Skip to content

gebalamariusz/cloud-audit

v0.5.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 3mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

audit aws aws-audit aws-security cis-benchmarks cli
+13 more
cloud-security compliance devops security iam iac infrastructure-security open-source-security python python-cli security-scanner terraform vulnerability-scanning

Summary

AI summary

New SARIF and Markdown report formats, CI/CD config file, env vars, and quiet mode were added.

Full changelog

What's new

CI/CD Integration

  • SARIF v2.1.0 output — upload to GitHub Code Scanning with --format sarif
  • Markdown report — post as PR comment with --format markdown
  • Config file (.cloud-audit.yml) — suppressions, exclude checks, min severity
  • 4 env vars for pipelines: CLOUD_AUDIT_MIN_SEVERITY, CLOUD_AUDIT_EXCLUDE_CHECKS, CLOUD_AUDIT_ROLE_ARN, CLOUD_AUDIT_REGIONS
  • Exit codes: 0 = clean, 1 = findings detected, 2 = scan errors
  • Quiet mode (--quiet) — no output, exit code only

New CLI flags

  • --format (json, sarif, markdown, html) — output to stdout or file
  • --min-severity — filter findings by minimum severity
  • --role-arn — cross-account scanning via STS AssumeRole
  • --config — explicit path to config file
  • list-checks command — show all available checks

New checks (45 total)

  • aws-ec2-005 — EC2 termination protection disabled
  • aws-rds-004 — RDS auto minor version upgrade disabled
  • aws-vpc-004 — Unrestricted Network ACL

Improvements

  • Better error messages for invalid YAML config
  • Suppressed findings count in summary output
  • Precedence: CLI flags > env vars > config file > defaults

Stats

  • 168 tests passing
  • Python 3.10–3.13 supported

Install

pip install cloud-audit==0.5.0
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track gebalamariusz/cloud-audit

Get notified when new releases ship.

Sign up free

About gebalamariusz/cloud-audit

Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation (CLI + Terraform). 47 checks, 16 attack chain rules. First free standalone AWS security MCP server.

All releases →

Related context

Earlier breaking changes

  • v2.2.0 Category enum gains THREAT value, separating active-abuse from SECURITY misconfigurations.

Beta — feedback welcome: [email protected]