gebalamariusz/cloud-audit

v1.3.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 2mo Vulnerability Scanning

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

audit aws aws-audit aws-security cis-benchmarks cli

+13 more

cloud-security compliance devops security iam iac infrastructure-security open-source-security python python-cli security-scanner terraform vulnerability-scanning

Affected surfaces

auth rbac

Summary

AI summary

Added support for six new compliance frameworks and eight checks across three AWS services.

Full changelog

6 Compliance Frameworks

cloud-audit now supports 6 compliance frameworks — the most of any open-source AWS security CLI:

| Framework | Controls | Automated/Partial |
|-----------|----------|-------------------|
| CIS AWS v3.0 | 62 | 55 (89%) |
| SOC 2 Type II | 43 | 24 (56%) |
| BSI C5:2020 | 134 | 58 (43%) |
| ISO 27001:2022 | 93 | 48 (52%) |
| HIPAA Security Rule | 47 | 30 (64%) |
| NIS2 Directive | 43 | 33 (77%) |

cloud-audit scan --compliance bsi_c5_2020 --format html -o report.html
cloud-audit scan --compliance iso27001_2022
cloud-audit scan --compliance hipaa_security
cloud-audit scan --compliance nis2_directive
cloud-audit list-frameworks

88 Checks, 25 Attack Chains

8 new checks across 3 new AWS services (Backup, Inspector, WAF) plus extensions to IAM, VPC, CloudTrail, CloudWatch, and SSM.

5 new attack chain rules:

AC-29: Unpatched Instance Exposed to Internet (CRITICAL)
AC-30: Unpatched Without Vulnerability Scanning
AC-31: Internet-Exposed Without WAF or Flow Logs
AC-32: CloudTrail Blind Spot — Alarms Non-Functional
AC-33: All-Public VPC Without Network Segmentation

Full Changelog

See CHANGELOG.md for the complete list of changes.

412 tests passing.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track gebalamariusz/cloud-audit

Get notified when new releases ship.

About gebalamariusz/cloud-audit

Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation (CLI + Terraform). 47 checks, 16 attack chain rules. First free standalone AWS security MCP server.

All releases →

Related context

Related tools

Earlier breaking changes

v2.2.0 Category enum gains THREAT value, separating active-abuse from SECURITY misconfigurations.