# ๐ Syncable IaC CLI
> Automatically generate optimized Docker, Kubernetes, and cloud infrastructure configurations by analyzing your codebase.
[](https://www.rust-lang.org/)
[](https://opensource.org/licenses/MIT)
## โก Quick Start
[](https://crates.io/crates/syncable-cli)
**Syncable IaC CLI** analyzes your project and automatically generates production-ready infrastructure configurations. Supporting **260+ technologies** across 5 major language ecosystems, it understands your stack and creates optimized IaC files tailored to your specific needs.
## โก Quick Start
```bash
# Install
cargo install syncable-cli
# Analyze any project
sync-ctl analyze /path/to/your/project
# Check for vulnerabilities
sync-ctl vulnerabilities
# Run security analysis (multiple modes available)
sync-ctl security # Thorough scan (default)
sync-ctl security --mode lightning # Ultra-fast critical files only
sync-ctl security --mode paranoid # Most comprehensive scan
# Force update check (clears cache)
sync-ctl --clear-update-cache analyze .
# Get help with any command
sync-ctl --help # Show all available commands
sync-ctl analyze --help # Show analyze command options
sync-ctl security --help # Show security scanning options
sync-ctl vulnerabilities --help # Show vulnerability check options
```
That's it! The CLI will detect your languages, frameworks, dependencies, and provide detailed insights about your project structure. The tool includes smart update notifications to keep you on the latest version.
## ๐ฏ What It Does
Syncable IaC CLI is like having a DevOps expert analyze your codebase:
1. **๐ Analyzes** - Detects languages, frameworks, dependencies, ports, and architecture patterns
2. **๐ Audits** - Checks for security vulnerabilities and configuration issues
3. **๐ Generates** - Creates optimized Dockerfiles, Compose files, and Terraform configs (coming soon)
### Example Output
```bash
$ sync-ctl analyze ./my-express-app
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ PROJECT ANALYSIS DASHBOARD
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ Architecture Overview โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Type: Single Project โ
โ Pattern: Fullstack โ
โ Full-stack app with frontend/backend separation โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ Technology Stack โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Languages: JavaScript, TypeScript โ
โ Frameworks: Express, React, Tailwind CSS โ
โ Databases: PostgreSQL, Redis โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
```
## ๐ Key Features
### ๐ Comprehensive Analysis
- **Multi-language support** - JavaScript/TypeScript, Python, Rust, Go, Java/Kotlin
- **260+ technologies** - From React to Spring Boot, Django to Actix-web
- **Architecture detection** - Monolithic, microservices, serverless, and more
- **Monorepo support** - Analyzes complex multi-project repositories
### ๐ก๏ธ Turbo Security Engine (Covering Javascript / Python ---- Rust-, Go- & Java- Coming soon)
- **10-100x faster scanning** - Rust-powered multi-pattern matching with smart file discovery
- **5 scan modes** - From lightning-fast critical checks to comprehensive audits
- **Smart gitignore analysis** - Understands git status and provides risk assessments
- **260+ secret patterns** - Detects API keys, tokens, certificates, and credentials
- **Zero false positives** - Advanced context-aware filtering excludes test data and documentation
### ๐ณ Docker Intelligence
- **Dockerfile analysis** - Understand existing Docker configurations
- **Multi-stage detection** - Identifies build optimization patterns
- **Service mapping** - Traces dependencies between containers
- **Network topology** - Visualizes service communication
### ๐ Smart Update System
- **Intelligent caching** - Checks every 2 hours when no update available
- **Immediate notifications** - Shows updates instantly when available
- **Clear instructions** - Provides multiple update methods with step-by-step guidance
- **Zero-maintenance** - Automatically keeps you informed of new releases
## ๐ ๏ธ Installation
### Via Cargo (Recommended)
```bash
cargo install syncable-cli
```
### From Source
```bash
git clone https://github.com/syncable-dev/syncable-cli.git
cd syncable-cli
cargo install --path .
```
## ๐ Usage Guide
### Basic Commands
```bash
# Analyze with different display formats
sync-ctl analyze # Matrix view (default)
sync-ctl analyze --display detailed # Detailed view
sync-ctl analyze --json # JSON output
# Vulnerabilities analysis
sync-ctl vulnerabilities # Dependency vulnerability scan
# Security analysis with turbo engine (10-100x faster)
sync-ctl security # Thorough scan (default)
sync-ctl security --mode lightning # Critical files only (.env, configs)
sync-ctl security --mode fast # Smart sampling with priority patterns
sync-ctl security --mode balanced # Good coverage with optimizations
sync-ctl security --mode paranoid # Most comprehensive including low-severity
sync-ctl vulnerabilities # Dependency vulnerability scan
# Dependency analysis
sync-ctl dependencies --licenses # Show license information
sync-ctl dependencies --vulnerabilities # Check for known CVEs
```
### Security Scan Modes
The turbo security engine offers 5 scan modes optimized for different use cases:
| **Lightning** | ๐ Fastest | Critical files only | Pre-commit hooks, CI checks
| **Fast** | โก Very Fast | Smart sampling | Development workflow
| **Balanced** | ๐ฏ Optimized | Good coverage | Regular security checks
| **Thorough** | ๐ Complete | Comprehensive | Security audits (default)
| **Paranoid** | ๐ต๏ธ Maximum | Everything + low severity | Compliance, releases
## ๐ก๏ธ Security Detection Deep Dive
### What We Detect
The turbo security engine scans for 260+ secret patterns across multiple categories:
#### ๐ API Keys & Tokens
- **Cloud Providers**: AWS Access Keys, GCP Service Account Keys, Azure Storage Keys
- **Services**: Stripe API Keys, Twilio Auth Tokens, GitHub Personal Access Tokens
- **Databases**: MongoDB Connection Strings, Redis URLs, PostgreSQL passwords
- **CI/CD**: Jenkins API Tokens, CircleCI Keys, GitLab CI Variables
#### ๐ Cryptographic Material
- **Private Keys**: RSA, ECDSA, Ed25519 private keys (.pem, .key files)
- **Certificates**: X.509 certificates, SSL/TLS certs
- **Keystores**: Java KeyStore files, PKCS#12 files
- **SSH Keys**: OpenSSH private keys, SSH certificates
#### ๐ง Authentication Secrets
- **JWT Secrets**: JSON Web Token signing keys
- **OAuth**: Client secrets, refresh tokens
- **SMTP**: Email server credentials, SendGrid API keys
- **LDAP**: Bind credentials, directory service passwords
#### ๐ Environment Variables
- **Suspicious Names**: Any variable containing "password", "secret", "key", "token"
- **Base64 Encoded**: Automatically detects encoded secrets
- **URLs with Auth**: Database URLs, API endpoints with embedded credentials
### Smart Git Status Analysis
Our security engine provides intelligent risk assessment based on git status:
| ๐ข **SAFE** | Low | File properly ignored by .gitignore | โ
No action needed |
| ๐ต **OK** | Low | File appears safe for version control | โ
Monitor for changes |
| ๐ก **EXPOSED** | High | Contains secrets but NOT in .gitignore | โ ๏ธ Add to .gitignore immediately |
| ๐ด **TRACKED** | Critical | Contains secrets AND tracked by git | ๐จ Remove from git history |
#### Why Some Files Are "OK" Despite Not Being Gitignored
Files are marked as **OK** when they contain patterns that look like secrets but are actually safe:
- **Documentation**: Code in README files, API examples, tutorials
- **Test Data**: Mock API keys, placeholder values, example configurations
- **Source Code**: String literals that match patterns but aren't real secrets
- **Lock Files**: Package hashes in `package-lock.json`, `pnpm-lock.yaml`, `cargo.lock`
- **Build Artifacts**: Compiled code, minified files, generated documentation
### Advanced False Positive Filtering
Our engine uses sophisticated techniques to minimize false positives:
#### ๐ฏ Context-Aware Detection
```bash
# โ FALSE POSITIVE - Will be ignored
const API_KEY = "your_api_key_here"; // Documentation example
const EXAMPLE_TOKEN = "sk-example123"; // Clearly a placeholder
# โ
REAL SECRET - Will be detected
const STRIPE_KEY = "sk_live_4eC39HqLyjWDarjtT1zdp7dc";
```
#### ๐ Documentation Exclusions
- Comments in any language (`//`, `#`, `/* */`, `<!-- -->`)
- Markdown code blocks and documentation files
- README files, CHANGELOG, API docs
- Example configurations and sample files
#### ๐งช Test Data Recognition
- Files in `/test/`, `/tests/`, `/spec/`, `__test__` directories
- Filenames containing "test", "spec", "mock", "fixture", "example"
- Common test patterns like "test123", "dummy", "fake"
#### ๐ฆ Dependency File Intelligence
- Automatically excludes: `node_modules/`, `vendor/`, `target/`
- Recognizes lock files: `yarn.lock`, `pnpm-lock.yaml`, `go.sum`
- Skips binary files, images, and compiled artifacts
### Display Modes
Choose the output format that works best for you:
- **Matrix** (default) - Compact dashboard view
- **Detailed** - Comprehensive vertical layout
- **Summary** - Brief overview for CI/CD
- **JSON** - Machine-readable format
### Example Security Output
```bash
$ sync-ctl security --mode thorough
๐ก๏ธ Security Analysis Results
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ Security Summary โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Overall Score: 85/100 โ
โ Risk Level: High โ
โ Total Findings: 3 โ
โ Files Analyzed: 47 โ
โ Scan Mode: Thorough โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ Security Findings โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 1. ./.env.local โ
โ 2. ./config/database.js โ
โ Type: API KEY | Severity: High | Position: 12:23 | Status: TRACKED โ
โ โ
โ 3. ./docs/api-example.md โ
โ Type: API KEY | Severity: Critical | Position: 45:8 | Status: OK โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ Key Recommendations โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 1. ๐จ Add .env.local to .gitignore immediately โ
โ 2. ๐ Move database credentials to environment variables โ
โ 3. โ
API example in docs is safely documented โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
```
### Advanced Configuration
Create `.syncable.toml` in your project root:
```toml
[analysis]
include_dev_dependencies = true
ignore_patterns = ["vendor", "node_modules", "target"]
[security]
# Scan configuration
default_mode = "thorough" # Default scan mode
fail_on_high_severity = true # Exit with error on high/critical findings
check_secrets = true # Enable secret detection
check_code_patterns = true # Enable code security pattern analysis
# Performance tuning
max_file_size_mb = 10 # Skip files larger than 10MB
worker_threads = 0 # Auto-detect CPU cores (0 = auto)
enable_cache = true # Enable result caching
cache_size_mb = 100 # Cache size limit
# Pattern filtering
priority_extensions = [ # Scan these extensions first
"env", "key", "pem", "json", "yml", "yaml",
"toml", "ini", "conf", "config"
]
```
#### Command-Line Options
```bash
# Scan mode selection
sync-ctl security --mode lightning # Fastest, critical files only
sync-ctl security --mode paranoid # Slowest, most comprehensive
# Output control
sync-ctl security --json # JSON output for automation
sync-ctl security --output report.json # Save to file
# Filtering options
sync-ctl security --include-low # Include low-severity findings
sync-ctl security --no-secrets # Skip secret detection
sync-ctl security --no-code-patterns # Skip code pattern analysis
# CI/CD integration
sync-ctl security --fail-on-findings # Exit with error code if issues found
```
## ๐ Technology Coverage
<details>
<summary><b>View Supported Technologies (260+)</b></summary>
### By Language
- **JavaScript/TypeScript** (46) - React, Vue, Angular, Next.js, Express, Nest.js, and more
- **Python** (76) - Django, Flask, FastAPI, NumPy, TensorFlow, PyTorch, and more
- **Java/JVM** (98) - Spring Boot, Micronaut, Hibernate, Kafka, Elasticsearch, and more
- **Go** (21) - Gin, Echo, Fiber, gRPC, Kubernetes client, and more
- **Rust** (20) - Actix-web, Axum, Rocket, Tokio, SeaORM, and more
### Package Managers
- npm, yarn, pnpm, bun (JavaScript)
- pip, poetry, pipenv, conda (Python)
- Maven, Gradle (Java)
- Cargo (Rust)
- Go modules (Go)
</details>
## ๐ Roadmap
### โ
Phase 1: Analysis Engine (Complete)
- Project analysis and technology detection
- Vulnerability scanning with 260+ supported packages
- Turbo Security Engine turbo-fast scanning with 5 modes
### ๐ Phase 2: AI-Powered Generation (In Progress)
- Smart Dockerfile generation
- Intelligent Docker Compose creation
- Cloud-optimized configurations
### ๐
Future Phases
- Kubernetes manifests & Helm charts
- Terraform modules for AWS/GCP/Azure
- CI/CD pipeline generation
- Real-time monitoring setup
## ๐ค Contributing
We welcome contributions! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
```bash
# Run tests
cargo test
# Check code quality
cargo clippy
# Format code
cargo fmt
```
## ๐ License
MIT License - see [LICENSE](LICENSE) for details.
## ๐ Acknowledgments
Built with Rust ๐ฆ and powered by the open-source community.
---
**Need help?** Check our [documentation](https://github.com/syncable-dev/syncable-cli/wiki) or [open an issue](https://github.com/syncable-dev/syncable-cli/issues).
[](https://github.com/syncable-dev/syncable-cli)