Building in public · Forge v0.1

Your team's infrastructure
on autopilot

Shipping a product today means stitching together Terraform, Helm, Vault, CI YAML, scanners, signers — a different tool for every step. Simple Container replaces the stack with one file and one CLI that ships to AWS, GCP, or Kubernetes — securely, reproducibly, with a paper trail on every release.

Get Started on GitHub Try Forge →

sc · release my-api · staging

$ sc release create -s my-api -e staging

─ Build ─────────────────────

✓ Image built (ghcr.io/me/api:2026.05.21)

─ Scan ──────────────────────

✓ grype + trivy (0 critical, 2 medium)

─ Sign ──────────────────────

✓ cosign keyless (Fulcio OIDC)

─ SBOM ──────────────────────

✓ CycloneDX (412 packages)

─ Provenance ────────────────

✓ SLSA Build L3 attestation

─ Deploy ────────────────────

✓ Lambda (api.my-org.com · 412 ms cold)

✓ DNS + ACM cert attached

→ shipped in 1m 47s · receipts attached▊

Infrastructure as one file, not ten tools.

Stop juggling Terraform, Helm, Pulumi, CloudFormation, Snyk, Sigstore, Vault, and CI YAML. Simple Container is one CLI that does all of that — and gets out of your way when it doesn't fit.

Parent stack

One YAML to deploy them all

`server.yaml` describes shared infrastructure (DB, queue, secrets, registrars). `client.yaml` describes a service that uses it. Children compose into parents.

See how it works →

AI-era secrets

Secrets safe from AI agents

`sc secrets` encrypts with your SSH key (RSA or Ed25519). Ciphertext-at-rest in git. Claude Code, Cursor, Devin all see encrypted blobs — never values. Decrypt only at the deploy boundary.

Why this matters now →

Supply chain

Receipts on every deploy

`sc release` runs build → scan → sign → SBOM → provenance → deploy. Cosign signatures, CycloneDX SBOMs, SLSA Build L3 — all attestable with one `gh attestation verify`.

See the pipeline →

Multi-cloud

AWS, GCP, or your k8s

Lambda, Fargate, Cloud Run, GKE Autopilot, self-hosted Kubernetes. Same `client.yaml`, swap the template. MongoDB Atlas + Cloudflare as cross-cloud primitives.

See the matrix →

AI assistant

`sc assistant dev/devops`

Scaffolds Dockerfile + docker-compose.yaml + client.yaml from your repo. MCP server lets Claude Code, Cursor, and Forge drive SC programmatically.

See the assistant →

⭐

Flagship

Forge — built on SC

Our AI workflow engine. 7 child stacks, one parent. Lambda for reasoning, Fargate for runtime workers, S3 for static. Eats our own dog food, top to bottom.

Try Forge →

⭐ Flagship product

Built on Simple Container: Forge.

Forge is a workflow engine for AI agent teams — describe a team in plain English, Forge runs it. It uses SC as the substrate: encrypted secrets that don't leak through agents, AWS Lambda for reasoning, Fargate for long-running runtimes, S3 + ACM + Cloudflare for the front door. All described in one parent stack and a handful of child services. We built Forge on SC because we eat our own cooking; it's also why we trust SC to ship your infrastructure.

Try Forge → How we built Forge on SC

Trusted in production

Design-partner businesses across AI infrastructure, fintech, and marketing tooling rely on SC for their day-to-day deploys. Names available under NDA. We started as a DevOps consulting practice in 2020 — same playbook, productized.

5 years building infra automation · 100+ consulting engagements · Open-source on GitHub

Your team's infrastructureon autopilot