Skip to content

gebalamariusz/cloud-audit

v0.3.0 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 3mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

audit aws aws-audit aws-security cis-benchmarks cli
+13 more
cloud-security compliance devops security iam iac infrastructure-security open-source-security python python-cli security-scanner terraform vulnerability-scanning

Affected surfaces

auth rbac breaking_upgrade

Summary

AI summary

Added 10 new AWS visibility and detection checks, expanding curated checks from 17 to 27.

Full changelog

What's New

10 new checks for AWS visibility & detection services, bringing the total to 27 curated checks.

New Checks

| Service | Check | ID | Severity |
|---------|-------|----|----------|
| CloudTrail | Multi-region trail enabled | aws-ct-001 | Critical/High |
| CloudTrail | Log file validation | aws-ct-002 | High |
| CloudTrail | S3 bucket public access | aws-ct-003 | Critical |
| GuardDuty | Detector enabled | aws-gd-001 | High |
| GuardDuty | Unresolved findings >30d | aws-gd-002 | Medium |
| AWS Config | Configuration recorder enabled | aws-cfg-001 | Medium |
| AWS Config | Recorder actively recording | aws-cfg-002 | High |
| KMS | Key rotation enabled | aws-kms-001 | Medium |
| KMS | Wildcard key policy | aws-kms-002 | High |
| CloudWatch | Root account usage alarm | aws-cw-001 | High |

Other Changes

  • CIS Benchmark coverage expanded from 10 to 14 controls (added CIS 3.1, 3.2, 3.3, 3.6, 4.3)
  • 21 new moto tests (66 total, all passing)
  • HTML report screenshot added to README
  • Downloads badge removed (will return when there's traffic)

Install / Upgrade

pip install cloud-audit==0.3.0

Full Changelog: https://github.com/gebalamariusz/cloud-audit/compare/v0.2.0...v0.3.0

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track gebalamariusz/cloud-audit

Get notified when new releases ship.

Sign up free

About gebalamariusz/cloud-audit

Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation (CLI + Terraform). 47 checks, 16 attack chain rules. First free standalone AWS security MCP server.

All releases →

Related context

Earlier breaking changes

  • v2.2.0 Category enum gains THREAT value, separating active-abuse from SECURITY misconfigurations.

Beta — feedback welcome: [email protected]