This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+13 more
Summary
AI summaryFindings now include actionable remediation details with CLI commands, Terraform snippets, effort estimates, and CIS Benchmark mapping.
Full changelog
What's New
Every finding now includes actionable remediation details:
- Copy-paste AWS CLI commands with real resource IDs
- Terraform HCL snippets for infrastructure-as-code fixes
- AWS documentation links for each finding
- Effort estimates (LOW / MEDIUM / HIGH)
- CIS AWS Foundations Benchmark mapping (10 controls)
New CLI Flags
--remediation/-R— show fix details after scan summary--export-fixes <path>— export all CLI commands as a dry-run bash script
HTML Report
- Expandable "How to fix" panels per finding
- Copy-to-clipboard for CLI and Terraform commands
- CIS Benchmark coverage section
- Compliance reference badges on findings
Testing
- 45 moto-based tests covering all 17 checks
- ruff + mypy clean
Install / Upgrade
pip install --upgrade cloud-audit
Full Changelog: https://github.com/gebalamariusz/cloud-audit/compare/v0.1.0...v0.2.0
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About gebalamariusz/cloud-audit
Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation (CLI + Terraform). 47 checks, 16 attack chain rules. First free standalone AWS security MCP server.
Related context
Related tools
Earlier breaking changes
- v2.2.0 Category enum gains THREAT value, separating active-abuse from SECURITY misconfigurations.
Beta — feedback welcome: [email protected]