Optional Services

CapSign infrastructure includes several optional third-party services that enhance your workflow but aren't required for core functionality. Here's what they do and how much they cost.

๐Ÿ’ฐ Infracost - Cost Estimation

What it does:

  • Shows cost estimates for Terraform changes directly in pull requests

  • Helps prevent expensive infrastructure mistakes before deployment

  • Provides detailed cost breakdowns and monthly/annual projections

  • Tracks cost changes over time

Example output in PR:

๐Ÿ“Š Monthly cost change for capsign/infrastructure
Amount:  +$245 ($120 โ†’ $365)

+ aws_rds_instance.production
  +$180/month (db.r5.large)

+ aws_eks_node_group.workers
  +$65/month (2x m5.large)

Pricing:

  • Free tier: Up to 1,000 runs per month

  • Paid tier: $1,000/month (includes 10 users, policies, reporting)

  • Perfect for: Teams wanting to control cloud costs proactively

Setup:

  1. Free API Key: Run infracost auth login (no credit card required)

  2. Add secrets: INFRACOST_API_KEY + INFRACOST_ENABLED=true

  3. Cost estimates appear in every PR automatically

๐Ÿ›ก๏ธ FOSSA - License Compliance

What it does:

  • Scans your dependencies for license compliance issues

  • Identifies security vulnerabilities in open source packages

  • Generates Software Bill of Materials (SBOM) for regulatory compliance

  • Tracks license changes over time

Example alerts:

โš ๏ธ GPL-3.0 license detected in production dependency
โš ๏ธ High severity vulnerability in [email protected]
โœ… 284 dependencies scanned, 2 issues found

Pricing:

  • Free tier: 5 projects, 10 developers, basic scanning

  • Business tier: $20/project/month (minimum $200/month)

  • Enterprise tier: Custom pricing for large organizations

  • Perfect for: Companies needing license compliance for legal/regulatory reasons

When you need it:

  • ๐Ÿข Enterprise customers requiring license compliance

  • โš–๏ธ Legal requirements for open source tracking

  • ๐Ÿ” M&A due diligence requiring SBOM generation

  • ๐Ÿ“‹ Regulatory compliance (e.g., medical devices, aerospace)

Setup:

  1. Create account at fossa.com

  2. Add secrets: FOSSA_API_KEY + FOSSA_ENABLED=true

  3. License scanning runs automatically in CI/CD

๐ŸŽฏ Do You Need These Services?

โœ… Start with these enabled:

  • Checkov (free security scanning)

  • AWS native security (free)

  • GitHub security features (free)

๐Ÿ“ˆ Add Infracost if:

  • Your team frequently deploys expensive resources

  • You want to prevent cost surprises in production

  • FinOps/cost management is important to your organization

  • You're running multiple environments (dev/staging/prod)

๐Ÿข Add FOSSA if:

  • You're an enterprise with legal compliance requirements

  • You need to track open source license obligations

  • You're preparing for audits or M&A due diligence

  • You have customers requiring SBOM documentation

๐Ÿ’ก Skip these if:

  • You're just getting started with infrastructure

  • You're a small team without compliance requirements

  • You prefer to manage costs and licenses manually

  • Budget is a primary concern

๐Ÿ”ง How to Enable/Disable

Enable a service:

# In repository settings โ†’ Variables โ†’ Actions
INFRACOST_ENABLED=true
FOSSA_ENABLED=true

# In repository settings โ†’ Secrets โ†’ Actions
INFRACOST_API_KEY=ico-xxx...
FOSSA_API_KEY=xxx...

Disable a service:

# Set to false or remove the variable
INFRACOST_ENABLED=false
FOSSA_ENABLED=false

# Remove the API key secret (optional)

Test before enabling:

# Test Infracost locally
infracost breakdown --path .

# Test FOSSA locally
fossa analyze && fossa test

๐Ÿ†“ Free Alternatives

For Cost Management:

  • AWS Cost Explorer (free, but post-deployment)

  • Terraform plan output (basic resource counts)

  • Manual cost calculation (time-intensive)

  • AWS Pricing Calculator (manual)

For License Compliance:

  • GitHub Dependency Graph (basic vulnerability scanning)

  • Snyk (free tier available)

  • Manual license review (time-intensive)

  • SPDX tools (open source SBOM generation)

๐Ÿ“Š Cost Comparison

Service
Free Tier
Paid Tier
Annual Cost (Small Team)

Infracost

1K runs/month

$1K/month

$12,000

FOSSA

5 projects

$200+/month

$2,400+

Manual Process

$0

Engineer time

$20,000+

Note: While these services have subscription costs, they often save significantly more in prevented mistakes, compliance issues, and engineer time.

๐Ÿš€ Recommendation

For most teams starting out:

  1. โœ… Enable: Core security scanning (free)

  2. ๐Ÿ“ˆ Consider: Infracost if managing significant cloud spend

  3. ๐Ÿข Evaluate: FOSSA if you have enterprise compliance needs

You can always add these services later as your needs grow!

PreviousInstallation GuideNextSOC Compliance

Last updated

Was this helpful?