PolicyDrift

PolicyDrift is a web app (with optional CLI) that continuously detects and fixes cloud security “drift” across AWS, Azure, and GCP—when real-world settings diverge from your approved baseline. Instead of dumping endless findings like most CSPM tools, it focuses on a narrow, high-impact set of controls (public exposure, IAM privilege creep, encryption off, logging gaps, risky network paths) and turns them into actionable, low-noise remediation plans. It connects to your cloud accounts read-only first, builds an inventory, maps resources to policies, and flags changes introduced by humans, CI/CD, or third-party tools. For teams that allow it, it can open pull requests to IaC repos (Terraform/CloudFormation/Bicep) or generate one-click rollback scripts with approvals. It also produces auditor-friendly evidence packs showing what changed, when, by whom, and how it was corrected.