cloud-audit 2.3.0__tar.gz → 2.4.0__tar.gz

{cloud_audit-2.3.0 → cloud_audit-2.4.0}/.github/workflows/ci.yml

@@ -15,7 +15,7 @@ jobs:
     name: Lint & Format
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v6
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6
         with:
           python-version: "3.12"
@@ -28,7 +28,7 @@ jobs:
     name: Type Check
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v6
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6
         with:
           python-version: "3.12"
@@ -43,7 +43,7 @@ jobs:
       matrix:
         python-version: ["3.10", "3.11", "3.12", "3.13"]
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v6
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6
         with:
           python-version: ${{ matrix.python-version }}
@@ -55,6 +55,6 @@ jobs:
     name: Docker Build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v6
       - run: docker build -t cloud-audit:test .
       - run: docker run --rm cloud-audit:test version

{cloud_audit-2.3.0 → cloud_audit-2.4.0}/.github/workflows/docs.yml

@@ -15,7 +15,7 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - uses: actions/setup-python@v6
         with:
           python-version: '3.12'

{cloud_audit-2.3.0 → cloud_audit-2.4.0}/.github/workflows/example-scan.yml

@@ -27,7 +27,7 @@ jobs:
     name: cloud-audit scan
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
 
       - uses: aws-actions/configure-aws-credentials@v6
         with:

{cloud_audit-2.3.0 → cloud_audit-2.4.0}/.github/workflows/release.yml

@@ -18,7 +18,7 @@ jobs:
     needs: ci
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v6
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6
         with:
           python-version: "3.12"
@@ -61,17 +61,17 @@ jobs:
       contents: read
       packages: write
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
-      - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121  # v4.1.0
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v6
+      - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee  # v4.2.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121  # v4.1.0
+      - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee  # v4.2.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf  # v6.0.0
+      - uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9  # v6.1.0
         id: meta
         with:
           images: |
@@ -81,7 +81,7 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
             type=raw,value=latest
-      - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f  # v7.1.0
+      - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf  # v7.2.0
         with:
           context: .
           push: true
@@ -95,7 +95,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v6
       - name: Extract changelog for this version
         id: changelog
         run: |

{cloud_audit-2.3.0 → cloud_audit-2.4.0}/CHANGELOG.md

@@ -7,6 +7,263 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.4.0] - 2026-06-30
+
+### Added
+
+- **Data Perimeter Scanner** - new check category (`aws-dp-001` .. `aws-dp-005`)
+  that evaluates resource-based policies for the two boundary failures detectable
+  from a single account's configuration - read-only, and without AWS Organizations
+  access:
+
+  - **Confused deputy**: an `Allow` statement grants an AWS service principal
+    without an `aws:SourceAccount` / `aws:SourceArn` / `aws:SourceOrgID` /
+    `aws:SourceOwner` condition (`MEDIUM`). A service acting on behalf of another
+    account could be coerced into operating on your resource.
+  - **Cross-organization exposure**: an `Allow` statement grants a wildcard
+    (`"*"`) or external-account AWS principal without an organization-boundary
+    condition (`aws:PrincipalOrgID`, `aws:ResourceOrgID`, `aws:SourceOrgID`, ...).
+    Wildcard grants are `HIGH`; a named external account is `LOW` (often an
+    intentional partner share). On Secrets Manager these are escalated to
+    `CRITICAL` (wildcard) / `MEDIUM` (external) as a direct credential-exfiltration
+    path.
+
+  Services covered: S3 bucket policies (`aws-dp-001`), SNS topic policies
+  (`aws-dp-002`), SQS queue policies (`aws-dp-003`), Secrets Manager resource
+  policies (`aws-dp-004`), and Lambda resource policies (`aws-dp-005`). Every
+  finding ships CLI + Terraform remediation and a breach-cost estimate. Condition
+  keys are matched case-insensitively, and condition **values** are evaluated (not
+  just key presence) - a guardrail scoped to a *foreign* account or org is still
+  flagged. Default SNS/SQS policies relying on `aws:SourceOwner` set to the owner
+  account are correctly treated as account-scoped (no false positive). Federated
+  provider ARNs in a foreign account are flagged as external; federated URL IdPs
+  and `CanonicalUser` principals are out of scope.
+
+  This closes a gap the dominant open-source scanner explicitly does not cover
+  (Prowler issue #7114, "Integrating SCP/RCP Policy Awareness", open since
+  2025-03): evaluating data-perimeter condition keys on resource policies. SCP/RCP
+  enforcement at the AWS Organizations level is intentionally out of scope.
+  Detection taxonomy follows the AWS data perimeter whitepaper and the AWS
+  cross-service confused-deputy guidance.
+
+- **Proof Mode** - new opt-in `scan --verify` that cross-checks each detected IAM
+  privilege-escalation path against the read-only `iam:SimulatePrincipalPolicy`
+  API to confirm the principal's policies actually allow the required actions. Each
+  path is annotated `verified` with `verification_detail` evidence: `true` = the
+  simulator allowed every required action (policy-allowed; *simulated, not
+  executed*); `false` = the simulator denied one (the static path is likely a
+  false positive); `null` = not asserted. The scan prints
+  `Proof Mode: N/M escalation path(s) policy-allowed by IAM simulator`. Honest
+  framing throughout: this confirms the permission exists, not end-to-end
+  exploitability - the simulator does not factor in SCPs, permission boundaries,
+  resource policies, or trust conditions. Resource-scoped methods (`iam:PassRole`,
+  `sts:AssumeRole`, compute-hijack) are deliberately left `null` because without
+  resource ARNs the simulator evaluates against `*` and would over-report; paths
+  gated by unevaluated condition keys are also left `null`.
+  `iam:SimulatePrincipalPolicy` has no per-call charge, so the opt-in controls
+  latency/throttling only; calls are deduplicated per (principal, action-set). New
+  module `proof.py`; `EscalationPath` gains `verified` / `verification_detail`
+  (backward compatible, default unchecked). Brings the 2026 "proof, not
+  probability" validation trend - which commercial scanners sell as a paid
+  flagship - to open-source AWS.
+
+- **AgentCore checks** - first OSS scanner with dedicated Amazon Bedrock AgentCore
+  (GA 2025-10) coverage: 6 read-only checks `aws-agc-001..006` over the AI agent
+  platform. Flags Code Interpreter / Runtime in PUBLIC network mode (egress
+  exfiltration), Runtime not enforcing MMDSv2 (metadata credential theft), Memory
+  without a customer-managed KMS key, Gateway with no inbound authorizer
+  (`authorizerType=NONE`), and Gateway with no enforcing policy engine (missing or
+  `LOG_ONLY`). Each finding ships a CLI + Terraform fix and breach-cost estimate,
+  and maps to Palo Alto Unit 42 "Cracks in the Bedrock" research. Read-only
+  `bedrock-agentcore-control` (no per-call charge); the service is regional and
+  absent regions are skipped silently. New module `agentcore.py`; field names,
+  operations and enum values verified against the live boto3 service model.
+
+### Changed
+
+- Check count: 99 -> 110 (across 25 services). AgentCore adds a new service module
+  of 6 checks; the data perimeter's 5 checks remain a cross-cutting category over
+  existing services, like Threat Feed.
+
+### Tests
+
+- 836 -> 948 (+112). New file `tests/aws/test_data_perimeter.py`: 43 unit tests
+  pinning the `_find_perimeter_gaps` detection engine (confused deputy, cross-org
+  wildcard/external, condition-value evaluation so a guardrail pointing at a
+  foreign account/org is still flagged, federated provider ARNs, case-insensitive
+  conditions, Deny/NotPrincipal/CanonicalUser/malformed handling) plus 17 moto
+  integration tests across all five services. New file `tests/test_proof.py`:
+  28 tests pinning the Proof Mode engine (decision semantics: allowed /
+  explicit+implicit deny / unknown-decision / incomplete / empty / malformed; the
+  resource-scoping gate that leaves PassRole/AssumeRole and deny-removal paths
+  unasserted; condition-key gating; API-call dedup; per-path error isolation;
+  provider-backed path). New file `tests/aws/test_agentcore.py`: 24 fixture-based
+  tests (moto lacks bedrock-agentcore-control) covering each check's positive and
+  negative cases across network mode, MMDSv2, memory KMS, gateway authorizer and
+  policy engine, empty policy config, multi-page pagination, plus
+  region-unavailable / access-denied skip and multi-region aggregation.
+
+### Compliance
+
+- `aws-dp-001` .. `aws-dp-005` mapped: SOC 2 (CC5.2, CC6.1, CC6.6, C1.1),
+  CIS AWS v3.0 (2.1.4), HIPAA (164.308(a)(1)(ii)(A), 164.312(a)(1)),
+  ISO/IEC 27001:2022 (A.8.3, A.8.12), NIS2 (NIS2-RM-09a), BSI C5:2020 (IDM-07).
+
+## [2.3.1] - 2026-05-26
+
+### Added
+
+- **DynamoDB hygiene module** - new `ddb.py` module adds 3 checks covering
+  production-baseline DynamoDB configuration. cloud-audit previously had zero
+  DynamoDB coverage across 23 services; v2.3.1 closes that gap.
+
+  - **`aws-ddb-001` - Encryption at rest visibility** (tiered severity).
+    Surfaces tables where `SSEDescription` is absent (AWS-owned default key,
+    `LOW` - encryption is on but no CloudTrail audit trail, no rotation
+    control, no incident-time revocation), `InaccessibleEncryptionDateTime`
+    is set (`CRITICAL` - CMK was disabled or access revoked, table will be
+    archived in 7 days), or `Status != ENABLED` on a steady-state table
+    (`HIGH`). AWS-managed KMS (`alias/aws/dynamodb`) and customer-managed
+    CMKs both pass. The AWS Security Hub managed standard has no equivalent
+    control; cloud-audit is more opinionated because compliance auditors
+    (SOC 2, HIPAA, ISO 27001) typically require an auditable key.
+  - **`aws-ddb-002` - Point-in-time recovery enabled** (`MEDIUM`). Matches
+    AWS Security Hub `DynamoDB.2` severity. Without PITR, accidental drops
+    or mass conditional-update bugs are unrecoverable except from on-demand
+    backups, which require explicit scheduling.
+  - **`aws-ddb-003` - Autoscaling on PROVISIONED tables** (`MEDIUM`). Matches
+    AWS Security Hub `DynamoDB.1` severity. PROVISIONED billing with manual
+    capacity either over-provisions (cost waste, billed 24/7) or
+    under-provisions (`ProvisionedThroughputExceededException`, client
+    retries amplifying load). `PAY_PER_REQUEST` tables are skipped. Read-only
+    or write-only autoscaling registrations produce a sub-finding identifying
+    the missing dimension.
+
+  All three checks include CLI + Terraform remediation. Pagination via
+  `list_tables`. Application Auto Scaling targets are cached per-region for
+  the duration of the scan (one API call returns every DDB target in the
+  region).
+
+- **`aws-cfg-003` - AWS Config recording group complete** (`MEDIUM`). Detects
+  recorders that record only a subset of resource types - either via the
+  legacy `allSupported=false` configuration or the modern
+  `recordingStrategy.useOnly` set to `INCLUSION_BY_RESOURCE_TYPES` or
+  `EXCLUSION_BY_RESOURCE_TYPES`. Also fires when `includeGlobalResourceTypes`
+  is false, which silently drops every IAM/CloudFront/Route53 change from
+  the configuration timeline. Filters out service-linked recorders
+  (`recordingScope=INTERNAL`).
+
+- **`aws-cfg-004` - AWS Config delivery channel exists and is configured**
+  (tiered). Reports `HIGH` when a recorder exists but no delivery channel
+  is configured (snapshots and configuration history items go nowhere).
+  Reports `LOW` when the delivery channel exists but is throttled to the
+  slowest `TwentyFour_Hours` snapshot frequency, or when `s3KmsKeyArn` is
+  not set (delivery uses SSE-S3 instead of a CMK).
+
+### Changed
+
+- **`aws-s3-004` - Smarter S3 lifecycle check** (community feedback). The
+  prior check only fired when a bucket had zero lifecycle rules - which
+  missed the most expensive anti-pattern in production: a versioning-enabled
+  bucket whose lifecycle rules don't include `NoncurrentVersionExpiration`.
+  Without NCVE every object overwrite or delete retains the old version at
+  full storage rates indefinitely. The check now cross-references bucket
+  versioning state with lifecycle rules:
+
+  - Versioning `Enabled` or `Suspended` + no `NoncurrentVersionExpiration` in
+    any enabled rule -> `MEDIUM` (the storage runaway case; matches AWS
+    Security Hub `S3.10`).
+  - No enabled lifecycle on an unversioned bucket -> `LOW` (existing
+    behaviour preserved).
+  - No `AbortIncompleteMultipartUpload` rule -> `LOW` (new sub-finding;
+    orphaned multipart uploads accumulate billable storage that never
+    appears in regular object listings).
+
+  Cross-check adds one `get_bucket_versioning` call per bucket; result is
+  cached implicitly via the existing bucket-list cache pattern. Backward
+  compatible: same check ID, no behaviour change for unversioned buckets.
+
+- **`aws-cfg-001` and `aws-cfg-002` - service-linked recorder filtering**.
+  Both existing checks now filter out service-linked recorders
+  (`recordingScope=INTERNAL`), which are created by other AWS services
+  (AWS Security Hub, AWS Audit Manager) and do not replace a
+  customer-managed recorder.
+
+### Tests
+
+- 812 -> 836 (+24 net). New test files: `tests/aws/test_ddb.py` (12 tests
+  covering all four encryption states, PITR enabled/disabled, autoscaling
+  with read+write/read-only/none/pay-per-request). `tests/aws/test_config.py`
+  expanded with 8 new tests for `aws-cfg-003` and `aws-cfg-004`.
+  `tests/aws/test_s3.py` expanded with 4 new tests for the smart lifecycle
+  cross-check (versioned without NCVE, versioned with NCVE, lifecycle
+  rules-but-no-NCVE, AbortMPU missing).
+
+### Compliance
+
+Compliance framework mappings updated to cover the new check IDs:
+
+- **SOC 2 Type II**: `aws-cfg-003` and `aws-cfg-004` added to CC2.1, CC3.4,
+  CC4.1, CC7.1, CC8.1; `aws-ddb-001` mapped to CC6.1; `aws-ddb-002` mapped
+  to A1.2.
+- **HIPAA Security Rule**: `aws-cfg-003` and `aws-cfg-004` added to
+  164.308(a)(1)(i) and 164.308(a)(8); `aws-ddb-001` to 164.312(a)(2)(iv);
+  `aws-ddb-002` to 164.308(a)(7)(i).
+- **ISO/IEC 27001:2022**: `aws-cfg-003` and `aws-cfg-004` added to A.5.9,
+  A.5.23, A.5.36, A.8.9, A.8.32; `aws-ddb-001` to A.8.24; `aws-ddb-002` to
+  A.8.13.
+- **NIS2 Directive**: `aws-cfg-003` and `aws-cfg-004` added to NIS2-RM-01b,
+  NIS2-RM-05, NIS2-RM-05b, NIS2-RM-06, NIS2-RM-06b, NIS2-GOV-01;
+  `aws-ddb-001` to NIS2-RM-05b.
+- **BSI C5:2020**: `aws-cfg-003` and `aws-cfg-004` added to AM-01, OPS-14,
+  COS-07, COS-08, INQ-03; `aws-ddb-001` to CRY-04; `aws-ddb-002` to OPS-06.
+- **CIS AWS Foundations Benchmark v3.0.0**: `aws-cfg-003` and `aws-cfg-004`
+  added to control 3.3. CIS v3.0.0 has no DynamoDB controls; the gap is
+  documented honestly rather than invented.
+
+### Acknowledgments
+
+These improvements were prompted by feedback received via community channels.
+
+### Also in this release (carried over from prior unreleased work)
+
+- **GitHub Action hardening** - `action.yml` now pins cloud-audit to a specific
+  PyPI version via the new `cloud-audit-version` input (default tracks the
+  action's release tag). Previously installed unpinned `cloud-audit` latest,
+  which made builds non-reproducible. Version string is validated against
+  `[0-9A-Za-z.+-]` before being passed to `pip install`.
+
+- **GitHub Action shell injection prevention** - all `run:` blocks moved from
+  direct `${{ inputs.* }}` interpolation to env-var pattern (`env:` map +
+  bash arrays). `extra-args`, `regions`, `output`, and `diff-baseline` are
+  now passed as argv entries to `cloud-audit`, not concatenated into shell
+  strings. A malicious workflow author can still pass odd flag values but
+  cannot break out of the cloud-audit invocation.
+
+- **README polish** - dropped promotional "first/only" wording in three
+  places (blast-radius section, AI-SPM row, IAM Privilege Escalation row).
+  PMapper row reframed from "this is its open-source replacement" to a
+  factual statement of PMapper's last release date and cloud-audit's
+  distinct scope. Honest tone over marketing tone.
+
+- **README Prowler comparison refreshed** - 572 checks / 83 services / 41
+  frameworks updated to 600 / 84 / 44 (verified against
+  github.com/prowler-cloud/prowler on 2026-05-25). Dropped unsubstantiated
+  "55 fixers" reference and "10+ providers" puffery. Footnote datestamp
+  changed from "April 2026" to "2026-05-25".
+
+- **README broken links fixed** - two relative links to
+  `docs/features/blast-radius.md` (gitignored - the file is published only
+  via the docs site, not committed to git) replaced with absolute URLs
+  pointing at `https://haitmg.pl/cloud-audit/features/blast-radius/`.
+
+- **docs/features/blast-radius.md** - same "first pure-CLI open-source"
+  wording softened to "aims to be a lightweight CLI-native alternative".
+
+- **SECURITY.md supported versions matrix** - stale `1.1.x` / `1.2.x` rows
+  replaced with `2.3.x` (current) / `2.2.x` (security fixes only) / `< 2.2`
+  (no). The matrix had not been touched since the v1.x line was current.
+
 ## [2.3.0] - 2026-05-15
 
 ### Added
@@ -746,7 +1003,8 @@ this trade-off.
 - Docker image support
 - Rich terminal UI with progress bar and color-coded findings
 
-[Unreleased]: https://github.com/gebalamariusz/cloud-audit/compare/v1.3.0...HEAD
+[Unreleased]: https://github.com/gebalamariusz/cloud-audit/compare/v2.3.1...HEAD
+[2.3.1]: https://github.com/gebalamariusz/cloud-audit/compare/v2.3.0...v2.3.1
 [1.3.0]: https://github.com/gebalamariusz/cloud-audit/compare/v1.2.2...v1.3.0
 [1.2.2]: https://github.com/gebalamariusz/cloud-audit/compare/v1.2.1...v1.2.2
 [1.2.1]: https://github.com/gebalamariusz/cloud-audit/compare/v1.2.0...v1.2.1

cloud_audit-2.4.0/PKG-INFO

@@ -0,0 +1,240 @@
+Metadata-Version: 2.4
+Name: cloud-audit
+Version: 2.4.0
+Summary: Open-source, read-only AWS security scanner. 110 checks across 25 services, 31 attack-chain rules, 64 IAM escalation methods (incl. lateral AssumeRole graph), Proof Mode exploitability verification, data perimeter and Bedrock AgentCore checks, Blast Radius CLI, Threat Feed, What-If simulator, AI-SPM, 6 compliance frameworks, breach-cost estimation, MCP server. CLI + Terraform remediation on every finding.
+Project-URL: Homepage, https://haitmg.pl/cloud-audit/
+Project-URL: Documentation, https://haitmg.pl/cloud-audit/
+Project-URL: Source, https://github.com/gebalamariusz/cloud-audit
+Project-URL: Repository, https://github.com/gebalamariusz/cloud-audit
+Project-URL: Issues, https://github.com/gebalamariusz/cloud-audit/issues
+Project-URL: Changelog, https://github.com/gebalamariusz/cloud-audit/blob/main/CHANGELOG.md
+Author-email: Mariusz Gebala <kontakt@haitmg.pl>
+License-Expression: MIT
+License-File: LICENSE
+Keywords: audit,aws,aws-security,breach-cost,cis,cis-benchmark,cloud,cloud-security,compliance,devops,devsecops,mcp,mcp-server,model-context-protocol,remediation,sarif,scanner,security,security-scanner,soc2,terraform
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: System :: Systems Administration
+Classifier: Typing :: Typed
+Requires-Python: >=3.10
+Requires-Dist: boto3>=1.35.0
+Requires-Dist: jinja2>=3.1.6
+Requires-Dist: mcp>=1.20.0
+Requires-Dist: pydantic>=2.10.0
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: rich>=13.9.0
+Requires-Dist: typer>=0.15.0
+Provides-Extra: dev
+Requires-Dist: boto3-stubs[essential]>=1.35.0; extra == 'dev'
+Requires-Dist: moto[all]>=5.0.0; extra == 'dev'
+Requires-Dist: mypy>=1.13.0; extra == 'dev'
+Requires-Dist: pytest-cov>=6.0; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.8.0; extra == 'dev'
+Requires-Dist: types-pyyaml>=6.0; extra == 'dev'
+Description-Content-Type: text/markdown
+
+<p align="center">
+  <img src="assets/logo-nobg.png" alt="cloud-audit logo" width="200">
+</p>
+
+<!-- mcp-name: io.github.gebalamariusz/cloud-audit -->
+<h1 align="center">cloud-audit</h1>
+
+<p align="center">
+  <a href="README.md">English</a> | <a href="README_zh-CN.md">简体中文</a>
+</p>
+
+<p align="center">
+  <strong>Find AWS attack paths, IAM escalation routes, and the fixes that matter most.</strong>
+</p>
+
+<p align="center">
+  Open-source, read-only AWS security scanner. It correlates findings into attack chains,
+  ranks fixes by how many chains they break, and ships an <strong>AWS CLI + Terraform fix with
+  every finding</strong>. No agent, no infrastructure, nothing written to your account.
+</p>
+
+<p align="center">
+  <a href="https://pypi.org/project/cloud-audit/"><img src="https://img.shields.io/pypi/v/cloud-audit?style=flat" alt="PyPI version"></a>
+  <a href="https://pypi.org/project/cloud-audit/"><img src="https://img.shields.io/pypi/pyversions/cloud-audit?style=flat" alt="Python versions"></a>
+  <a href="https://github.com/gebalamariusz/cloud-audit/actions/workflows/ci.yml"><img src="https://github.com/gebalamariusz/cloud-audit/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
+  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/License-MIT-yellow?style=flat" alt="License: MIT"></a>
+  <a href="https://ghcr.io/gebalamariusz/cloud-audit"><img src="https://img.shields.io/badge/Docker-GHCR-blue?style=flat&logo=docker" alt="Docker"></a>
+  <a href="https://haitmg.pl/cloud-audit/"><img src="https://img.shields.io/badge/Docs-haitmg.pl-blue?style=flat" alt="Documentation"></a>
+</p>
+
+<p align="center">
+  <a href="#quick-start">Quick Start</a> -
+  <a href="#what-you-get">What You Get</a> -
+  <a href="#installation">Installation</a> -
+  <a href="#whats-checked">What's Checked</a> -
+  <a href="https://haitmg.pl/cloud-audit/">Documentation</a>
+</p>
+
+## Quick Start
+
+```bash
+pip install cloud-audit
+cloud-audit scan          # uses your default AWS credentials and region
+```
+
+No AWS account handy? Run a full sample report offline:
+
+```bash
+cloud-audit demo
+```
+
+cloud-audit is **read-only**. It never modifies your infrastructure; `SecurityAudit` is enough ([permissions](#aws-permissions)).
+
+## Example Output
+
+```
++---- Attack Chains (5 detected) -----------------------------------+
+|  CRITICAL  Internet-Exposed Admin Instance                        |
+|            i-0abc123 - public SG + admin IAM role + IMDSv1        |
+|  CRITICAL  IAM Privilege Escalation via iam:PassRole              |
+|            ci-deploy-role - 3-step path to admin                  |
+|  CRITICAL  CI/CD to Admin Takeover                                |
+|            github-deploy - OIDC without sub + admin policy        |
++-------------------------------------------------------------------+
+
++---- Remediation Plan ---------------------------------------------+
+|  Fix 4 root causes, break 22 attack chains                        |
+|  Quick wins (effort LOW, 14 chains):                              |
+|    1. Restrict SG ingress on sg-0abc123   -> breaks 8 chains      |
+|    2. Add OIDC sub condition              -> breaks 6 chains      |
++-------------------------------------------------------------------+
+```
+
+Preview a fix before you touch anything:
+
+```bash
+cloud-audit simulate --fix aws-vpc-002
+# Score 34 -> 58 (+24)  |  Chains broken 8 of 22  |  Findings resolved 11
+```
+
+## What You Get
+
+- **Attack chains** // 31 rules correlate individual findings into exploitable paths (MITRE ATT&CK + pathfinding.cloud). [docs](https://haitmg.pl/cloud-audit/features/attack-chains/)
+- **Root-cause fixes** // groups findings by shared cause and ranks them: "fix 4 things, break 22 chains," with a what-if `simulate` to preview impact. [docs](https://haitmg.pl/cloud-audit/features/simulate/)
+- **IAM privilege escalation** // 64 methods across 9 categories, including lateral movement through the AssumeRole graph. [docs](https://haitmg.pl/cloud-audit/features/iam-escalation/)
+- **Blast radius** // walk outward from any resource to see what an attacker reaches; export JSON to the live [visualizer](https://blast-audit.haitmg.pl/). [docs](https://haitmg.pl/cloud-audit/features/blast-radius/)
+- **Proof Mode** // `scan --verify` checks each escalation path against the IAM policy simulator (read-only) and flags the ones the principal can actually perform. [docs](https://haitmg.pl/cloud-audit/features/proof-mode/)
+- **Data perimeter** // resource-policy checks for confused-deputy and cross-org exposure, evaluating condition *values* (not just their presence). [docs](https://haitmg.pl/cloud-audit/features/data-perimeter/)
+- **AgentCore security** // checks for Amazon Bedrock AgentCore AI agents: network mode, MMDSv2, memory encryption, gateway authorizer. [docs](https://haitmg.pl/cloud-audit/features/agentcore/)
+- **Threat Feed** // 10 detectors for active-abuse patterns from 2025-2026 incidents, each with a primary-source citation. [docs](https://haitmg.pl/cloud-audit/features/threat-feed/)
+- **Remediation on every finding** // copy-paste AWS CLI + reviewable Terraform you apply yourself; security findings also carry a USD breach-cost estimate with sources.
+- **Trend & drift** // `cloud-audit diff` catches ClickOps drift between scans; `cloud-audit trend` tracks posture over time.
+
+<p align="center">
+  <a href="https://blast-audit.haitmg.pl/">
+    <img src="assets/blast-audit-boardroom.png" alt="blast-audit visualizer - executive briefing view" width="760">
+  </a>
+  <br>
+  <sub>Drop a <code>cloud-audit blast-radius --format json</code> export into the open visualizer at
+  <a href="https://blast-audit.haitmg.pl/">blast-audit.haitmg.pl</a> - everything runs in your browser.</sub>
+</p>
+
+## Reports
+
+```bash
+cloud-audit scan --format html  -o report.html    # client-ready
+cloud-audit scan --format sarif -o results.sarif  # GitHub Code Scanning
+cloud-audit scan --format json  -o report.json    # machine-readable
+cloud-audit scan --format markdown -o report.md   # PR comments
+```
+
+## CI/CD
+
+```yaml
+- run: pip install cloud-audit
+- run: cloud-audit scan --format sarif --output results.sarif
+- uses: github/codeql-action/upload-sarif@v3
+  with:
+    sarif_file: results.sarif
+```
+
+`--quiet` exits with a code only: `0` clean, `1` findings, `2` error. Gate on severity with `--min-severity high`. Ready-made workflows: [basic scan](examples/github-actions.yml), [daily diff](examples/daily-scan-with-diff.yml), [post-deploy](examples/post-deploy-scan.yml).
+
+## Installation
+
+```bash
+pip install cloud-audit                              # pip (recommended)
+pipx install cloud-audit                             # isolated
+docker run ghcr.io/gebalamariusz/cloud-audit scan   # Docker
+```
+
+Docker with credentials:
+
+```bash
+docker run -v ~/.aws:/home/cloudaudit/.aws:ro ghcr.io/gebalamariusz/cloud-audit scan
+```
+
+## AWS Permissions
+
+Read-only. Attach the AWS-managed `SecurityAudit` policy (covers every check, including IAM escalation analysis):
+
+```bash
+aws iam attach-role-policy --role-name auditor \
+  --policy-arn arn:aws:iam::aws:policy/SecurityAudit
+```
+
+cloud-audit never modifies your infrastructure. `simulate` runs locally against scan data and makes no AWS calls.
+
+## What's Checked
+
+**110 checks across 25 AWS services** - IAM, S3, EC2, VPC, RDS, KMS, CloudTrail, GuardDuty, Lambda, Secrets Manager, Bedrock, SageMaker, Bedrock AgentCore, DynamoDB, and more. Run `cloud-audit list-checks`, or see the [full check reference](https://haitmg.pl/cloud-audit/checks/).
+
+**6 compliance frameworks** via `scan --compliance <id>`: CIS AWS v3.0 and SOC 2 Type II (stable), plus ISO 27001:2022, HIPAA, NIS2, and BSI C5:2020 (beta). [docs](https://haitmg.pl/cloud-audit/compliance/overview/)
+
+**MCP server** for AI agents - 6 read-only tools (`scan_aws`, `get_findings`, `get_attack_chains`, `get_remediation`, `get_health_score`, `list_checks`):
+
+```bash
+claude mcp add cloud-audit -- uvx --from cloud-audit cloud-audit-mcp
+```
+
+<details>
+<summary>Common flags and configuration</summary>
+
+```bash
+cloud-audit scan -R                                      # show remediation inline
+cloud-audit scan --profile prod --regions eu-central-1   # profile / region
+cloud-audit scan --regions all                           # all enabled regions
+cloud-audit scan --role-arn arn:aws:iam::...:role/audit  # cross-account
+cloud-audit scan --export-fixes fixes.sh                 # export all fixes
+```
+
+Configure defaults in `.cloud-audit.yml` (regions, `min_severity`, `exclude_checks`, time-boxed `suppressions`). Environment variables (`CLOUD_AUDIT_REGIONS`, `CLOUD_AUDIT_MIN_SEVERITY`, ...) override the file; CLI flags override everything. See the [configuration guide](https://haitmg.pl/cloud-audit/configuration/config-file/).
+
+</details>
+
+## Documentation
+
+Full documentation at **[haitmg.pl/cloud-audit](https://haitmg.pl/cloud-audit/)**: [getting started](https://haitmg.pl/cloud-audit/getting-started/installation/), [attack chains](https://haitmg.pl/cloud-audit/features/attack-chains/), [IAM escalation](https://haitmg.pl/cloud-audit/features/iam-escalation/), [blast radius](https://haitmg.pl/cloud-audit/features/blast-radius/), [Proof Mode](https://haitmg.pl/cloud-audit/features/proof-mode/), [data perimeter](https://haitmg.pl/cloud-audit/features/data-perimeter/), [AgentCore](https://haitmg.pl/cloud-audit/features/agentcore/), [compliance](https://haitmg.pl/cloud-audit/compliance/overview/), and the [full check reference](https://haitmg.pl/cloud-audit/checks/).
+
+## Development
+
+```bash
+git clone https://github.com/gebalamariusz/cloud-audit.git
+cd cloud-audit
+pip install -e ".[dev]"
+pytest -q && ruff check src/ tests/ && mypy src/
+```
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) to add a check. Past releases in [CHANGELOG.md](CHANGELOG.md).
+
+## License
+
+[MIT](LICENSE) - Mariusz Gebala / [HAIT](https://haitmg.pl)