How do I deploy cloudsecurity-af on Railway?

You can deploy cloudsecurity-af on Railway by clicking the "Deploy Now" button on this page. Railway will automatically set up all the necessary services and configurations for you.

What are the system requirements?

Railway handles all the infrastructure requirements. You only need a web browser to deploy and manage your application.

Is this template free to use?

Yes, this template is free to use within your existing Railway account.

Can I customize this template?

Yes, you can fully customize this template. After deployment, you will have full control of what you've deployed in your Railway project.

How do I get support for this template?

You can get support through our community forum: cloudsecurity-af-5cd1fe83, or click "Get template help" for this template for more assistance.

Deploy and Host cloudsecurity-af on Railway

cloudsecurity-af is an AI-native cloud infrastructure security scanner that performs risk-prioritized attack path analysis on Infrastructure-as-Code. Unlike traditional scanners that report isolated findings, it chains misconfigurations into realistic attack paths (e.g., public S3 → IAM escalation → RDS exfiltration) and proves exploitability — all before deployment.

About Hosting cloudsecurity-af

cloudsecurity-af runs as two Railway services: the AgentField control plane and the cloudsecurity-af agent. The control plane orchestrates execution, manages state, and exposes the REST API and observability UI. The agent registers with the control plane at startup and runs a multi-phase pipeline (RECON → HUNT → CHAIN → PROVE → REMEDIATE) against target repos. Scans are triggered via the control plane API — the agent clones the target repo, deploys seven parallel domain hunters (IAM, network, data, secrets, compute, logging, compliance), chains findings into attack paths, and formally proves exploitability. You only need an OpenRouter API key for LLM access.

Common Use Cases

Scan any public GitHub repo's IaC (Terraform, CloudFormation, Kubernetes) for chained attack paths before deployment
Run as a CI/CD security gate on pull requests with SARIF output for the GitHub Security tab
Compliance scanning mapped to CIS AWS, SOC2, HIPAA, or PCI-DSS frameworks

Dependencies for cloudsecurity-af Hosting

AgentField control plane (agentfield/control-plane:latest)
OpenRouter API key for LLM access

Deployment Dependencies

Implementation Details

Replace `` with your control-plane service's public URL from the Railway dashboard (Settings > Networking > Public Networking). Set your AGENTFIELD_API_KEY in the control-plane service's environment variables.

Trigger a scan:

curl -X POST https:///api/v1/execute/async/cloudsecurity.scan \
  -H "Content-Type: application/json" \
  -H "X-API-Key: " \
  -d '{
    "input": {
      "repo_url": "https://github.com/bridgecrewio/terragoat",
      "depth": "standard",
      "severity_threshold": "medium",
      "output_formats": ["json", "sarif"]
    }
  }'

Poll for results:

curl -H "X-API-Key: " \
  https:///api/v1/executions/

Why Deploy cloudsecurity-af on Railway?

Railway is a singular platform to deploy your infrastructure stack. Railway will host your infrastructure so you don't have to deal with configuration, while allowing you to vertically and horizontally scale it.

By deploying cloudsecurity-af on Railway, you are one step closer to supporting a complete full-stack application with minimal burden. Host your servers, databases, AI agents, and more on Railway.