gebalamariusz/cloud-audit

v0.8.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 2mo Vulnerability Scanning

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

audit aws aws-audit aws-security cis-benchmarks cli

+13 more

cloud-security compliance devops security iam iac infrastructure-security open-source-security python python-cli security-scanner terraform vulnerability-scanning

Summary

AI summary

cloud-audit diff command adds scan comparison with terminal, markdown, and JSON output.

Full changelog

What's new

cloud-audit diff — compare two scans, see what changed.

The only open-source AWS security CLI with built-in scan comparison. Run daily scans, compare them, catch ClickOps drift and regressions that IaC scanning can't see.

cloud-audit diff yesterday.json today.json

Shows new findings, fixed findings, severity changes, and unchanged issues. Exit code 1 on regression — plug it into a cron job.

Diff features

Terminal (Rich), markdown (--format markdown), JSON (--format json) output
Exit code 0 = stable, 1 = new findings detected, 2 = error
Scope warnings when comparing scans from different regions or accounts
Format auto-detection from --output file extension
Rich markup escaping for safe terminal output
File size validation (50 MB max) and input safety checks

CI/CD examples

daily-scan-with-diff.yml — scheduled daily scan with cache-based baseline
post-deploy-scan.yml — scan before and after terraform apply

Also in this release

SARIF spec compliance fixes (physicalLocation, help.markdown, semanticVersion)
S3 encryption check pivoted: SSE-S3 now LOW (AWS auto-encrypts since Jan 2023)
Markdown/HTML report improvements (escaping, accessibility, duration formatting)
Ruff rules expanded (RUF, PIE, RET)
213 tests passing

Full Changelog: https://github.com/gebalamariusz/cloud-audit/compare/v0.7.0...v0.8.0

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track gebalamariusz/cloud-audit

Get notified when new releases ship.

About gebalamariusz/cloud-audit

Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation (CLI + Terraform). 47 checks, 16 attack chain rules. First free standalone AWS security MCP server.

All releases →

Related context

Related tools

Earlier breaking changes

v2.2.0 Category enum gains THREAT value, separating active-abuse from SECURITY misconfigurations.