CloudEval’s core product is the evaluation layer. It builds a project model, resolves infrastructure context, creates architecture graph and cost signals, applies reviewed scoring treatment, normalizes evidence, and turns results into reports, release gates, exports, and agent-ready context.
Pinned open-source tools contribute selected evidence to that workflow. They do not define the product experience or scoring by themselves; CloudEval attributes them clearly when their catalogs contribute observations.
Applicable checks depend on provider, IaC format, resources, project configuration, and enabled policies. Not every project runs every check.
CloudEval evaluation surface
| CloudEval capability | What CloudEval adds |
|---|
| Project modeling | Source scope, provider, format, configuration, report history, sharing state, and evidence boundaries. |
| Architecture and dependency context | Graph, topology, relationships, affected resources, and review context. |
| Cost and FinOps context | Cost estimates, coverage warnings, service-family summaries, and savings context for common billable Azure services. |
| Reviewed scoring | Separates reviewed Well-Architected-style treatment from deployment-quality and additional IaC observations. |
| Normalization and deduplication | Turns multiple evidence sources into clearer findings without asking users to reconcile duplicate observations manually. |
| Release gates and reports | Converts evidence into report sections, issue counts, gates, exports, and stakeholder-ready summaries. |
| Agent-ready context | Provides scoped report and evidence context for CLI, MCP-compatible agents, and handoff workflows. |
| Third-party evidence attribution | Lists tool names, versions, licenses, and source links transparently when outside catalogs contribute observations. |
Published coverage counts
| Metric | Public wording | How to read it |
|---|
| CloudEval platform coverage | 1,700+ cloud evaluation signals | The published lower-bound count for CloudEval evaluation signals across architecture, security, deployment quality, cost, graph, report-readiness, and IaC workflows. |
| Attributed third-party catalog | 1,650+ scanner checks | The published lower-bound count across pinned scanner versions before CloudEval applicability, scoring, and output treatment are applied. |
These are ballpark public counts, not a promise that every project runs every check. CloudEval rounds down because applicability can change when providers, IaC formats, resources, project configuration, and policies change.
How CloudEval uses evidence
Third-party catalog snapshot
Snapshot date: July 11, 2026.
| Workflow | Approximate scanner-native checks |
|---|
| Azure ARM | 743 |
| Azure Bicep | 684 |
| AWS CloudFormation | 460 |
| AWS Terraform | 455 |
| Azure Terraform | 302 |
Workflow counts overlap and must not be added together. A scanner check can apply to more than one workflow or IaC format.
Third-party roles
| Tool | Pinned version | Provider and format | Role inside CloudEval | Default output treatment |
|---|
| PSRule.Rules.Azure | 1.47.0 | Azure ARM and Bicep-generated ARM | Azure architecture evidence | Reviewed Azure architecture mappings can contribute to CloudEval architecture review. |
| ARM TTK | 20250401 (0.26) | Azure ARM | Template deployment-quality evidence | Deployment quality. |
| Checkov | 3.3.6 | ARM, Bicep-generated ARM, CloudFormation, and Terraform where supported | Additional IaC evidence | Additional IaC findings unless CloudEval has reviewed a different output treatment. |
| cfn-lint | 1.52.1 | AWS CloudFormation | CloudFormation syntax, resource model, and deployment-quality evidence | Deployment quality. |
| AWS CloudFormation Guard | 3.2.0 | AWS CloudFormation | AWS beta policy evidence and release-gate evaluation | Reviewed AWS beta controls where CloudEval supports that treatment. |
Count methodology
| Method | Public behavior |
|---|
| Platform signal count | 1,700+ cloud evaluation signals covers CloudEval platform output, not just scanner-native checks. |
| Pinned third-party versions | Catalog counts are taken from the tool versions listed above. |
| Double-count prevention | The same third-party check is not counted twice merely because it can apply to more than one workflow. |
| Workflow applicability | Workflow rows show where those checks can apply. They overlap and are not additive. |
| Reviewed treatment | Only checks CloudEval has reviewed for architecture scoring contribute to Well-Architected-style review. Other observations stay in deployment quality, additional IaC findings, or release-gate output. |
| Not assessed behavior | Unsupported provider, format, resource, or policy areas should be shown as Not assessed, not as pass, fail, or zero risk. |
Licensing and attribution
CloudEval integrates permissively licensed open-source tools as evidence sources. CloudEval independently evaluates, normalizes, and presents results. These third-party projects are independent of CloudEval; no affiliation, certification, sponsorship, or approval is implied.
| Project | License | Source and license |
|---|
PSRule.Rules.Azure 1.47.0 | MIT | Source, License |
ARM TTK 20250401 (0.26) | MIT | Source, License |
Checkov 3.3.6 | Apache-2.0 | Source, License |
cfn-lint 1.52.1 | MIT-0 | Source, License |
AWS CloudFormation Guard 3.2.0 | Apache-2.0 | Source, License |
CloudEval uses project names as text attribution. It does not use project logos unless separate trademark clearance exists.
Coverage boundaries
- The
1,700+ cloud evaluation signals count is a CloudEval platform count, not a scanner-rule total.
- Workflow counts overlap and are not additive.
- Not every project runs every signal.
- AWS CloudFormation beta support is not an end-to-end AWS Well-Architected assessment.
- Checkov observations appear as additional IaC findings unless CloudEval has reviewed a different output treatment.
- Third-party projects are independent; no affiliation, certification, sponsorship, or approval is implied.
Related pages