Below table provides a high level overview of various IaC capabilities and their support by a given provider.

tacos-comparison.md

Capability/Tool	terraform Cloud	terraform Enterprise	Scalr	Env0	Spacelift
Compliance	ISO 27001, SOC 2	ISO 27001, SOC 2	❓	SOC 2	ISO 27001, SOC 2
GitLab Integration	✅	✅	✅	✅	✅
Hosting	SaaS	SaaS, On-Prem	SaaS, On-Prem	SaaS	SaaS
Policy as Code	Sentinel	Sentinel	OPA	OPA	OPA
Pricing Model	Unpredictable in highers tiers	Still figuring it out	Mixed	Mixed	Per capabilities and users
Private Agents	✅	✅	✅	✅	✅
Private Module Registry	✅	✅	✅	✅	✅ - with CI/CD
RBAC	✅	✅	✔️ - hierarchical	✔️ - hierarchical	✔️ - also extensible with policies
Remote operations CLI	✅	✅	✅	✅	✅
Remote operations VCS/GitOps	✅	✅	✅	✅	✅
SLA	99.9% for highers tier	N/A	❓	❓	❓
SSO	✅ - only in high paid tiers	✅	✅ - only in high paid tiers	✅ - only in high paid tiers	✅
Secrets Management	Internal	Vault integrated	Internal	Internal, AWS, GCP, Azure	Internal, also file based
Short lived environments support	❌	❌	❌	✅	✅
State Management	✅	✅	✅	✔️ - only hidden state	✅ - also external
terraform Provider	✅	✅	✅	✅	✅
Webhooks	✅	✅	✅	✅	✅

Hi @Piotr1215,
Thanks a lot for the detailed review of all the TACOS out there, it's very helpful, I really enjoyed reading it as well.
As the CTO and co-founder of env0, I would like to make a few comments about some items in this table:

1. We do have a private module registry
2. We do have an env0 CLI for remote operations
3. SSO - we, and also Scalr, has SSO integration from the first payed tier which starts at 100$ per month (Scalr starts from 149$ per month), so I don't think it should count as a high paid tier.
4. For secret management, with the Self hosted agents we offer build in support for AWS Secret manager, GCP secret manager and Azure Key vault - You can read more here
5. Short lived environments support - I think you mistakenly put the ✅ on Spacelift instead of env0.

Hope it makes sense.
Again, I want to thank you for this table and the great TACOS blog post you've written.

🙏

Hi @omry-hay
Thank you for reaching out and reading my blog, I'm happy you liked it.
As with all the reviews, it's outdated the moment it's released ;). I have added/changed the details based on your comment.

Keep on rocking
👋

Hi @Piotr1215,

A lot of things happened at Scalr in the last 6 months! Below are a few suggestion that may help the comparison table to stay accurate and up to date for Scalr:

• Compliance: we are now SOC2 Type I compliant
• Pricing model: usage-based on SaaS, per workspace for on-prem
• RBAC: hierarchical + custom roles
• SLA: 99.9% for all paid plans
• SSO: available on all plans (including Free)
• Secrets management: [Internal, AWS, GCP, Azure] (https://docs.scalr.com/en/latest/provider_configuration.html#configuration-types)
• Short-lived environments support: it is possible to create short-lived environments using the run scheduler
• A Reporting capability could be added to the table: our runs queue feature lets you visualize the status of your Terraform runs across workspaces and has gained at lot of traction across our user base.

Thank you very much for the effort you put in this, and don't hesitate to reach out if you have any additional comments!

Disclaimer: I'm a Scalr employee

Hi @Piotr1215 ,
You should update the table, Terraform Cloud do supports OPA (It is still a beta but works)

https://www.hashicorp.com/resources/demo-enforcing-opa-policies-in-terraform-cloud