Audit Cloud Accounts One at a Time: NSAuditor AI EE 0.16.0 Adds –env, –aws-profile, and Sentinel-Host Auto-Scoping

MobNS

Security teams that audit a fleet of cloud accounts have always faced the same friction: before every scan you re-export the right credentials, and on a multi-cloud machine you hand-pick plugin IDs so one cloud’s auditors don’t pollute another cloud’s report. NSAuditor AI Enterprise Edition 0.16.0 turns both into one-liners.

--env <path> loads a per-scan dotenv (KEY=value) file — credentials, region, CLOUD_PROVIDER — for a single scan. Its values take precedence over the ambient shell, so a stale exported variable can’t quietly defeat the file you pointed at. A missing --env file is a hard error: for an audit tool, silently falling back to ambient credentials risks scanning the wrong or an empty account and emitting a false-clean report. And because ~/.aws/credentials is an INI file with multiple named profiles — not a dotenv — pointing --env at it is detected and redirected to the right flag.

--aws-profile <name> serves the native AWS multi-account case: it uses a named profile from the OS-default ~/.aws/credentials (%USERPROFILE%\.aws\credentials on Windows), clears any stale explicit access keys so the profile is authoritative, reads ~/.aws/config for region and SSO, and implies CLOUD_PROVIDER=aws so the bare command just works.

Sentinel-host plugin auto-scoping closes the multi-cloud noise problem at the source. --host aws|gcp|azure combined with --plugins all now runs only that cloud’s plugins; the other two clouds’ plugins and the non-cloud network plugins are skipped, and the skip is logged. Each per-account scan yields a clean, single-cloud evidence pack. Explicit --plugins lists are honored unchanged.

Plugin count stays at 28; all six coverage matrices (SOC 2, HIPAA, NIST CSF 2.0, PCI DSS v4.0.1, ISO/IEC 27001:2022, CIS Controls v8) are unchanged; there is no dependency change. Install or upgrade: npm install -g nsauditor-ai@latest @nsasoft/nsauditor-ai-ee@latest nsauditor-ai-agent-skill@latest — one scan with --compliance soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8 produces six separate auditor-ready evidence packs, all generated inside your own infrastructure, zero data exfiltration.

Related Posts:

  • nsauditor-ai-ee-0-15-9-cross-cloud-scan-isolation
  • nsauditor-ai-ee-0-3-3-azure-soc2-multicloud
  • nsauditor-ai-ee-068-enhances-multi-cloud-storage-audits-with-new-gcp-cloud-stora
  • nsauditor-ai-ee-0-13-1-hardened-image-credit-explained
  • nsauditor-ai-ee-0-6-3-alerting-destination-audit-unrouted-security-findings