Cloud Inventory
Cloud Inventory is your starting point in SGCode. It displays all resources discovered across your connected cloud accounts and lets you take action on them.
To open the Cloud Inventory:
- Select SGCode on the sidebar
- Select Cloud Inventory from the sidebar or the menu
Cloud Inventory
The top of the page shows three key metrics:
- Total Resources — the total number of resources discovered across your connected cloud accounts. Select View Cloud Providers to manage your connections.
- Infra Projects — the number of infrastructure-as-code projects generated from your cloud resources. Select View All to see them.
- IaC Coverage — the percentage of your resources managed as code. Select View State Backends to manage your state backends.
Use the Options dropdown in the table toolbar to:
- Select Dependencies — analyze your selection and automatically add connected resources. SGCode opens a Dependencies Found modal showing the detected dependencies and a progress indicator while analyzing.
- Configure Module — configure a module for your selection
Options dropdown
Resource list
The resources list shows every resource found across your connected cloud accounts.
Resource list
The table displays each resource's name, account ID, resource type, when it was last scanned, its resource status, and its linked state backend.
Resource status values:
- Unmanaged — the resource has no associated IaC code
- Externally Managed — the resource has code managed outside StackGuardian
- SG Managed — the resource is managed by StackGuardian
- SG Drifted — the resource is managed by StackGuardian but has drifted from its expected state
- Ignored — the resource has been excluded from codification
- Deleted — the resource no longer exists in the cloud account
- Orphaned — the resource has no associated cloud connection
Use the Search resources by name field to find a specific resource. Use the Filters button to filter results by resource type, account, or other attributes.
To group resources, use the Group by dropdown next to the search field. Available groupings are: No Group, Group by Resource Type, Group by Cloud Provider, Group by Region, Group by Account, and Group by Tag. When grouping by tag, resources are grouped by tag key only. To filter by a specific tag value, use the Filters panel instead.
Group by dropdown
Resource Details
To view the details of a specific resource, select its name in the table. The Resource Details modal opens with three tabs:
Overview
Shows the resource's key attributes: Resource Name, Resource ID, Account ID, Integrations, Region, Tags, Resource Status, Resource Type, Service, Scanned At, State Backend, and IaC Source.
Resource Details
Attributes
Shows the raw JSON attributes for the resource as discovered from your cloud account. Select Copy JSON to copy the full attribute payload.
Resource Attributes
Dependencies
Shows a visual dependency graph of resources connected to the selected resource. If dependencies are found, a message indicates how many were detected and an + Add [n] Dependency button lets you add them directly to your selection.
Resource Dependencies
Select Codify at the bottom of the modal to add the resource to your selection and proceed to code generation.
Select resources to codify
In the Resource Discovered tab, select one or more resources from the table using the checkboxes. The row highlights in blue when selected.
Select resources to codify
When you select resources, a bottom bar appears showing:
- Import Summary and the number of resources selected
- View Details — review your full selection before proceeding
- A projected Coverage Gain percentage showing how much your IaC coverage will increase
- Codify for — the button to start code generation. Use the dropdown next to it to choose between Terraform and OpenTofu.
You can add dependencies for a single resource inline by selecting + Dependencies in its Actions column, or by opening the resource's Dependencies tab in the Resource Details modal.
Configure Module
Before selecting resources to codify, you can optionally import a module. Importing a module creates a new grouping filter for your discovered resources based on the selected template. This helps you organise and manage resources that match specific infrastructure patterns.
To import a module, select Import Module from the Options dropdown.
Expand Imported Modules and select a source type:
-
Git Repository
Connect to an existing Git repository that contains your Terraform module.
Complete the following fields:
- Version Control— select your version control connector
- Repository— enter the repository URL
- Branch, Tag or Commit — specify the branch, tag, or commit (for example,
main,v1.0,0c708f) - Working Dir — specify the directory containing the module (for example,
/,infra,modules/vm) - Git Sparse Checkout Config — optional sparse checkout configuration
- Enable git core.autocrlf — optional checkbox for line ending handling
Select Analyze to validate and import the module.
-
Templates
Select this option to import a module from StackGuardian's template library.
Code generation
After selecting Codify for, SGCode creates a new project and opens the Code Workbench. The platform generates Terraform or OpenTofu code for your selected resources — this typically takes a few minutes.
During generation, a progress bar shows the current status. SGCode runs an internal validation cycle: it generates the code, runs a plan to check for errors, and if errors are found, regenerates the code automatically before delivering the final result. If the validation finds no errors, the progress bar moves quickly to completion. If errors are found and a fix is attempted, the progress bar moves more slowly toward the end.
Code generation
You can navigate away from this page while generation runs. To return to a session, open the Infra Projects tab, find your project, and select Go to Code Workbench from the Actions menu.
Each project is assigned an auto-generated name (for example, clean-blue). To rename it, select the pencil icon next to the name.
Code Workbench
When generation is complete, the Code Workbench displays the generated files in a file tree on the left and a code editor on the right.
Code Workbench
The header shows the project name, last modified time, and the current PR status — for example, No PR Created yet or TL OPEN View PR#116.
The file tree may include files such as main.tf, variables.tf, outputs.tf, providers.tf, versions.tf, terraform.tfvars, and imports.sh, depending on the resources you selected.
Review the generated code carefully before proceeding. AI-generated code should always be validated before deployment.
Editing the code
You can edit the code directly in the editor. Use Cmd+S (or select Save) to save your changes. An asterisk on a file tab indicates unsaved changes. Use the undo and redo buttons in the toolbar to manage edits.
Right-clicking a file or folder in the file tree gives you additional options: Rename, New File, New Folder, Copy Path, and Delete File.
Editing the code
Issues and plan logs
The bottom panel contains two tabs:
- Issues — shows errors detected in the generated code, each with a file reference and a description. If issues are present, a Fix Issues ([n]) button appears. Select it to let SGCode attempt an automatic fix.
- Plan Logs — shows the output of the most recent Terraform plan run.
Issues tab
Reviewing fixes with diff view
When you select Fix Issues, SGCode attempts to resolve the detected errors and opens a diff view showing the original code on the left and the proposed changes on the right. A file counter shows how many files were affected (for example, FILE 1 OF 1).
Reviewing fixes with diff view
Review the proposed changes and select:
- Accept Changes — apply the fix to the file
- Decline Changes — discard the fix and keep the original code
Create a pull request
Before running a plan, you need to create a pull request. Select Create PR in the bottom bar of the Code Workbench.
Create a pull request
Complete the following fields:
- Version Control — select your version control connector. Select Add new VCS Connector if you haven't connected one yet.
- Repository— search for and select the target repository
- Target branch — the branch to merge into. Usually
main. - Source branch — the branch containing your generated changes. If left empty, SGCode creates a new branch automatically.
- Working Dir — the directory in the repository where your code resides
Once the pull request is created, the header updates to show the PR status and number — for example, TL OPEN View PR#116. The Create PR button in the bottom bar is replaced by Push Changes.
Pull request management — including merging and closing — happens in GitHub or GitLab. SGCode does not merge pull requests.
Run a plan
Running a plan compares your generated code against the live state of your cloud resources. It shows any differences — resources to add, change, or destroy — without making any actual changes.
Select Import & Plan in the bottom bar to run a plan against your pull request branch.
Run a plan
Complete the following fields:
- Workflow Name— defaults to the project name
- Existing Workflow Groups / Workflow Group Name— select or specify the workflow group
- Connector— select a connected cloud provider connector
Select Confirm to start the plan. Plan logs appear in the Plan Logs tab in the bottom panel as the run progresses.
Select Run Details in the toolbar to open the full run log with Plan, Logs, and Errors tabs.
Plan completed
When the plan finishes, the results appear in the Plan Logs tab. If the plan shows changes (for example, 3 to Change), it means the generated code differs from what's currently deployed in your cloud account.
Select Resolve Diffs to let SGCode attempt to reconcile the differences automatically. The diff view opens showing the proposed changes. Review and select Accept Changes or Decline Changes, then run the plan again to verify.
Repeat until the plan shows 0 to Add, 0 to Change, 0 to Destroy — or until you're satisfied with the changes.
Push changes
If you make further edits to the code after creating a pull request, select Push Changes in the bottom bar to commit the latest changes to the open pull request.
Only one active pull request per project is supported at a time. To create a new pull request, close or merge the existing one in GitHub or GitLab first.
IaC coverage
IaC coverage is the percentage of your discovered cloud resources managed as code. SGCode displays this metric at the top of the Cloud Inventory page and updates it as you codify more resources.
When coverage is low, a risk indicator appears — for example, High Risk: Codify Resources — to guide you toward the next action.
When you select resources to codify, the bottom bar shows a projected Coverage Gain so you can see the impact before you start generation.