Skip to content

gebalamariusz/cloud-audit

v1.2.1 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 2mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

audit aws aws-audit aws-security cis-benchmarks cli
+13 more
cloud-security compliance devops security iam iac infrastructure-security open-source-security python python-cli security-scanner terraform vulnerability-scanning

Summary

AI summary

Attack chains now render as interactive SVG graphs with visual enhancements.

Full changelog

Attack Chain Visualization

Attack chains in the HTML report now render as interactive SVG graphs showing the attack path from entry point to impact.

What's new

  • Visual attack path graphs - each attack chain displays as a node-and-edge diagram with color-coded resource types (blue=compute, purple=IAM, cyan=network, green=storage, red=entry/impact)
  • Animated dashed edges showing attack flow direction
  • Glow effects on entry point and impact nodes
  • Edge labels describing relationships ("assumes role", "allows SSH", "IMDS creds")
  • Label truncation for long resource IDs
  • Print-friendly rendering (animations disabled, white background)
  • VizStep model with Pydantic Literal type validation
  • 3 new tests for visualization data integrity

Includes v1.2.0 (SOC 2 Type II)

  • SOC 2 Type II compliance framework (43 criteria, 24 automated)
  • --compliance soc2_type2 CLI flag
  • SOC 2 documentation

Full changelog

See CHANGELOG.md

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track gebalamariusz/cloud-audit

Get notified when new releases ship.

Sign up free

About gebalamariusz/cloud-audit

Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation (CLI + Terraform). 47 checks, 16 attack chain rules. First free standalone AWS security MCP server.

All releases →

Related context

Earlier breaking changes

  • v2.2.0 Category enum gains THREAT value, separating active-abuse from SECURITY misconfigurations.

Beta — feedback welcome: [email protected]