StackSage — AWS Audit in GitHub Actions – Privacy-first AWS audit tool running locally in GitHub Actions

Summary: StackSage performs AWS waste and security audits within GitHub Actions without sending credentials to external services. It generates summary, HTML, JSON, and CSV reports using real CloudWatch metrics and customer-controlled read-only IAM roles, ensuring data privacy and actionable findings.

What it does

StackSage runs AWS cost and security posture audits in a GitHub Actions runner, detecting EC2 and EBS waste alongside security gaps like root MFA and public S3 exposure. It produces local artifacts including a concise summary and detailed reports, separating financial and security findings with transparent data provenance.

Who it's for

It is designed for teams seeking trustworthy, privacy-conscious AWS audits that avoid noisy or invasive third-party tools and provide clear, evidence-based insights without sharing credentials or exporting billing data.

Why it matters

StackSage addresses the common issue of ignored or distrusted AWS audit reports by delivering focused, defensible findings within the customer’s environment, reducing cloud spend waste and improving security posture without compromising data privacy.