FAQ
General
What is LeftSize?
LeftSize is a cloud cost optimization tool that works like Dependabot for cloud waste. It scans your AWS and Azure infrastructure using GitHub Actions and creates GitHub Issues with actionable recommendations for reducing costs, improving security, and addressing governance gaps.
What clouds does LeftSize support?
AWS and Azure. Each cloud has dedicated rules covering cost optimization, security, governance, and deprecation alerts.
Does LeftSize modify my infrastructure?
No. LeftSize is strictly read-only. It queries resource metadata and metrics but never creates, modifies, or deletes any cloud resources. All remediation actions are manual – LeftSize provides the guidance, you decide what to act on.
How often does LeftSize scan?
By default, once per day. The schedule is set in your GitHub Actions workflow as a cron expression. You can also trigger scans manually from the Actions tab at any time.
Security and privacy
What permissions does LeftSize need?
Azure: Reader and Monitoring Reader roles on the subscription(s) you want to scan.
AWS: ReadOnlyAccess on the account(s) you want to scan (or a custom policy with equivalent read permissions).
Are my cloud credentials stored anywhere?
No. LeftSize uses OIDC (OpenID Connect) for authentication. GitHub Actions requests a short-lived token from your cloud provider for each scan run. No credentials are stored in GitHub secrets – only the OIDC configuration (client IDs, role ARNs) is stored.
What data does LeftSize collect?
The LeftSize Action submits finding metadata to the LeftSize API: resource names, types, regions, and configuration details relevant to the finding. It does not submit credential information, data contents (no S3 objects, no database rows), or anything beyond what’s needed to generate the issue.
Can I use LeftSize with private repositories?
Yes. LeftSize works with both public and private repositories. The GitHub Actions workflow runs in your repository’s runner environment.
Plans and pricing
What’s included in the Free plan?
- Up to 3 repositories
- 41 rules (22 AWS + 19 Azure) covering cost optimization, governance, and deprecation categories
@leftsizecommands on free-tier rules- GitHub Issue creation with full remediation guidance
What does Pro add?
- Unlimited repositories
- All 107 rules including security, advanced cost optimization, and Kubernetes (AKS) rules
@leftsizecommands on all rules- Usage insights and KPIs
- Priority support
How do I upgrade to Pro?
Visit the LeftSize listing on GitHub Marketplace and select the Pro plan. The change takes effect immediately.
Can I try Pro before buying?
Install LeftSize on the Free plan to see it in action. The 41 free rules cover the most common cost optimization scenarios. Upgrade to Pro when you’re ready for the full rule set.
Workflow and scanning
Can I scan multiple subscriptions or accounts?
Yes. The generated workflow uses a matrix strategy. Add environments to the matrix and create matching secrets for each:
matrix:
environment: [MAIN, PROD, DEV]
See the Azure Setup or AWS Setup guides for details.
Can I exclude specific rules?
Yes. Use the exclude-policies input in your workflow:
- name: Run LeftSize Scan
uses: leftsize/leftsize-action@v1
with:
exclude-policies: leftsize-vm-scheduled-shutdown-missing,leftsize-hybrid-benefit-missing
Can I scan only specific categories?
Yes. Use the include-policies input:
- name: Run LeftSize Scan
uses: leftsize/leftsize-action@v1
with:
include-policies: cost-optimization,security
Available categories: cost-optimization, governance, security.
Why did I get a finding for a resource I just created?
Most rules include an age filter requiring resources to exist for 14-30 days before they’re flagged. If you’re seeing findings for very new resources, the specific rule may have a shorter threshold. You can snooze the issue with @leftsize snooze 30d.
Reports
Can I generate a report of my scan results?
Yes. The LeftSize Action has a stats mode that generates reports summarizing findings, fix rates, and savings. Set mode: stats in a separate workflow to generate summary, detailed, or executive reports on demand or on a schedule. See the Reports guide.
What report types are available?
Three types: summary (compact key metrics), detailed (per-rule breakdown with savings), and executive (high-level overview for stakeholders). You can also choose the time period (7d, 30d, 90d, or all) and output format (markdown or json).
Can I use report data in other tools?
Yes. Set format: json to get structured output. The action also sets individual step outputs (fix-ratio, potential-savings, realized-savings, currency) that you can reference in downstream workflow steps for alerts, dashboards, or automation.
Issues and commands
How do I dismiss a finding I don’t care about?
Use @leftsize ignore reason="Your reason here" to permanently suppress the finding for those resources. Or use @leftsize snooze 3m to temporarily suppress it.
What happens when I fix the underlying resource?
On the next scan, if the resource no longer matches the rule criteria, it won’t appear in findings. The existing issue remains closed. If you’ve fixed some but not all resources in an issue, the next scan will update the issue with only the remaining resources.
Can I report a false positive?
Yes. Use @leftsize wrong Your explanation on the issue. This creates a suppression and sends feedback to the LeftSize team so the rule can be improved.
Do commands work on issues I create manually?
No. @leftsize commands only work on issues created by LeftSize. The system needs the metadata embedded in the issue to identify the finding and generate context-specific responses.