ArchGuard

ArchGuard is a web app + CI/CD integration that turns security architecture requirements into automated, auditable gates. Teams define “architecture rules” (e.g., no public S3 buckets, all services behind WAF, mTLS required between namespaces, secrets only via vault, least-privilege IAM) and ArchGuard continuously validates them against IaC and cloud configs. It ingests Terraform/CloudFormation/Kubernetes manifests and cloud inventory, maps resources into an architecture graph, and flags violations with fix guidance and PR annotations. It also generates lightweight architecture decision records (ADRs) and evidence packs for audits (SOC 2/ISO 27001) without the usual spreadsheet chaos. This is not a replacement for Wiz/Palo Alto/Prisma; it’s a focused “security architecture policy layer” that security teams can actually maintain and developers can’t accidentally bypass. Expect some false positives early; the value is in consistent enforcement and traceable exceptions.