FinOps in 5 minutes
not 5 months
Actionable cloud findings delivered as GitHub Issues — with clear fixes developers actually act on.
Like Dependabot, but for cloud optimization.
15 idle VMs detected — save $2,100/month #142
Free tier available • No credit card required
Comprehensive cloud optimization
More than just FinOps — detect cost, governance, and security issues across AWS and Azure in one place.
Cost Optimization
Stop paying for what you're not using
Detect idle VMs, unattached disks, orphaned resources, and missing savings plans. Identify waste before it becomes expensive.
Examples include:
- Idle VMs (14+ days low CPU)
- Unattached disks and public IPs
- Missing Azure Hybrid Benefit
- Oversized or underutilized databases
+ 60 more checks
Governance
Know who owns what
Enforce tagging policies, track ownership, and catch configuration drift. Keep your cloud organized and accountable.
Examples include:
- Missing owner/cost-center tags
- Storage accounts without HTTPS
- Unencrypted managed disks
- Non-compliant AKS configurations
+ 9 more checks
Security
Catch risks before they become incidents
Spot open security groups, public storage accounts, and missing encryption — automatically.
Examples include:
- Overly permissive NSG rules
- Public blob container access
- Open security groups (0.0.0.0/0)
- Unencrypted storage accounts
+ 9 more checks
Deprecations
Stay ahead of breaking changes
Get notified about deprecated VM SKUs, runtime versions, and services before they impact your workloads.
Examples include:
- Deprecated VM SKUs (NVv4 series)
- Functions runtime deprecations
- Outdated App Service plans
- End-of-life Kubernetes versions
+ 10 more checks
107 policies across AWS and Azure, expanding weekly — covering compute, storage, Kubernetes, networking, databases, and deprecations.
Cloud optimization shouldn't require a dedicated team
Most FinOps tools fail because they live outside your development workflow
For Developers
- Out-of-band emails feel punitive and interrupt workflow
- Dashboards require context-switching
- Unsure what's safe to change
For Platform / FinOps Teams
- FinOps dashboards are ignored by developers
- Security and governance reviews happen too late
- Credential-based SaaS scanners create trust barriers
LeftSize works inside your existing GitHub Actions pipelines — no new dashboard, no credential handover.
How it works
Three simple steps to start detecting cost, governance, and security issues
Install the GitHub App
Select which repositories to scan. No infrastructure installation required.
Add a workflow file
A GitHub Actions workflow scans your AWS or Azure environment using your own credentials — nothing leaves your runner.
Receive actionable GitHub Issues
Cost, governance, and security findings appear automatically in your repo with clear explanations.
Your credentials stay in your control
No credentials leave your GitHub Actions environment.
No agents or external cloud access required
Built on OIDC and short-lived tokens for AWS & Azure.
What early adopters are saying
Here's what developers and platform engineers think about LeftSize.
-
-
We don't have a FinOps team. Now we don't need one.
Platform Engineer15-person SaaS startup
-
-
-
Azure Advisor findings used to rot in a spreadsheet. Now they're Issues that get closed.
Engineering LeadDevOps consultancy
-
-
-
Finally, something developers use without being told to.
CTOEarly-stage startup
-
Secure by default
Your credentials stay under your control — LeftSize never stores or accesses them
GitHub Actions
Under your control
Your Cloud
Secure readonly OIDC
LeftSize
Metadata only
GitHub Actions
Under your control
Your Cloud
Secure readonly OIDC
LeftSize
Metadata only
Only findings metadata (IDs, cost data) sent to LeftSize — no credentials, no full resource data
Scans run inside your GitHub Actions
Using your own cloud credentials via OIDC or GitHub secrets.
No credential storage
LeftSize never receives, stores, or has access to your cloud credentials.
No external service installation
No agents, no external cloud access required. Just a GitHub workflow.
Built on OIDC and short-lived tokens
Supports AWS and Azure best practices for credential management.
Only lightweight metadata shared
Resource IDs, cost data, and configuration metadata — not full resource data.
Full audit visibility
You control what data leaves your environment via GitHub Actions logs.
Developer experience
See how LeftSize works in practice — with interactive commands and context-aware guidance
Idle Dev VMs
Issue: "15 VMs idle for 14+ days — potential savings identified"
Commands: @leftsize explain,
@leftsize howto
Result: Clear guidance for safe cleanup
Missing Tags
Issue: "200 resources without owner tags"
Commands: @leftsize scripts azure-cli
Result: Bulk tagging script with audit trail
Open Security Groups
Issue: "NSG allows 0.0.0.0/0 on SSH/RDP ports"
Commands: @leftsize explain,
@leftsize howto
Result: Step-by-step security remediation
Retiring VM SKUs
Issue: "NVv4 series VMs retiring Sept 2026"
Commands: @leftsize explain
Result: Migration path with timeline
Missing Hybrid Benefit
Issue: "SQL Server VMs without Hybrid Benefit"
Commands: @leftsize scripts azure-cli
Result: Script to enable benefit
AKS Without Autoscaling
Issue: "AKS clusters without node autoscaler"
Commands: @leftsize howto
Result: Autoscaler configuration guide
Simple workflow setup
# .github/workflows/leftsize.yml
name: LeftSize Cost Optimization Scan
on:
schedule:
- cron: '0 9 * * *' # Daily at 9 AM
workflow_dispatch: # Manual trigger
permissions:
id-token: write # For Azure/AWS OIDC
contents: read
jobs:
leftsize-scan:
runs-on: ubuntu-latest
steps:
- name: Azure Login (OIDC)
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Run LeftSize Scan
uses: leftsize/leftsize-action@v1
with:
cloud-provider: azure
Your credentials stay in GitHub — LeftSize never sees them
Why teams choose LeftSize
Shift cloud optimization left — where developers already work
Zero Credential Storage
Runs in your GitHub Actions — we never see or store your cloud credentials
Comprehensive Coverage
Cost, governance, security, and deprecation checks across AWS and Azure
GitHub Native
Issues created where you already work — no new dashboard to check
Quick Setup
Install the GitHub App, configure your workflow, and start scanning
Built for platform engineers who care about developer experience
Instead of drowning developers in FinOps dashboards, LeftSize brings
actionable recommendations to pull requests and issues — complete with
@leftsize explain
and @leftsize howto
commands for context-aware guidance.
Simple pricing, for everyone
Start free with essential cost optimization. Upgrade to Pro for comprehensive coverage across security, governance, and deprecation alerts.
Free
Perfect for trying out LeftSize on a small project.
$0
- Up to 3 repositories
- 41 of 107 rules (22 AWS + 19 Azure)
- Covers all categories
- GitHub Issue creation
- @leftsize commands
Pro
For teams serious about cloud optimization and security.
$29 /month
- Unlimited repositories
- 107 rules across all categories
- Cost optimization (advanced)
- Security & compliance rules
- Governance & tagging policies
- Deprecation alerts
- Usage insights & KPIs dashboard
- Priority support
Compare plans
| Feature | Free | Pro |
|---|---|---|
| Repositories | 3 | Unlimited |
| Total rules | 31 | 98 |
| Cost optimization | ||
| Security rules | ||
| Governance & tagging | ||
| Deprecation alerts | ||
| @leftsize commands | ||
| Usage insights & KPIs | ||
| Priority support |
Frequently asked questions
Can't find what you're looking for? Reach out to our team at [email protected].
-
-
What is a 'team' in LeftSize pricing?
A team is your GitHub organization. LeftSize Pro is licensed per organization, giving you unlimited repositories within that org.
-
What's the difference between Free and Pro?
Free includes 31 cost optimization rules for up to 3 repos. Pro adds 67 more rules covering security, governance, and deprecation alerts — for unlimited repos.
-
Do I need to give LeftSize access to my cloud?
No. LeftSize runs as a GitHub Action in YOUR workflow. Your cloud credentials never leave your environment — we never see them.
-
-
-
Can I scan multiple subscriptions or accounts?
Yes! Use GitHub Actions matrix strategy to scan multiple Azure subscriptions or AWS accounts in parallel. The onboarding page shows you how.
-
What clouds are supported?
AWS and Azure are fully supported.
-
How is this different from AWS Cost Explorer or Azure Cost Management?
Those tools show you costs. LeftSize creates actionable GitHub Issues with specific fixes your developers can implement. No dashboards to check — findings come to you.
-
-
-
Is LeftSize only for cost optimization?
No! While cost optimization is core, Pro includes security rules (public access, open ports), governance (missing tags), and deprecation alerts (outdated SKUs).
-
Do you support Azure DevOps or GitLab?
Currently LeftSize is GitHub-only. We're exploring Azure DevOps integration based on customer demand. Reach out to [email protected] to voice your interest.
-
How do I get support?
Check our documentation at support.leftsize.com for guides and troubleshooting. Pro users also get priority email support with 24-hour response time.
-
See your first finding in 5 minutes
Start finding savings in minutes. Free to get started.
No credit card required • Works with your existing GitHub workflows
Found 15 Azure VMs that have been idle for more than 14 days with average CPU utilization below 5%.
Use the commands below to learn more:
@leftsize explain@leftsize howto@leftsize scripts azure-cli