Plexavo scans for misconfigurations and privilege-escalation paths — open-source core, runs on your own credentials, no black box between you and the findings.
Point Plexavo at an AWS profile and it walks IAM, storage, logging, and networking for misconfigurations — including privilege-escalation chains most scanners don't chain together. The core is AGPL-3.0 and public, so every check is something you can read before you trust it.
No sales calls. No black-box agent running with standing access to your account.
Auditing an AWS estate without paying for a platform you can't inspect, or waiting on a vendor's roadmap for a check you could write yourself.
Who want a fast, scriptable misconfig sweep before a release — something that runs in CI, not a dashboard someone has to remember to check.
Running production on a personal or small-team account and want enterprise-grade checks without an enterprise budget or an enterprise sales process.
Everything below is what the waitlist is for — the scanner itself already works today, right now, on GitHub.
Plain-language explanations of every finding, no API key required.
Findings mapped to SOC 2, HIPAA, and PCI control references.
Generate the exact IAM or config change to close a finding.
Continuous scans instead of point-in-time, with drift alerts.
Rank findings by real blast radius, across every account you own.
The scanner core is public right now under AGPL-3.0. Read every check, run it against your own account, and open a PR if you find something worth adding.