If a row is checked on Basic, it's checked on Basic. The cloud-account count is the only thing that scales between paid tiers.
AWS Account / GCP Project / Azure Subscription / K8s Cluster — each counts as one.
All cloud providers — equal coverage, single console.
AWS Organizations · GCP Folders · Azure Management Groups. Auto-discovers child accounts.
Full platform access. Cancel anytime from the dashboard.
Every EC2, VM, bucket, IAM role, K8s pod — re-scanned on schedule. No agent. No tag required.
One filterable table. Filter by provider, type, region, account, tag, exposure.
Configuration · tags · attached vulns · related resources · raw provider response.
Snapshot-based, ephemeral. Your VMs are never stopped or modified. Auto-cleanup ~10 min.
Layer-by-layer CVE detection across container registries.
Every CVE enriched with EPSS percentile + CISA Known-Exploited-Vulns flag. Real prioritization.
Hard-coded keys, tokens, certs across configs and code. Categorized by source type.
Permissive · copyleft · restricted classification. Audit-ready license posture.
Dependency-level risks across container images and code repos. Severity-scored.
Software Bill of Materials per container image. Kubernetes BOM per cluster. Signed download URLs.
Lambda, Cloud Functions, Azure Functions — supply-chain analysis on the same pipeline as containers and VMs.
Service-by-service evidence across all cloud providers. Filter by service, severity, framework, result.
Why it failed, exactly which resource, exactly which CLI command fixes it.
Multi-step chains visualized: entry point → lateral movement → critical asset.
Every path tagged with the techniques an adversary would use. Cloud Matrix knowledge base.
The one fix that breaks the most paths. Prioritize remediation by impact, not severity.
Trust relationships across multiple AWS Orgs / GCP Folders / Azure tenants.
CIS · SOC 2 · ISO 27001 · HIPAA · PCI DSS 4.0 · NIST CSF 2.0 · NIST 800-53 R5.
Each control evaluated against your live infrastructure. Exportable for auditors.
Run the same framework against AWS, GCP, Azure, K8s — provider-aware control mapping.
Specialty frameworks (gov / EU / JP) — currently under validation, coming soon.
Conversational AI that reads your real environment. Not generic Stack Overflow advice.
"What changed since last scan, in plain English" — auto-generated after every scan.
Thousands of raw findings → ranked, deduped issues. Curator agent runs after every scan.
Board-ready risk summary, generated from your data. Export-ready.
Assign curated issues to a person. Track ownership across the queue.
Invite teammates · role-based permissions · per-account access.
Overview report — pass to security review, leadership, or auditor.
Zero software installed in your infrastructure. Ever. We connect to provider APIs.
We request and recommend read-only IAM. We can never modify your resources.
Snapshot · scan on a temp instance · auto-cleanup. ~10 min. Your VMs never stop.
Where you get help when you need it.
Okta · Azure AD · Google Workspace · any SAML 2.0 IdP.
DPA, security review, MSA — your paper or ours.
Pay yearly, get ~17% off (2 months free).
VikingCloud composes industry-standard scan foundations, our proprietary attack-path graph, and a growing multi-agent AI layer into a single platform — so the depth shows up in the UI, not in your onboarding spreadsheet.
Provider-native APIs enumerate every asset across AWS · GCP · Azure · Kubernetes. Read-only credentials, zero footprint on your side, no agents.
Hundreds of misconfiguration checks across all cloud providers, mapped to CIS, AWS Foundational Security, and provider-specific best practices.
Snapshot-based VM scanning, layer-by-layer container CVE detection, and dependency-level supply-chain analysis — enriched with EPSS percentile and CISA Known-Exploited-Vulns flags for real-world prioritization.
Thousands of raw findings collapse into a ranked, deduped issue queue. Same vulnerability across 80 hosts? One issue, 80 affected resources. Spend your day on what matters, not on triage.
Every scan ends with a plain-English brief — what changed, what's now exposed, what improved — auto-generated from your real data and signed off in seconds, not hours.
Conversational AI that reads your real environment. "Show me publicly exposed databases." "Which IAM role has the most risk?" Grounded answers, cited from your scans — not generic Stack Overflow advice.
Custom graph algorithm over your inventory, findings, and IAM. Identifies multi-step chains and ranks choke points — the single fix that breaks the most paths.
30+ frameworks with provider-specific control mappings. Each control runs against your scanned inventory — real evidence per control, audit-ready, exportable.
Ten frameworks ship live today, evaluated against your live cloud — not a checklist on a slide. Specialty frameworks (FedRAMP, ENS, ISMAP, MITRE ATT&CK Framework) are currently under validation — coming soon.
Either you're our buyer, or you're our competitor doing research. Either way — welcome. Connect read-only credentials and watch the scan run.