Hi everyone! 
I’ve noticed that a lot of folks here run Frappe and ERPNext in production on their own VPS, AWS, or DigitalOcean instances, often using Docker, Docker Compose, or Kubernetes.
Managing the costs and security of self-hosted infrastructure can sometimes be tricky. Because we face the same challenges, my team at SolDevelo recently open-sourced InfraScan – an infrastructure auditor that scans your configuration files to catch security misconfigurations and cost anti-patterns before you deploy them.
How it might be useful for your Frappe deployments:
- Security Scanning: It scans your Docker configurations (using Docker Scout/Grype) and your Infrastructure-as-Code files (Terraform/Checkov) to ensure you aren’t deploying with open ports, unencrypted volumes, or risky AWS IAM policies.
- Cost Optimization: If you’re hosting ERPNext on AWS, it can identify expensive mistakes—like oversized EC2 instances (e.g., using old
t2instead oft3/t4g), expensive NAT Gateways, or missing S3 lifecycle rules for your backups.
Key features:
- It’s completely free and open-source.
- You don’t need to connect your cloud credentials for the initial scan (it analyzes your code/configs).
- You can run it locally via a Web UI, CLI, or drop it into your CI/CD pipelines (GitHub Actions, GitLab, etc.).
You can check out the repository, run it against your configs, or contribute here:
https://github.com/SolDevelo/InfraScan
There are no strings attached. We just wanted to share this with the community in hopes that it helps someone keep their ERPNext hosting secure and budget-friendly.
Would love to hear your feedback if you decide to try it out on your deployment repos! Cheers! 