Skip to content

Security Trends

Track your security posture over time. cloud-audit saves scan history automatically and shows score, chain count, and risk exposure trends.

How History Works

After each scan, cloud-audit saves a summary to ~/.cloud-audit/history/. Each entry records the timestamp, account ID, health score, finding counts, chain counts, and risk exposure. No finding details are stored locally -- only aggregate metrics.

Usage

cloud-audit trend

Output

Account: 123456789012    Period: 30 days    Scans: 12

Score:   32 38 38 42 42 54 54 68 68 68 72 78  ████████▊  +46
Chains:   8  8  7  6  6  5  5  3  3  3  2  1  ▁▂▂▃▃▅▅▇▇▇█  -7
Risk:   $7.3M -> $420K                         ▇▆▆▅▅▃▃▂▂▂▁▁  -94%

Key changes:
  Apr 02  aws-vpc-002 fixed     Score +26, 5 chains broken
  Apr 05  aws-ct-001 fixed      Score +12, 2 chains broken
  Apr 10  aws-iam-005 fixed     Score +6, 1 chain broken

The output shows:

  • Sparklines - visual trend per metric over the last 30 days
  • Deltas - net change from first to last scan in the period
  • Key changes - dates where the score changed, with the root cause

Multi-Account

View trends for a specific account:

cloud-audit trend --account 123456789012

Without --account, trends show the most recently scanned account.

Data Location

History files are stored in ~/.cloud-audit/history/<account-id>/. Each file is a JSON summary named by timestamp. You can delete history files to reset trends.