Skip to main content
CloudEval’s core product is the evaluation layer. It builds a project model, resolves infrastructure context, creates architecture graph and cost signals, applies reviewed scoring treatment, normalizes evidence, and turns results into reports, release gates, exports, and agent-ready context. Pinned open-source tools contribute selected evidence to that workflow. They do not define the product experience or scoring by themselves; CloudEval attributes them clearly when their catalogs contribute observations.
Applicable checks depend on provider, IaC format, resources, project configuration, and enabled policies. Not every project runs every check.

CloudEval evaluation surface

CloudEval capabilityWhat CloudEval adds
Project modelingSource scope, provider, format, configuration, report history, sharing state, and evidence boundaries.
Architecture and dependency contextGraph, topology, relationships, affected resources, and review context.
Cost and FinOps contextCost estimates, coverage warnings, service-family summaries, and savings context for common billable Azure services.
Reviewed scoringSeparates reviewed Well-Architected-style treatment from deployment-quality and additional IaC observations.
Normalization and deduplicationTurns multiple evidence sources into clearer findings without asking users to reconcile duplicate observations manually.
Release gates and reportsConverts evidence into report sections, issue counts, gates, exports, and stakeholder-ready summaries.
Agent-ready contextProvides scoped report and evidence context for CLI, MCP-compatible agents, and handoff workflows.
Third-party evidence attributionLists tool names, versions, licenses, and source links transparently when outside catalogs contribute observations.

Published coverage counts

MetricPublic wordingHow to read it
CloudEval platform coverage1,700+ cloud evaluation signalsThe published lower-bound count for CloudEval evaluation signals across architecture, security, deployment quality, cost, graph, report-readiness, and IaC workflows.
Attributed third-party catalog1,650+ scanner checksThe published lower-bound count across pinned scanner versions before CloudEval applicability, scoring, and output treatment are applied.
These are ballpark public counts, not a promise that every project runs every check. CloudEval rounds down because applicability can change when providers, IaC formats, resources, project configuration, and policies change.

How CloudEval uses evidence

Third-party catalog snapshot

Snapshot date: July 11, 2026.
WorkflowApproximate scanner-native checks
Azure ARM743
Azure Bicep684
AWS CloudFormation460
AWS Terraform455
Azure Terraform302
Workflow counts overlap and must not be added together. A scanner check can apply to more than one workflow or IaC format.

Third-party roles

ToolPinned versionProvider and formatRole inside CloudEvalDefault output treatment
PSRule.Rules.Azure1.47.0Azure ARM and Bicep-generated ARMAzure architecture evidenceReviewed Azure architecture mappings can contribute to CloudEval architecture review.
ARM TTK20250401 (0.26)Azure ARMTemplate deployment-quality evidenceDeployment quality.
Checkov3.3.6ARM, Bicep-generated ARM, CloudFormation, and Terraform where supportedAdditional IaC evidenceAdditional IaC findings unless CloudEval has reviewed a different output treatment.
cfn-lint1.52.1AWS CloudFormationCloudFormation syntax, resource model, and deployment-quality evidenceDeployment quality.
AWS CloudFormation Guard3.2.0AWS CloudFormationAWS beta policy evidence and release-gate evaluationReviewed AWS beta controls where CloudEval supports that treatment.

Count methodology

MethodPublic behavior
Platform signal count1,700+ cloud evaluation signals covers CloudEval platform output, not just scanner-native checks.
Pinned third-party versionsCatalog counts are taken from the tool versions listed above.
Double-count preventionThe same third-party check is not counted twice merely because it can apply to more than one workflow.
Workflow applicabilityWorkflow rows show where those checks can apply. They overlap and are not additive.
Reviewed treatmentOnly checks CloudEval has reviewed for architecture scoring contribute to Well-Architected-style review. Other observations stay in deployment quality, additional IaC findings, or release-gate output.
Not assessed behaviorUnsupported provider, format, resource, or policy areas should be shown as Not assessed, not as pass, fail, or zero risk.

Licensing and attribution

CloudEval integrates permissively licensed open-source tools as evidence sources. CloudEval independently evaluates, normalizes, and presents results. These third-party projects are independent of CloudEval; no affiliation, certification, sponsorship, or approval is implied.
ProjectLicenseSource and license
PSRule.Rules.Azure 1.47.0MITSource, License
ARM TTK 20250401 (0.26)MITSource, License
Checkov 3.3.6Apache-2.0Source, License
cfn-lint 1.52.1MIT-0Source, License
AWS CloudFormation Guard 3.2.0Apache-2.0Source, License
CloudEval uses project names as text attribution. It does not use project logos unless separate trademark clearance exists.

Coverage boundaries

  • The 1,700+ cloud evaluation signals count is a CloudEval platform count, not a scanner-rule total.
  • Workflow counts overlap and are not additive.
  • Not every project runs every signal.
  • AWS CloudFormation beta support is not an end-to-end AWS Well-Architected assessment.
  • Checkov observations appear as additional IaC findings unless CloudEval has reviewed a different output treatment.
  • Third-party projects are independent; no affiliation, certification, sponsorship, or approval is implied.
Last modified on July 11, 2026