Pre-deploy threat review
The dashboard is intentionally thin. It runs the same engine as the CLI and renders the same evidence-backed findings, trust boundaries, observations, and machine-readable JSON contract.
Analyze
Built-in scenarios
These demos are pulled from the same checked-in fixture plans used to exercise the analyzer in the repo. They make the project scope legible without asking someone to prepare Terraform first.
Calibrated baseline
sample_aws_safe_plan.jsonMostly segmented AWS infrastructure with one deliberate IAM hygiene issue.
Representative mixed case
sample_aws_plan.jsonPublic exposure, permissive database access, risky IAM, and broad trust in one reviewable plan.
Stress-case fixture
sample_aws_nightmare_plan.jsonStacked public access, wildcard IAM, exposed storage, and high blast radius across the stack.
Common architecture
sample_aws_alb_ec2_rds_plan.jsonA common web architecture with an internet-facing load balancer, private app tier, and private RDS.
Control-plane focus
sample_aws_lambda_deploy_role_plan.jsonPrivate Lambda deployment path with scoped S3 access and deliberate trust-chain review points.
Trust expansion
sample_aws_cross_account_trust_unconstrained_plan.jsonMinimal assume-role trust without narrowing conditions to exercise the IAM trust path directly.
Narrowed trust
sample_aws_cross_account_trust_constrained_plan.jsonThe same trust edge narrowed by ExternalId, SourceArn, and SourceAccount conditions.