Package Exports
- trustfix
- trustfix/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (trustfix) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
TrustFix
OIDC trust gap scanner for AWS IAM and GitHub Actions. Detects misconfigurations in OIDC trust policies and automatically fixes them via AI-generated Terraform pull requests.
Quick Start
Free GitHub Action: https://github.com/marketplace/actions/trustfix-oidc-security-scanner
Full dashboard + AI remediation: https://trustfix.dev
What It Detects
- Missing sub condition (any repo in org can assume your production role)
- Overly broad StringLike patterns in trust policies
- StringLike where StringEquals should be used
- Missing aud claim validation
- Wildcard Principal: "*" in IAM trust policies
- Unused IAM roles (90+ day inactivity)
- 6 types of GitHub Actions workflow misconfigurations
How It Works
- Install free GitHub Action → scans every PR for OIDC misconfigs
- Connect AWS account → maps every IAM role to every workflow that can assume it
- Click "Generate Fix PR" → Claude AI generates precise Terraform rewrite
- Review and merge → finding closes automatically
Pricing
Detection: Free forever AI Fix PRs: $499/month (Pro), $799/month (Team)