraform at scale.All Free features plus:Unlimited public & private PRsUnlimited seatsUnlimited drift reposAll check types (cost, guardrails, IAM, tags, blast radius)Slack integrationPriority support Upgrade to Platform →EnterpriseCustomTalk to salesSOC2 + HIPAA compliant. BYOC available. For regulated enterprises.All Platform features plus:Self-hosted option (BYOC)SSO & SAML authenticationAudit logging & traceabilityBiweekly check-insDedicated Slack/Teams channelOnboarding & integration assistanceFeature request prioritizationEarly access to beta featuresCustom integrations (HCP, CircleCI, etc.)Premium SLAFine-grain access control Contact Sales Compare plansFeature breakdownFeatureFreePlatformEnterprisePublic repo PRs50UnlimitedUnlimitedPrivate repos1UnlimitedUnlimitedSeats5UnlimitedUnlimitedTF/K8s summary & code reviewSimulated plan reviewCost analysis—Drift detection1 repoUnlimitedUnlimitedGuardrail enforcement—IAM security analysis—Blast radius analysis—Command center dashboard—Slack integration—SSO / SAML / OIDC——SCIM provisioning——Audit logging——Self-hosted / VPC deployment——Dedicated support channel——Premium SLA——Custom integrations——FAQFrequently asked questionsWhen does billing start?What counts as a "seat"?Can I try Platform features before upgrading?What's the difference between monthly and annual billing?Do you offer discounts for startups or open-source teams?What does Enterprise pricing look like?Can I switch plans at any time?Is there a contract for Platform plans?Start reviewing infrastructure PRs today.Free for developers. No credit card required. Connect your repos in two minutes and get your first review on the next PR. Connect your repos free → Talk to sales We use cookies for analytics and to improve your experience. See our Cookie Policy for details. Reject Accept --- PlatformEvery IaC change reviewed. Every risk caught. Before merge.Developers get instant answers in the PR. Platform teams get fleet-wide visibility. Both sides ship faster, with fewer incidents and lower costs. Connect your repos free → See it in action PR ReviewCommand CenterTerracottabotjust nowDetected changes in your Terraform project. Running the following analyses:✓Terraform Simulated Plan ReviewEnforced✓Terraform Code ReviewEnforced✓Terraform Cost CheckAdvisory✓Terraform Drift CheckEnforced✓Terraform Guardrail Violation CheckAdvisory✓IAM Security AnalysisEnforcedTerraform Changes Summary2m agoThe patch adds an aws_instance.web with t3.large instance type, a 200GB gp3 root volume with high IOPS, a new aws_ebs_volume.web_data (500GB), and an aws_eip.web_eip Elastic IP. The aws_dynamodb_table.example switches from PAY_PER_REQUEST to PROVISIONED billing. Several changes increase the cost baseline.Simulated Plan Report2m agoPlan analyzed 11 resources (11 create, 0 update, 0 delete). Detected 4 issues.🔴HighSG allows SSH from 0.0.0.0/0aws_security_group.ec2_sg · Restrict ingress to trusted IPsGenerate Runbook🟠MediumEBS volume without encryptionaws_ebs_volume.web_data · Add encrypted = trueGenerate Runbook🟠MediumPublic route 0.0.0.0/0aws_route_table.public · Confirm routing is intentionalGenerate RunbookCode Review2m agoReviewed 1 Terraform file (main.tf). Detected 5 issues.🟠Mediumt3.large may be oversizedmain.tf · instance_type = "t3.large" increases compute costGenerate Runbook🟠Medium200GB gp3 root volumemain.tf · High IOPS/throughput may be unnecessaryGenerate Runbook🟠MediumDynamoDB PROVISIONED billingmain.tf · read=200 write=100 incurs static capacity chargesGenerate RunbookCost Analysis+$458/moaws_instance.web (t3.large)+$196/moaws_ebs_volume.web_data+$142/moaws_dynamodb_table.example+$112/moaws_eip.web_eip+$8/moCheck RunsPlanReviewCostSecurityGuardrailDriftIAMPull Requests421Needs reviewAdd RDS read replica2C 1Hacme/infra #312 · +$458/moResize ECS cluster3H 2Macme/platform #89 · +$820/moOpen & passingUpdate IAM policiesacme/core #247Add CloudWatch alarmsacme/data #156Fix VPC peering routesacme/net #78$24.8kBaseline/mo$312kAnnual+2.1%WeeklyBeaconAIWhich PRs have cost impact?AI2 PRs increase cost: #312 adds $458/mo (RDS replica), #89 adds $820/mo (ECS resize).Any drift issues?AI7 active drift items. 3 share a root cause: manual SG edits in us-east-1.Ask Beacon...In the pull requestEvery PR ships with proof it's safe to merge.Terracotta posts a structured comment on every Terraform, Kubernetes, and Terragrunt PR. Cost estimates, drift context, security findings, blast radius, guardrail enforcement, and module guidance. All in one place.PR ReviewReview Needed0 Critical2 High3 Medium1 LowPlan: +2 create · ~1 change · -1 destroyHIGHS3 bucket missing encryptionaws_s3_bucket.uploads · main.tf:42-455 of 6 checks passed: Plan · Security · Guardrail · IAM · Drift AI Code Review Structured analysis, not generic lintEvery PR gets a verdict with severity-rated findings, plan summaries, blast radius analysis, and individual check runs. Developers see exactly what needs attention and why.BeaconAdvisoryPR #312Why is this RDS change flagged? We need multi-AZ for compliance.AIMulti-AZ is enabled, correct for compliance. The flag is about the instance class upgrade from db.t3.medium to db.r6g.xlarge, increasing cost by $240/mo. The change itself is safe.What's the cost impact?Show blast radius Beacon Advisory Ask questions. Get answers. In context.Beacon is an AI advisory panel that knows your PR context: findings, cost data, drift, and plan output. Ask about any finding, get cost breakdowns, or request module recommendations with suggested prompts that adapt to what you're looking at.CRITICALBLOCKERS3 bucket publicly accessibleaws_s3_bucket.uploads · main.tf:18Fix ProposedAppliedmodules/storage/main.tfresource "aws_s3_bucket" "uploads" {+ block_public_acls = true+ block_public_policy = true+ restrict_public_buckets = true Auto-Fix Don't just flag it. Fix it.Terracotta generates fix proposals with full diffs for security findings and guardrail violations, then commits them directly to the PR branch. Your team reviews a solution, not a problem.Check Runstc/plansuccesstc/review2H3M·failuretc/costblocked · +$458/motc/securitysuccesstc/guardrailsuccesstc/drift2 drifted Merge Control Six independent checks. You pick which ones block merge.Terracotta reports individual check runs for plan, review, security, cost, drift, and guardrails, each with its own conclusion and finding counts. Configure which checks can block merge per repo. Works with GitHub branch protection and GitLab merge request approvals.Command centerThe infrastructure answers your CTO keeps asking for — always ready.Stop piecing together infrastructure state from Slack threads, plan outputs, and spreadsheets. Terracotta gives platform teams a single view of cost trends, drift posture, security findings, and PR activity across every repo.4 passing2 needs review1 criticalNeeds reviewAdd RDS read replica2C 1Hacme/infra #312 · +2 ~1 -0 · cost +$458/moResize ECS cluster3H 2Macme/platform #89 · +0 ~4 -0 · cost +$820/moOpen & passingUpdate IAM policiesacme/core #247Add CloudWatch alarmsacme/data #156 Pull Requests Every open PR, triaged by severitySee all open infrastructure PRs across every repo with verdict status, severity counts, plan changes, and cost delta. Critical findings and high-cost changes surface first. Fleet-wide summary badges show your infrastructure posture at a glance.7Active Drift3C · 4H3Acknowledged41Resolved (30d)avg 4.2d142 unchanged · 7 drifted · 2 missing · 155 checkedAI3 active drift items share a root cause: manual security group edits in us-east-1. Consider importing the console changes.View affected resourcesGenerate fix Drift Posture Coverage bars, severity breakdowns, and AI root cause analysisTrack active, acknowledged, and resolved drift across every repo with visual coverage bars showing unchanged vs. drifted vs. missing resources. AI narratives group findings by root cause and generate suggested next steps.$24.8kBaseline/mo$312kAnnual+2.1%Weekly trend5 PRs increasing+$850/mo2 PRs saving-$320/moNet delta+$530/moCost increases#89 Resize ECS cluster+$720/mo#312 Add RDS replica+$458/mo Cost Intelligence Fleet-wide cost posture with trend trackingSee baseline monthly cost, annual projections, and weekly trends. PRs are grouped by cost increases and savings, with net delta summary. AI-generated insights highlight the biggest cost drivers across your estate.Patterns42 total3 growingP0SecurityHardcoded secrets12 findings · 4 reposGrowingP1ComplianceMissing tags34 findings · 8 reposShrinkingStandardsRequire encryption at restGlobalEnabledTag all resources3 reposEnabledNo public S3 bucketsGlobalEnabled Patterns & Standards Spot trends and enforce guardrails fleet-widePatterns automatically classify recurring findings by tier (P0/P1/P2), category, and trend, with weekly sparklines showing whether they're growing or shrinking. Standards let you define custom guardrails enforced on every PR, with scope control per repo or globally.Works with your stackFull coverage across every IaC framework your team uses.Terracotta analyzes infrastructure changes across the IaC tools your team already uses. Every framework gets the same deep analysis: cost, drift, security, and blast radius.TerraformFull supportKubernetesFull supportTerragruntFull supportOpenTofuFull supportPulumiComing soonHelmComing soonGitHubGitLabAWSGCPSlackEnterpriseEnterprise-grade security so your compliance team says yes on day one.SOC 2 Type II certified, HIPAA compliant, with SSO, audit logging, and self-hosted deployment options. Everything your security and compliance teams need to say yes.SOC 2 Type II & HIPAAIndependently audited controls for security, availability, and confidentiality. HIPAA BAA available for healthcare infrastructure teams.SSO & SAMLSingle sign-on with your identity provider. SAML 2.0 and OIDC support for Okta, Azure AD, Google Workspace, and more.Self-Hosted & VPCDeploy Terracotta in your own cloud account. Your code never leaves your network. Available on AWS, GCP, and Azure.Audit LoggingEvery action logged with user, timestamp, and context. Export to your SIEM. Full traceability for compliance audits.Data PrivacyEphemeral clones deleted after analysis. No code stored. No training on your data. AES-256 at rest, TLS 1.3 in transit.Dedicated SupportPrivate Slack channel, biweekly check-ins, onboarding assistance, and feature request prioritization. Premium SLA included. Learn more about Enterprise →Explore furtherDocs: Getting Started Guide →Blog: Anatomy of an AI-Powered Review →See Terracotta on your own repos.Connect in two minutes. Every IaC PR gets a full review immediately. The command center populates as your team ships. Connect your repos free → Talk to our team No credit card required. We use cookies for analytics and to improve your experience. See our Cookie Policy for details. Reject Accept --- Next →Why Terracotta AI? We use cookies for analytics and to improve your experience. See our Cookie Policy for details. Reject Accept