Skip to content

gebalamariusz/cloud-audit

v1.2.2 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 2mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

audit aws aws-audit aws-security cis-benchmarks cli
+13 more
cloud-security compliance devops security iam iac infrastructure-security open-source-security python python-cli security-scanner terraform vulnerability-scanning

Summary

AI summary

Added parallel check execution, wildcard suppression patterns, and adaptive retry client for IAM checks.

Full changelog

Added

  • Parallel check execution via ThreadPoolExecutor for faster scans on large accounts
  • Wildcard pattern support in suppressions (aws-iam-*, arn:aws:*:*:*:role/deploy-*)
  • Debug logging in attack chain correlation engine for diagnosing collection failures
  • Makefile with make all (lint + format + typecheck + test), make test-cov, make security
  • provider.client() method with boto3 adaptive retry (max 5 attempts) and per-service client caching
  • _region_overlap() helper for shared region-matching logic in attack chain rules
  • 7 new tests for attack chains AC-25, AC-26, AC-27 and wildcard suppressions (345 total)

Changed

  • Thread-safe module-level caches in S3 and CloudTrail checks (threading.Lock)
  • Cache reset abstracted into BaseProvider.reset_caches() (was hardcoded S3-only import)
  • Scanner enforces canonical check_id from make_check metadata (single source of truth)
  • compute_summary() optimized to single pass over findings (was 5+ iterations)
  • IAM checks migrated to provider.client() for adaptive retry and client caching
  • Demo command updated to show 80 checks (was 47)

Fixed

  • SARIF artifactLocation.uri now uses valid relative URI format (checks/{check_id})
  • Progress bar no longer advances past 100% in interactive mode
  • Documentation URL in pyproject.toml points to docs site instead of GitHub README
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track gebalamariusz/cloud-audit

Get notified when new releases ship.

Sign up free

About gebalamariusz/cloud-audit

Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation (CLI + Terraform). 47 checks, 16 attack chain rules. First free standalone AWS security MCP server.

All releases →

Related context

Earlier breaking changes

  • v2.2.0 Category enum gains THREAT value, separating active-abuse from SECURITY misconfigurations.

Beta — feedback welcome: [email protected]