Skip to main content

General

Draftt is a proactive tech stack governance platform that discovers and tracks five types of tech debt across your infrastructure:
  1. Lifecycle Debt: Outdated software versions and deprecated dependencies
  2. Configuration Debt: Misconfigurations, policy violations, and drift from standards
  3. Ownership Debt: Orphaned resources and unclear ownership
  4. Cost Debt: Unused resources, overprovisioning, and wasted cloud spend
  5. Compliance Debt: Policy violations, audit gaps, and standard mapping failures
Instead of discovering tech debt in production or during audits, Draftt finds it proactively so you can fix it on your schedule.
CSPM tools focus primarily on security misconfigurations and compliance violations. Draftt covers configuration and compliance debt but also tracks lifecycle debt (version gaps, EOL software), cost debt (unused resources, overprovisioning), and ownership debt (orphaned resources, unclear responsibility).Many organizations use both: CSPM for immediate security threats, Draftt for comprehensive tech stack governance.
FinOps tools focus on cloud cost optimization. Draftt includes cost debt as one of five tech debt categories, but adds upgrade, configuration, ownership, and compliance debt on top. Draftt connects cost waste to broader governance context: why is this resource unused, who owns it, what’s the remediation path.
Draftt connects to your infrastructure through read-only connectors:Cloud Providers: AWS, Azure, GCPCloud Assets: Kubernetes, MongoDB Atlas, Confluent Cloud, Redis Cloud, Elastic CloudSource Control: GitHub, GitLab, Bitbucket, Azure DevOpsTicketing: Jira, ServiceNow, Azure DevOpsSecurity: Snyk, Wiz, AquaCollaboration: Slack, Microsoft Teams, EmailInternal Developer Portal: PortDraftt also pushes findings to ticketing (Jira, ServiceNow, Azure DevOps) and collaboration (Slack, Teams, Email).See Integrations for the full list.
Draftt is a SaaS platform. You connect your infrastructure via read-only credentials. No agents or self-hosting required.

Setup

Initial setup: 10-20 minutes to connect credentials and run your first scan.Full deployment: 2-4 weeks to connect all data sources, configure governance policies, integrate with your tools, and reach steady-state operations.See Getting Started for a detailed walkthrough.
No. Start with one cloud account or one source control provider and expand from there. Most organizations reach full coverage within 4-8 weeks of phased rollout.
Draftt uses read-only credentials to scan your infrastructure. For cloud providers, this means an IAM role with read-only permissions. For source control, a personal access token or app installation with read access. Draftt never modifies any resources or data.See each connector’s setup page for exact permissions required.
Draftt takes data security seriously:
  • Read-only access: Draftt can only read, never modify your infrastructure
  • Encryption: Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Tenant isolation: Each customer’s data is logically isolated
  • AI data privacy: Draftt never trains models on your data or behavior
  • SOC 2 Type II, ISO 27001, GDPR compliant

Governance

Policies define standards for your infrastructure. Draftt ships two types:Lifecycle policies (system-managed) track version currency, end-of-life dates, certificate expiration, and Kubernetes compatibility. These are configured by Draftt and cannot be edited.Governance policies (custom) let you define your own standards using filter-based rules. You set the statuses, the conditions, and the scope. Resources are evaluated on every scan cycle and assigned a status based on your rules.See Governance Policies for the full guide.
Draftt does not make changes to your infrastructure directly. It identifies, classifies, and routes tech debt findings. Remediation flows through your existing tools and processes: ticketing systems and collaboration channels.
Draftt pushes findings to Jira, ServiceNow, and Azure DevOps. Findings are created with context (what was found, which policy triggered it, which resource is affected) so your teams can act without switching tools.See Integrations for setup details.

Security

Draftt connects via read-only API credentials. For AWS, this is a cross-account IAM role with read-only permissions. For Azure, a Reader role on your subscriptions. For GCP, a Viewer role on your projects.Draftt stores metadata about resources (name, type, version, tags, relationships). Sensitive data like passwords and secrets is never stored.
Yes. Draftt is SOC 2 Type II certified. Audit reports are available upon request.
Yes. Draftt processes data in accordance with GDPR requirements. Data processing agreements are available for enterprise customers.Contact support@draftt.io for detailed compliance information.

Implementation

Phase 1 (Discovery): 1-2 weeks to connect infrastructure and run first scans.Phase 2 (Visibility): 1-2 weeks to review findings, assign ownership, and prioritize.Phase 3 (Governance): 2-4 weeks to define policies, integrate with ticketing, and establish operations.
Start with Draftt’s four built-in system policies (End of Life, Latest, Certificate Expiration, Kubernetes Compatibility). These give you immediate visibility into version and lifecycle debt.Then create 2-3 custom governance policies targeting your highest-risk areas: tagging compliance, configuration standards, or resource-specific rules.See Governance Policies for configuration details.
Quick version:
  • Start with one team (pilot)
  • Expand to adjacent teams
  • Standardize policies as you grow
  • Build champion network
  • Make it part of normal work (not a special initiative)
Most organizations scale from 1 team to org-wide over 4-6 months.

Still Have Questions?