gebalamariusz/cloud-audit

v1.1.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 2mo Vulnerability Scanning

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

audit aws aws-audit aws-security cis-benchmarks cli

+13 more

cloud-security compliance devops security iam iac infrastructure-security open-source-security python python-cli security-scanner terraform vulnerability-scanning

Summary

AI summary

Added CIS AWS v3.0 compliance engine with 80 automated checks and HTML auditor-ready reports.

Full changelog

CIS AWS Foundations Benchmark v3.0.0 Compliance Engine

cloud-audit now maps 62 CIS AWS v3.0 controls (55 fully automated) with per-control evidence templates, readiness scoring, and remediation guidance.

Highlights

80 checks (was 47) - 33 new checks for CIS v3.0 automated coverage
CIS compliance engine - cloud-audit scan --compliance cis_aws_v3 with readiness scoring
Compliance HTML report - auditor-ready, per-control PASS/FAIL with evidence statements and Terraform + CLI remediation
20 attack chain rules (was 16) - 4 new CIS-specific chains mapped to CIS controls
Documentation site - 25 pages at haitmg.pl/cloud-audit

New CLI Commands

cloud-audit scan --compliance cis_aws_v3                    # Terminal compliance output
cloud-audit scan --compliance cis_aws_v3 --format html -o report.html  # Auditor-ready report
cloud-audit list-frameworks                                  # Available frameworks
cloud-audit show-framework cis_aws_v3                       # View control mappings

What's Different from Prowler

Prowler has --compliance with 576 checks but provides remediation guidance only for CIS. cloud-audit provides per-control Terraform + CLI remediation for every framework. This is the only open-source scanner that generates auditor-ready evidence with IaC fix code per compliance control.

Coming Next

SOC 2, BSI C5, ISO 27001, HIPAA, NIS2 compliance frameworks.

Full changelog: CHANGELOG.md

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track gebalamariusz/cloud-audit

Get notified when new releases ship.

About gebalamariusz/cloud-audit

Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation (CLI + Terraform). 47 checks, 16 attack chain rules. First free standalone AWS security MCP server.

All releases →

Related context

Related tools

Earlier breaking changes

v2.2.0 Category enum gains THREAT value, separating active-abuse from SECURITY misconfigurations.