Policy-as-code CI/CD platform for IaC with Spacelift Intelligence (launched March 2026). Runs Terraform, OpenTofu, Pulumi, Ansible, and CloudFormation with OPA guardrails, drift detection, and a private module registry. AI features surface plan summaries, policy violations, and remediation paths inside run context — not a side chatbot. Purpose-built for platform teams needing auditability and multi-stack support.
Spacelift is a CI/CD platform designed specifically for Infrastructure as Code. It runs Terraform, OpenTofu, Pulumi, Ansible, and CloudFormation under a unified pipeline model — plan on VCS event, policy evaluation, apply on approval — with a shared audit trail across all runtimes.
Policy is implemented via Open Policy Agent (OPA): Rego policies evaluate the full plan JSON before apply, enabling rules based on resource type, tag presence, estimated cost, or any attribute in the plan output. Spacelift Intelligence (March 2026) is an AI layer embedded in the run context that reads logs, state, and plan output to explain failures and propose remediation in natural language.
Stacks are the unit of management, each mapping to one IaC root module with its own state, variables, and run history. Drift detection periodically reconciles live cloud state against the last applied state per stack. Worker pools allow self-hosted compute for air-gapped or VPC-isolated environments. Free tier covers individual use; enterprise pricing is via sales.
Key Features
IaC-agnostic CI/CD: runs Terraform, OpenTofu, Pulumi, Ansible, and CloudFormation under a unified pipeline model with shared policy enforcement, drift detection, and audit trail across all IaC runtimes
OPA policy-as-code plan guardrails: policies evaluate the full Terraform plan JSON before apply — block, warn, or require approval based on resource type, tag presence, estimated cost, or any plan attribute
Spacelift Intelligence AI (March 2026): reads run logs, resource state, and plan output to explain failures, surface likely causes, and answer natural language questions about the infrastructure change in context
Drift detection and reconciliation: periodically compares live cloud state against the last applied state per stack; surfaces divergence and can trigger a corrective apply or alert depending on stack policy
Private module registry: versioned internal module library with semantic versioning, per-module access controls, and usage tracking — teams consume approved modules without access to the underlying source
Self-hosted worker pools: deploy Spacelift workers inside your VPC or air-gapped environment for compliance requirements; workers register outbound-only with no inbound firewall rules required
Integrations
14 total
scm
GitHubGitLabBitbucket
ci / cd
TerraformOpenTofuPulumi
security
OPA
cloud
AWSGCPAzure
orchestration
Kubernetes
monitoring
Datadog
incident
PagerDuty
messaging
Slack
Pricing
3 tiers
Free
Free
Free tier: 2 users, 1 API key, full IaC support, SSO with OIDC, cloud cost estimation
