This release includes 1 breaking change for platform teams planning a safe upgrade.
Published 2mo
Vulnerability Scanning
✓ No known CVEs patched
✓ No known CVEs patched in this version
Topics
audit
aws
aws-audit
aws-security
cis-benchmarks
cli
+13 more
cloud-security
compliance
devops
security
iam
iac
infrastructure-security
open-source-security
python
python-cli
security-scanner
terraform
vulnerability-scanning
Summary
AI summaryRemoved SEVERITY_SCORE from models.
Full changelog
What's changed
README overhaul (HN-ready)
- Factual tone, no speed claims or marketing superlatives
- Neutral "Alternatives" section replaces comparison table
- New "Try it without AWS account" section (
cloud-audit demo) - New "Who is this for" section
- Full check list in collapsible
<details> - Fix CIS control count: 15 -> 16
Check improvements
- VPC: detect IPv6
::/0in open security groups - S3: cache
list_bucketsacross checks (fewer API calls), sanitize Terraform resource names - RDS: add
--regionto all CLI remediation commands - CLI: fix double env var evaluation, case-insensitive category filter
Other
- Updated demo GIF (45 checks)
- Added ROADMAP.md
- Removed unused
SEVERITY_SCOREfrom models - 173 tests passing
Breaking Changes
- Removed unused `SEVERITY_SCORE` from models.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About gebalamariusz/cloud-audit
Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation (CLI + Terraform). 47 checks, 16 attack chain rules. First free standalone AWS security MCP server.
Related context
Related tools
Earlier breaking changes
- v2.2.0 Category enum gains THREAT value, separating active-abuse from SECURITY misconfigurations.
Beta — feedback welcome: [email protected]