Gomboc Portal
This guide will help you understand what to expect from the Gomboc Portal and how to get started on your Gomboc journey.
If you already have a Gomboc account, see Log in to an existing account.
Why Gomboc
Gomboc AI allows engineering teams to focus on innovation without worrying about configuration drift, cloud infrastructure misconfigurations, or other code issues. This document provides an overview of the platform's key capabilities and how to leverage them effectively.
Schedule a demo to see Gomboc in action and learn how you can benefit it.
Key Benefits
Automated Remediation
Gomboc continuously scans your repositories for code misconfigurations and policy violations. When issues are detected, Gomboc automatically generates precise, context-aware fixes as pull requests, eliminating the manual effort of writing remediation code.
How it works:
Connect your code repositories to Gomboc
Define your policies
Gomboc scans your code and identifies violations
Remediation PRs are automatically created with detailed explanations
Your team reviews and merges the fixes
Consistent, Reliable Fixes
All generated fixes adhere to your organization's policies and code best practices. Because fixes are delivered as pull requests, they integrate seamlessly into your existing code review workflow, ensuring every change is vetted before deployment.
Streamlined Approval Process
Each remediation PR includes:
Clear context explaining the code issue
Detailed reasoning for why the fix is necessary
Precise code changes that address the specific violation
This allows engineers to quickly understand, approve, or request modifications to suggested fixes without additional research.
Continuous Updates
Gomboc doesn't just scan once, it continuously monitors your repositories for:
New code changes that introduce violations
Configuration drift between your IaC and deployed infrastructure
Policy updates that affect existing resources
All findings are surfaced promptly with actionable remediation options.
Policies
Policy Sets
Policy Sets are collections of Gomboc policies that define the rules and standards your infrastructure must follow. Gomboc provides flexible policy management:
Organization-wide policies: Apply security standards across all workspace
Workspace-specific policies: Target policies to specific environments, teams, or stages (e.g., production vs. development)
Custom policy combinations: Mix and match policies to create the right enforcement level for each context
One-Click Framework Policies
Quickly adopt industry-standard frameworks with pre-built policy templates:
AWS Well-Architected
SOC 2 Type II
NIST CSF 2.0
CIS Benchmarks
PCI DSS
HIPAA
Select a framework, and Gomboc automatically configures the corresponding policy rules, no manual policy authoring required.
Policy Rules
Each policy contains granular rules that target specific resource types and configurations. Rules include:
Rule Name
Human-readable description of what the rule enforces
Resource Type
The IaC resource the rule applies to (e.g., aws_db_instance)
Cloud Provider
Target cloud platform (AWS, Azure, GCP)
IaC Tool
Supported infrastructure tools (Terraform, CloudFormation, etc.)
Source
Rule origin and identifier (e.g., checkov CKV_AWS_129)
Rules can be individually enabled or disabled within a policy to customize enforcement for your organization's specific requirements.
Version Management & Audit Trail [Coming soon...]
Every change to your policy sets is tracked with full audit traceability:
Who made the change
What was modified (policies added/removed, rules enabled/disabled)
When the change occurred
This provides complete visibility for compliance audits and security reviews.
Workspaces
Workspaces
Workspaces represent your connected infrastructure projects. Each workspace includes:
Repository connection: Linked code repository and branch
Policy assignment: Which policy sets apply to this workspace
Scan history: Record of all scans, findings, and remediations
Drift status: Current drift detection state
Workspaces allow you to organize and manage security enforcement across multiple projects, environments, and teams.
AI-Powered Intelligence
Daily Model Updates
Gomboc's AI model is updated daily with the latest:
Cloud Service Provider (CSP) documentation
Code best practices and guidelines
New resource types and configurations
Emerging threat patterns
This ensures remediation recommendations always reflect current cloud provider capabilities and security standards.
Context-Aware Fixes
Gomboc doesn't generate generic fixes: it analyzes your specific codebase to produce remediation that:
Follows your existing coding patterns and conventions
Accounts for resource dependencies and relationships
Minimizes blast radius while fully addressing the violation
Integration & Compatibility
Repository Integration
Connect your code repositories from:
GitHub
GitLab
Bitbucket
Azure DevOps
Gomboc Projects stay continuously synced with your repositories, monitoring all branches and changes in real-time.
CI/CD Pipeline Integration
Gomboc can push Infrastructure as Code (IaC) directly to your Continuous Integration/Continuous Deployment (CI/CD) pipelines, such as GitHub Actions. This ensures that security checks and remediations are part of your automated deployment process.
Gomboc integrates directly into your deployment pipelines:
GitHub Actions: Native workflow integration
GitLab CI: Pipeline job support
Jenkins: Plugin available
Custom pipelines: API and CLI access
Code checks and remediation become part of your automated deployment process, catching issues before they reach production.
Last updated