AWS cost audits that run in your GitHub Actions
StackSage runs inside your GitHub Actions runner with a customer-controlled, read-only role. Get a simple summary, a full HTML report, and JSON/CSV findings — without sharing AWS credentials.
- Runs in GitHub Actions
- Self-serve Trial
- Summary + HTML + JSON/CSV outputs
- Security posture (IAM, audit logging, exposure)
Detectors that find waste & hygiene issues
Run audits in GitHub Actions and get a report you can share: a one-page summary, an HTML report, and machine-readable findings (JSON/CSV).
EC2 Waste
Security Posture
EBS + Snapshots
RDS Signals
Network Waste
Tag Hygiene
CloudWatch (Optional)
Privacy-First
Workflow Outputs
How it works
- 1
Install the Workflow
Add the StackSage workflow to your repo (Trial or paid)
- 2
Grant Read-Only Access
Provide a customer-controlled IAM role ARN (assume role)
- 3
Run Trial (or add license)
Trial runs without a license. Paid workflow uses a time-limited license secret.
- 4
Get Actionable Outputs
Download the HTML report + JSON/CSV findings as workflow artifacts
Simple, Transparent Pricing
Two ways to get value: run the free Trial, or use the paid workflow for full coverage.
Trial
Self-serve trial you can run independently in your GitHub Actions
Free
- • Public trial image (GHCR)
- • No license required
- • Minimal IAM permissions (read-only)
- • HTML report + JSON/CSV outputs
- • Security posture basics + limited cost/waste preview
- • Findings capped (intentionally)
GitHub Workflow
Full StackSage scan delivered as a workflow you run on your schedule
$99/mo
- • Private GHCR image + workflow template
- • Time-limited license secret
- • Deeper coverage + richer evidence
- • Recurring runs (weekly/daily)
- • Prioritized outputs for actionability
Trial is self-serve. If you need help, email is optional.
Email us at hello@stacksageai.com
Run the Trial (Self-Serve)
You can run StackSage Trial independently in your GitHub Actions with a customer-controlled read-only role. No license required.
See a real example (no signup)
No AWS credential sharing. Customer-controlled read-only role.
What you’ll need
- • A GitHub repo with Actions enabled
- • AWS IAM role ARN (read-only) that GitHub can assume
- • GitHub secrets: AWS access keys + role ARN
See What You’ll Get
Browse a sample audit report with concrete, actionable findings — including security posture signals (IAM, audit logging, exposure).
View Sample Report →Paid GitHub Workflow ($99/mo)
Request access to the private image + workflow for full coverage. Trial is self-serve; paid access is approved via this form.
- • Private GHCR image + time-limited license
- • Deeper coverage and richer evidence
- • Designed for recurring weekly/daily runs
Questions? Email us at hello@stacksageai.com.
FAQ
Where does StackSage run?
Inside your GitHub Actions runner (in your repo).
Can I run the Trial without contacting you?
Yes. Trial is self-serve: create a read-only IAM role, add GitHub secrets, copy the workflow, and run it. Full steps are on /docs.
How is Trial delivered?
As a public Docker image pulled from GHCR and run by your workflow (no license required).
How is the paid GitHub Workflow delivered?
As a private Docker image pulled from GHCR, run by your workflow, with a time-limited license secret.
Do you ingest AWS credentials?
No. AWS access is via a customer-controlled read-only IAM role used by your workflow.
What do I get as output?
An HTML report plus machine-readable findings (JSON/CSV) as workflow artifacts.
Does Trial include savings ($) estimates?
Trial includes a limited cost/waste preview but does not compute exact savings. The paid workflow unlocks deeper coverage and quantification.
Findings are based on what the workflow can read with the permissions you grant; outcomes vary by account and usage.