TrustFix — Non-Human Identity Security Platform

Secure Every Non-Human Identity in Your Cloud.

TrustFix detects OIDC trust policy misconfigurations, validates fixes with a 6-layer Policy Intelligence Engine, and auto-generates Terraform PRs — so your CI/CD pipelines never have more access than they need.

Starting with GitHub Actions + AWS. GitLab CI, Azure AD, and GCP Workload Identity coming Q3-Q4 2026.

Quick Start

• Platform: trustfix.dev
• Free GitHub Action: GitHub Marketplace
• CLI: npx oidc-audit scan

What It Detects — 10 Finding Types

| Finding | Severity | |---------|----------| | Missing sub condition — any repo can assume your role | CRITICAL | | Overly broad wildcard trust (StringLike) | HIGH | | Fork PR risk (hardcoded ARN + pull_request trigger) | HIGH | | Wildcard environment | HIGH | | Missing audience (aud) condition | HIGH | | Expired OIDC provider | MEDIUM | | Overprivileged CI/CD role | HIGH | | Admin access in CI/CD role | CRITICAL | | AI agent overprivileged role | CRITICAL | | AI agent missing scope condition | HIGH |

Research

We scanned 10,000 public GitHub repositories and 54,767 workflows:

• 80.7% still use static AWS credentials
• 743 repos are critically vulnerable
• Only 13.9% use GitHub environment protection
• Named repos include pytorch, supabase, botpress, and AWS's own karpenter

Full report: trustfix.dev/blog/static-credentials-2026

The NHI Security Platform for DevSecOps

Detect, validate, and auto-remediate trust policy misconfigurations across CI/CD pipelines and cloud providers.

How It Works:

1. Install free GitHub Action → scans every PR
2. Connect AWS account → maps IAM roles to workflows
3. View findings with severity ratings
4. AI generates validated Terraform fix with TrustFix Confidence Score™ (Pro/Team/Enterprise)

Policy Intelligence Engine™ — every fix validated before it reaches your repo:

• Code-aware generation matches your existing Terraform patterns
• Structural verification ensures fix compatibility with your infrastructure
• Proprietary security rules built from production IAM experience
• Mathematically proves access was narrowed, never widened
• Cross-model adversarial review catches edge cases (Team & Enterprise)
• TrustFix Confidence Score™ (0-100) in every PR

NHI Security at Every Scale

| Feature | Free | Pro ($499/mo) | Team ($799/mo) | Enterprise | |---|---|---|---|---| | AWS accounts | 1 | 5 | 15 | Custom | | GitHub repo connects | — | 10 | 25 | Custom | | Scanning | Initial + CLI | On-demand | On-demand | On-demand | | Finding types | All | All | All | All | | AI fix credits | — | 50/month | 200/month | Custom | | TrustFix Confidence Score™ | — | Up to 80/100 | Up to 100/100 | Up to 100/100 | | Validation layers | — | 5 of 6 | All 6 | All 6 | | Adversarial review | — | — | ✓ | ✓ | | SOC2 CC6 export | — | — | ✓ | ✓ | | SSO / SAML | — | — | — | ✓ | | Support | Community | Email | Slack | Dedicated |

TrustFix vs. NHI & IAM Security Tools

| Feature | TrustFix | IAM Access Analyzer | Checkov / Trivy | Astrix / Oasis | |---------|----------|--------------------|-----------------| --------------| | OIDC-specific detection | ✓ (10 types) | Partial | ~1 (buggy) | — | | Terraform fix generation | ✓ | — | — | — | | TrustFix Confidence Score™ | ✓ | — | — | — | | Multi-provider roadmap | ✓ | — | — | — | | Free tier | ✓ | ✓ | ✓ | — |

Links

• trustfix.dev
• Blog
• GitHub Marketplace
• npm: oidc-audit
• Docs
• Enterprise: [email protected]

© 2026 Vikavi Security LLC. All rights reserved.