FinOps in 5 minutes not 5 months

Cloud cost, security, and governance issues delivered where developers already work — as GitHub Issues with clear, actionable fixes.

Like Dependabot, but for cloud optimization.

15 idle VMs detected — save $2,100/month #142

cost azure vm leftsize[bot] opened this issue 2 hours ago
LeftSize
leftsize[bot] commented 2 hours ago

Found 15 Azure VMs that have been idle for more than 14 days with average CPU utilization below 5%.

Use the commands below to learn more:

@leftsize explain @leftsize howto @leftsize scripts azure-cli
|
Get Started with GitHub

Free tier available • No credit card required

Comprehensive cloud optimization

More than just FinOps — detect cost, governance, and security issues across AWS and Azure in one place.

Cost Optimization

Stop paying for what you're not using

Detect idle VMs, unattached disks, orphaned resources, and missing savings plans. Identify waste before it becomes expensive.

  • Idle VMs (14+ days low CPU)
  • Unattached disks and public IPs
  • Missing Azure Hybrid Benefit
  • Oversized or underutilized databases

Governance

Know who owns what

Enforce tagging policies, track ownership, and catch configuration drift. Keep your cloud organized and accountable.

  • Missing owner/cost-center tags
  • Storage accounts without HTTPS
  • Unencrypted managed disks
  • Non-compliant AKS configurations

Security

Catch risks before they become incidents

Find open security groups, public blob access, and exposed endpoints before they become incidents.

  • Overly permissive NSG rules
  • Public blob container access
  • Open security groups (0.0.0.0/0)
  • Unencrypted storage accounts

Deprecations

Stay ahead of breaking changes

Get notified about deprecated VM SKUs, runtime versions, and services before they impact your workloads.

  • Deprecated VM SKUs (NVv4 series)
  • Functions runtime deprecations
  • Outdated App Service plans
  • End-of-life Kubernetes versions

95+ policies across AWS and Azure, expanding weekly — covering compute, storage, Kubernetes, networking, databases, and deprecations.

Cloud optimization shouldn't require a dedicated team

Most FinOps tools fail because they live outside your development workflow

For Developers

  • Out-of-band emails feel punitive and interrupt workflow
  • Dashboards require context-switching
  • Unsure what's safe to change

For Platform / FinOps Teams

  • FinOps dashboards are ignored by developers
  • Security and governance reviews happen too late
  • Credential-based SaaS scanners create trust barriers

LeftSize fixes this by operating securely within your own pipelines — surfacing issues as GitHub Issues, not in yet another dashboard.

How it works

Three simple steps to start detecting cost, governance, and security issues

1

Install the GitHub App

Select which repositories to scan. No infrastructure installation required.

2

Add a workflow file

Runs LeftSize scan with your credentials (kept in GitHub Actions). Supports AWS and Azure.

3

Receive actionable GitHub Issues

Cost, governance, and security findings appear automatically in your repo with clear explanations.

Your credentials stay in your control

No credentials leave your GitHub Actions environment.

No agents or external cloud access required

Built on OIDC and short-lived tokens for AWS & Azure.

Loved by teams worldwide.

Here's what developers and platform engineers are saying about LeftSize.

    • We don't have a FinOps team. Now we don't need one.

      Platform Engineer
      15-person SaaS startup

    • Azure Advisor recommendations used to sit in a spreadsheet. Now they're GitHub Issues that actually get closed.

      Engineering Lead
      DevOps consultancy

    • Finally, something developers use without being told to.

      CTO
      Early-stage startup

Secure by default

Your credentials stay under your control — LeftSize never stores or accesses them

GitHub Actions

Under your control

Your Cloud

Secure readonly OIDC

LeftSize

Metadata only

Only findings metadata (IDs, cost data) sent to LeftSize — no credentials, no full resource data

Scans run inside your GitHub Actions

Using your own cloud credentials via OIDC or GitHub secrets.

No credential storage

LeftSize never receives, stores, or has access to your cloud credentials.

No external service installation

No agents, no external cloud access required. Just a GitHub workflow.

Built on OIDC and short-lived tokens

Supports AWS and Azure best practices for credential management.

Only lightweight metadata shared

Resource IDs, cost data, and configuration metadata — not full resource data.

Full audit visibility

You control what data leaves your environment via GitHub Actions logs.

Developer experience

See how LeftSize works in practice — with interactive commands and context-aware guidance

cost

Idle Dev VMs

Issue: "15 VMs idle for 14+ days — potential savings identified"

Commands: @leftsize explain, @leftsize howto

Result: Clear guidance for safe cleanup

governance

Missing Tags

Issue: "200 resources without owner tags"

Commands: @leftsize scripts azure-cli

Result: Bulk tagging script with audit trail

security

Open Security Groups

Issue: "NSG allows 0.0.0.0/0 on SSH/RDP ports"

Commands: @leftsize explain, @leftsize howto

Result: Step-by-step security remediation

deprecation

Retiring VM SKUs

Issue: "NVv4 series VMs retiring Sept 2025"

Commands: @leftsize explain

Result: Migration path with timeline

cost

Missing Hybrid Benefit

Issue: "SQL Server VMs without Hybrid Benefit"

Commands: @leftsize scripts azure-cli

Result: Script to enable benefit

kubernetes

AKS Without Autoscaling

Issue: "AKS clusters without node autoscaler"

Commands: @leftsize howto

Result: Autoscaler configuration guide

Simple workflow setup 

# .github/workflows/leftsize.yml
name: LeftSize Cost Optimization Scan

on:
  schedule:
    - cron: '0 9 * * *'  # Daily at 9 AM
  workflow_dispatch:      # Manual trigger

permissions:
  id-token: write         # For Azure/AWS OIDC
  contents: read

jobs:
  leftsize-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Azure Login (OIDC)
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      - name: Run LeftSize Scan
        uses: leftsize/leftsize-action@v1
        with:
          cloud-provider: azure

Your credentials stay in GitHub — LeftSize never sees them

Why teams choose LeftSize

Shift cloud optimization left — where developers already work

Zero Credential Storage

Runs in your GitHub Actions — we never see or store your cloud credentials

65+
policies

Comprehensive Coverage

Cost, governance, security, and deprecation checks across AWS and Azure

GitHub Native

Issues created where you already work — no new dashboard to check

<5
minutes

Quick Setup

Install the GitHub App, configure your workflow, and start scanning

Built for platform engineers who care about developer experience

Instead of drowning developers in FinOps dashboards, LeftSize brings actionable recommendations to pull requests and issues — complete with @leftsize explain and @leftsize howto commands for context-aware guidance.

Simple pricing, for everyone

Start free with essential cost optimization. Upgrade to Pro for comprehensive coverage across security, governance, and deprecation alerts.

Free

Perfect for trying out LeftSize on a small project.

$0

  • Up to 3 repositories
  • 31 cost optimization rules
  • 19 AWS + 12 Azure policies
  • GitHub Issue creation
  • @leftsize commands
Get started free
Most Popular

Pro

For teams serious about cloud optimization and security.

$29 /month

  • Unlimited repositories
  • 98 rules across all categories
  • Cost optimization (advanced)
  • Security & compliance rules
  • Governance & tagging policies
  • Deprecation alerts
  • Usage insights & KPIs dashboard
  • Priority support
Upgrade to Pro

Compare plans

Feature Free Pro
Repositories 3 Unlimited
Total rules 31 98
Cost optimization
Security rules
Governance & tagging
Deprecation alerts
@leftsize commands
Usage insights & KPIs
Priority support

Frequently asked questions

Can't find what you're looking for? Reach out to our team at [email protected].

    • What is a 'team' in LeftSize pricing?

      A team is your GitHub organization. LeftSize Pro is licensed per organization, giving you unlimited repositories within that org.

    • What's the difference between Free and Pro?

      Free includes 31 cost optimization rules for up to 3 repos. Pro adds 67 more rules covering security, governance, and deprecation alerts — for unlimited repos.

    • Do I need to give LeftSize access to my cloud?

      No. LeftSize runs as a GitHub Action in YOUR workflow. Your cloud credentials never leave your environment — we never see them.

    • Can I scan multiple subscriptions or accounts?

      Yes! Use GitHub Actions matrix strategy to scan multiple Azure subscriptions or AWS accounts in parallel. The onboarding page shows you how.

    • What clouds are supported?

      AWS and Azure are fully supported.

    • How is this different from AWS Cost Explorer or Azure Cost Management?

      Those tools show you costs. LeftSize creates actionable GitHub Issues with specific fixes your developers can implement. No dashboards to check — findings come to you.

    • Is LeftSize only for cost optimization?

      No! While cost optimization is core, Pro includes security rules (public access, open ports), governance (missing tags), and deprecation alerts (outdated SKUs).

    • Do you support Azure DevOps or GitLab?

      Currently LeftSize is GitHub-only. We're exploring Azure DevOps integration based on customer demand. Reach out to [email protected] to voice your interest.

    • How do I get support?

      Free users can open GitHub issues on our repo. Pro users get priority email support with 24-hour response time.

Ready to optimize your cloud?

Start finding cloud waste, governance gaps, and security risks in minutes. Free to get started.

Get Started with GitHub

No credit card required • Works with your existing GitHub workflows