Automatically generate optimized Docker, Kubernetes, and cloud infrastructure configurations by analyzing your codebase.
Syncable IaC CLI analyzes your project and automatically generates production-ready infrastructure configurations. Supporting 260+ technologies across 5 major language ecosystems, it understands your stack and creates optimized IaC files tailored to your specific needs.
# Install (Cross-platform)
cargo install syncable-cli
# Windows users can also use:
# powershell -c "iwr -useb https://raw.githubusercontent.com/syncable-dev/syncable-cli/main/install.ps1 | iex"
# Analyze any project
sync-ctl analyze /path/to/your/project # Unix/Linux/macOS
sync-ctl analyze C:\path\to\your\project # Windows
# Check for vulnerabilities
sync-ctl vulnerabilities
# Run security analysis (multiple modes available)
sync-ctl security # Thorough scan (default)
sync-ctl security --mode lightning # Ultra-fast critical files only
sync-ctl security --mode paranoid # Most comprehensive scan
# Force update check (clears cache)
sync-ctl --clear-update-cache analyze .
# Get help with any command
sync-ctl --help # Show all available commands
sync-ctl analyze --help # Show analyze command options
sync-ctl security --help # Show security scanning options
sync-ctl vulnerabilities --help # Show vulnerability check optionsThat's it! The CLI will detect your languages, frameworks, dependencies, and provide detailed insights about your project structure. The tool includes smart update notifications to keep you on the latest version.
Syncable IaC CLI is like having a DevOps expert analyze your codebase:
- 📊 Analyzes - Detects languages, frameworks, dependencies, ports, and architecture patterns
- 🔍 Audits - Checks for security vulnerabilities and configuration issues
- 🚀 Generates - Creates optimized Dockerfiles, Compose files, and Terraform configs (coming soon)
$ sync-ctl analyze ./my-express-app
═══════════════════════════════════════════════════════════════════════════════════════════════════
📊 PROJECT ANALYSIS DASHBOARD
═══════════════════════════════════════════════════════════════════════════════════════════════════
┌─ Architecture Overview ──────────────────────────────────────────────────────┐
│ Type: Single Project │
│ Pattern: Fullstack │
│ Full-stack app with frontend/backend separation │
└──────────────────────────────────────────────────────────────────────────────┘
┌─ Technology Stack ───────────────────────────────────────────────────────────┐
│ Languages: JavaScript, TypeScript │
│ Frameworks: Express, React, Tailwind CSS │
│ Databases: PostgreSQL, Redis │
└──────────────────────────────────────────────────────────────────────────────┘- Multi-language support - JavaScript/TypeScript, Python, Rust, Go, Java/Kotlin
- 260+ technologies - From React to Spring Boot, Django to Actix-web
- Architecture detection - Monolithic, microservices, serverless, and more
- Monorepo support - Analyzes complex multi-project repositories
- 10-100x faster scanning - Rust-powered multi-pattern matching with smart file discovery
- 5 scan modes - From lightning-fast critical checks to comprehensive audits
- Smart gitignore analysis - Understands git status and provides risk assessments
- 260+ secret patterns - Detects API keys, tokens, certificates, and credentials
- Zero false positives - Advanced context-aware filtering excludes test data and documentation
- Dockerfile analysis - Understand existing Docker configurations
- Multi-stage detection - Identifies build optimization patterns
- Service mapping - Traces dependencies between containers
- Network topology - Visualizes service communication
- Intelligent caching - Checks every 2 hours when no update available
- Immediate notifications - Shows updates instantly when available
- Clear instructions - Provides multiple update methods with step-by-step guidance
- Zero-maintenance - Automatically keeps you informed of new releases
cargo install syncable-clicurl -sSL https://install.syncable.dev | sh# Download and run the PowerShell installer
iwr -useb https://raw.githubusercontent.com/syncable-dev/syncable-cli/main/install.ps1 | iex
# Or download first and run (safer)
Invoke-WebRequest -Uri https://raw.githubusercontent.com/syncable-dev/syncable-cli/main/install.ps1 -OutFile install.ps1
powershell -ExecutionPolicy Bypass -File install.ps1git clone https://github.com/syncable-dev/syncable-cli.git
cd syncable-cli
cargo install --path .Windows Users:
- Rust: Install from rustup.rs if you don't have it
- PATH: Cargo installs to
%USERPROFILE%\.cargo\bin- add to PATH if needed - Tools: Some security tools may require manual installation or package managers like Scoop/Chocolatey
Linux/macOS Users:
- Most security tools can be auto-installed via the installer script
- Tools are installed to
~/.local/binwhich may need to be added to your PATH
# Analyze with different display formats
sync-ctl analyze # Matrix view (default)
sync-ctl analyze --display detailed # Detailed view
sync-ctl analyze --json # JSON output
# Vulnerabilities analysis
sync-ctl vulnerabilities # Dependency vulnerability scan
# Security analysis with turbo engine (10-100x faster)
sync-ctl security # Thorough scan (default)
sync-ctl security --mode lightning # Critical files only (.env, configs)
sync-ctl security --mode fast # Smart sampling with priority patterns
sync-ctl security --mode balanced # Good coverage with optimizations
sync-ctl security --mode paranoid # Most comprehensive including low-severity
sync-ctl vulnerabilities # Dependency vulnerability scan
# Dependency analysis
sync-ctl dependencies --licenses # Show license information
sync-ctl dependencies --vulnerabilities # Check for known CVEsThe turbo security engine offers 5 scan modes optimized for different use cases:
| Mode | Speed | Coverage | Use Case | Typical Time |
|---|---|---|---|---|
| Lightning | 🚀 Fastest | Critical files only | Pre-commit hooks, CI checks | |
| Fast | ⚡ Very Fast | Smart sampling | Development workflow | |
| Balanced | 🎯 Optimized | Good coverage | Regular security checks | |
| Thorough | 🔍 Complete | Comprehensive | Security audits (default) | |
| Paranoid | 🕵️ Maximum | Everything + low severity | Compliance, releases |
The turbo security engine scans for 260+ secret patterns across multiple categories:
- Cloud Providers: AWS Access Keys, GCP Service Account Keys, Azure Storage Keys
- Services: Stripe API Keys, Twilio Auth Tokens, GitHub Personal Access Tokens
- Databases: MongoDB Connection Strings, Redis URLs, PostgreSQL passwords
- CI/CD: Jenkins API Tokens, CircleCI Keys, GitLab CI Variables
- Private Keys: RSA, ECDSA, Ed25519 private keys (.pem, .key files)
- Certificates: X.509 certificates, SSL/TLS certs
- Keystores: Java KeyStore files, PKCS#12 files
- SSH Keys: OpenSSH private keys, SSH certificates
- JWT Secrets: JSON Web Token signing keys
- OAuth: Client secrets, refresh tokens
- SMTP: Email server credentials, SendGrid API keys
- LDAP: Bind credentials, directory service passwords
- Suspicious Names: Any variable containing "password", "secret", "key", "token"
- Base64 Encoded: Automatically detects encoded secrets
- URLs with Auth: Database URLs, API endpoints with embedded credentials
Our security engine provides intelligent risk assessment based on git status:
| Status | Risk Level | Meaning | Action Needed |
|---|---|---|---|
| 🟢 SAFE | Low | File properly ignored by .gitignore | ✅ No action needed |
| 🔵 OK | Low | File appears safe for version control | ✅ Monitor for changes |
| 🟡 EXPOSED | High | Contains secrets but NOT in .gitignore | |
| 🔴 TRACKED | Critical | Contains secrets AND tracked by git | 🚨 Remove from git history |
Files are marked as OK when they contain patterns that look like secrets but are actually safe:
- Documentation: Code in README files, API examples, tutorials
- Test Data: Mock API keys, placeholder values, example configurations
- Source Code: String literals that match patterns but aren't real secrets
- Lock Files: Package hashes in
package-lock.json,pnpm-lock.yaml,cargo.lock - Build Artifacts: Compiled code, minified files, generated documentation
Our engine uses sophisticated techniques to minimize false positives:
# ❌ FALSE POSITIVE - Will be ignored
const API_KEY = "your_api_key_here"; // Documentation example
const EXAMPLE_TOKEN = "sk-example123"; // Clearly a placeholder
# ✅ REAL SECRET - Will be detected
const STRIPE_KEY = "sk_live_4eC39HqLyjWDarjtT1zdp7dc";- Comments in any language (
//,#,/* */,<!-- -->) - Markdown code blocks and documentation files
- README files, CHANGELOG, API docs
- Example configurations and sample files
- Files in
/test/,/tests/,/spec/,__test__directories - Filenames containing "test", "spec", "mock", "fixture", "example"
- Common test patterns like "test123", "dummy", "fake"
- Automatically excludes:
node_modules/,vendor/,target/ - Recognizes lock files:
yarn.lock,pnpm-lock.yaml,go.sum - Skips binary files, images, and compiled artifacts
Choose the output format that works best for you:
- Matrix (default) - Compact dashboard view
- Detailed - Comprehensive vertical layout
- Summary - Brief overview for CI/CD
- JSON - Machine-readable format
$ sync-ctl security --mode thorough
🛡️ Security Analysis Results
════════════════════════════════════════════════════════════════════════════════
┌─ Security Summary ───────────────────────────────────────┐
│ Overall Score: 85/100 │
│ Risk Level: High │
│ Total Findings: 3 │
│ Files Analyzed: 47 │
│ Scan Mode: Thorough │
└──────────────────────────────────────────────────────────┘
┌─ Security Findings ────────────────────────────────────────────────────────┐
│ 1. ./.env.local │
│ Type: ENV VAR | Severity: Critical | Position: 3:15 | Status: EXPOSED │
│ │
│ 2. ./config/database.js │
│ Type: API KEY | Severity: High | Position: 12:23 | Status: TRACKED │
│ │
│ 3. ./docs/api-example.md │
│ Type: API KEY | Severity: Critical | Position: 45:8 | Status: OK │
└────────────────────────────────────────────────────────────────────────────┘
┌─ Key Recommendations ───────────────────────────────────────────────────────┐
│ 1. 🚨 Add .env.local to .gitignore immediately │
│ 2. 🔐 Move database credentials to environment variables │
│ 3. ✅ API example in docs is safely documented │
└─────────────────────────────────────────────────────────────────────────────┘
════════════════════════════════════════════════════════════════════════════════Create .syncable.toml in your project root:
[analysis]
include_dev_dependencies = true
ignore_patterns = ["vendor", "node_modules", "target"]
[security]
# Scan configuration
default_mode = "thorough" # Default scan mode
fail_on_high_severity = true # Exit with error on high/critical findings
check_secrets = true # Enable secret detection
check_code_patterns = true # Enable code security pattern analysis
# Performance tuning
max_file_size_mb = 10 # Skip files larger than 10MB
worker_threads = 0 # Auto-detect CPU cores (0 = auto)
enable_cache = true # Enable result caching
cache_size_mb = 100 # Cache size limit
# Pattern filtering
priority_extensions = [ # Scan these extensions first
"env", "key", "pem", "json", "yml", "yaml",
"toml", "ini", "conf", "config"
]# Scan mode selection
sync-ctl security --mode lightning # Fastest, critical files only
sync-ctl security --mode paranoid # Slowest, most comprehensive
# Output control
sync-ctl security --json # JSON output for automation
sync-ctl security --output report.json # Save to file
# Filtering options
sync-ctl security --include-low # Include low-severity findings
sync-ctl security --no-secrets # Skip secret detection
sync-ctl security --no-code-patterns # Skip code pattern analysis
# CI/CD integration
sync-ctl security --fail-on-findings # Exit with error code if issues foundView Supported Technologies (260+)
- JavaScript/TypeScript (46) - React, Vue, Angular, Next.js, Express, Nest.js, and more
- Python (76) - Django, Flask, FastAPI, NumPy, TensorFlow, PyTorch, and more
- Java/JVM (98) - Spring Boot, Micronaut, Hibernate, Kafka, Elasticsearch, and more
- Go (21) - Gin, Echo, Fiber, gRPC, Kubernetes client, and more
- Rust (20) - Actix-web, Axum, Rocket, Tokio, SeaORM, and more
- npm, yarn, pnpm, bun (JavaScript/TypeScript)
- pip, poetry, pipenv, conda (Python)
- Maven, Gradle (Java)
- Cargo (Rust)
- Go modules (Go)
- Project analysis and technology detection
- Vulnerability scanning with 260+ supported packages
- Turbo Security Engine turbo-fast scanning with 5 modes
- Smart Dockerfile generation
- Intelligent Docker Compose creation
- Cloud-optimized configurations
- Kubernetes manifests & Helm charts
- Terraform modules for AWS/GCP/Azure
- CI/CD pipeline generation
- Real-time monitoring setup
We welcome contributions! See CONTRIBUTING.md for guidelines.
# Run tests
cargo test
# Check code quality
cargo clippy
# Format code
cargo fmtMIT License - see LICENSE for details.
Built with Rust 🦀 and powered by the open-source community.
Need help? Check our documentation or open an issue.
