Use `cbx audit`
The cbx audit CLI surface is cbx audit aws. State-file and source parsing survive only as a Go library path.
Use cbx audit
cbx audit groups CloudBooster's auditing commands. The only audit subcommand on the CLI is cbx audit aws, which reads a live AWS account via the AWS SDK and grounds findings in CloudBooster's curated rules.
Looking for the AWS audit?
Head straight to Use cbx audit aws — it's the authoritative guide for the only audit command on the CLI.
State-file and source auditing is a library, not a CLI surface
Earlier releases exposed --source, --pulumi-state, --terraform-state, and --scanners flags to audit declared infrastructure (Terraform/Pulumi state, IaC source directories) via bundled scanners. Those flags have been removed from the CLI.
The parsing and analysis pipeline behind them still exists, but only as a Go library path in the cbx-cli module (pkg/audit). It's consumed by downstream tools that embed cbx-cli as a dependency — it is not invokable as a cbx command.
| Surface | How to use it |
|---|---|
cbx audit aws (CLI) | Audit a live AWS account — see Use cbx audit aws. |
| State-file / source parsing (library) | Import github.com/cloudbooster-io/cbx-cli/pkg/audit in a Go program. No CLI equivalent. |
| Import existing infrastructure (hosted) | Upload Terraform/Pulumi state in the portal. |
CI/CD integration
To run the CLI audit in CI, use cbx audit aws with the real flags — see Run cbx audit in GitHub Actions. Note that live-account audits are typically run from a workstation rather than CI, since they need AWS credentials and a grounding LLM CLI on the runner.
Next steps
- Use
cbx audit aws— the live-account audit command. - Run
cbx auditin GitHub Actions - Import an existing AWS account with the Import AWS Account guide.