CleanCloud is different: read-only, runs in your environment, and enforces hygiene as a CI/CD gate.

AWS Rules (10): - Unattached EBS Volumes - Old EBS Snapshots (90+ days) - Infinite Retention CloudWatch Logs - Unattached Elastic IPs (30+ days) - Detached Network Interfaces (60+ days) - Untagged Resources (EBS, S3, Log Groups) - Old AMIs (180+ days) - Idle NAT Gateways (~$32/mo each) - Idle RDS Instances (zero connections 14+ days) - Idle Load Balancers (zero traffic 14+ days)

Azure Rules (10): - Unattached Managed Disks - Old Snapshots - Unused Public IPs - Empty Load Balancers - Empty Application Gateways - Empty App Service Plans - Idle VNet Gateways - Stopped (Not Deallocated) VMs — still incurring full compute charges - Idle SQL Databases (zero connections 14+ days) - Untagged Resources

Every finding includes: - Confidence level (HIGH / MEDIUM) - Evidence and signals used - Resource details and age

Enforce in CI/CD: cleancloud scan --provider aws --all-regions --fail-on-confidence HIGH Exit 0 = pass. Exit 2 = policy violation. - No write access. - No telemetry. - No SaaS.

"pip install cleancloud" and run your first scan in 5 minutes.

GitHub: https://github.com/cleancloud-io/cleancloud

If you’re one of the 200+ users who have downloaded CleanCloud, we’d love to hear what you found. Please open an issue at https://github.com/cleancloud-io/cleancloud or leave a comment below.