Eunomio CI Guard. Our first product.

One GitHub App. It replaces hard-coded AWS keys in GitHub Actions with short-lived OIDC credentials, and fails risky CI auth diffs in pull requests before they merge. That is the whole product.

Install CI Guard → Contact us

v1 · shipped Apr 2026 · parent-site product summary

how it slots in

Flow

How it works in a PR.

CI Guard sits between your PR and your merge - never between your CI and your cloud.

scope is the product

v1 scope

In and out, on the page.

What it does

Scans GitHub Actions workflows + Terraform IAM in PRs.
Flags long-lived AWS access keys, over-broad roles, missing OIDC trust.
Posts findings as a PR check + review comment.
Generates the OIDC migration patch as a follow-up PR.

What it does not do

No live AWS API calls. No production cloud access.
No GitLab, Bitbucket, Azure DevOps in v1.
No GCP / Azure runtime in v1 (AWS only).
No SSO, no provisioning, no audit warehouse.

posted price
or no deal

Pricing snapshot

Plain repo bands.

Trial

$0 30 days

Up to 25 repos during evaluation. Convert to Growth or Scale before trial ends.

Growth

$49 /mo

Up to 25 repos. Org accounts. Email support.

Scale

$199 /mo

Up to 200 repos. Prioritized triage. Email support.

Trial is a 30-day evaluation. Convert to Growth or Scale via Stripe before trial ends to keep coverage. Above 200 repos: contact us. No per-seat pricing. Cancel from the Stripe portal.

this page is
a doorway

Continue at the install entry

Install CI Guard.

Everything operational lives at ciguard.eunomio.com. The product surface owns install, account, docs, and changelog; the parent site only summarises.

Install CI Guard →