Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins
See the impressive results of AI-assisted development from new compliance frameworks, cost optimization controls, and plugin updates delivered faster than ever.
This launch represents one of our most comprehensive updates to date, with significant new capabilities across Steampipe, Powerpipe, and Tailpipe. We've addressed numerous community requests while expanding our coverage of major cloud platforms and compliance frameworks.
Our enhanced development workflow has enabled us to tackle larger, more complex projects that previously required extensive planning cycles. The result is a substantial collection of new features that strengthen security posture, improve cost visibility, and expand platform coverage.
Release Overview
| Platform | New Features | Highlights |
|---|---|---|
| Powerpipe | 2 new perimeter mods, 8 new cost controls, 4 compliance framework updates, 4 insights mods | Azure & GCP perimeter security, CIS v5 AWS compliance |
| Steampipe | 7 new AWS tables, 540 table validation, SDK updates, new Bluesky plugin | AWS SDK v2 migration, fine-grained GitHub tokens |
| Tailpipe | 3 new log sources, 2 new tables, custom VPC flow logs | Azure cost analysis, CloudWatch integration |
Key Highlights
Perimeter Security Expansion
We've extended our network security coverage beyond AWS with comprehensive perimeter mods for Azure and GCP. These new frameworks provide visibility into network boundaries, public access patterns, and shared resource exposure across multi-cloud environments.
The Azure Perimeter mod includes controls for network security groups, public IP configurations, and storage account access patterns. The framework identifies potential exposure points in Azure networking and provides actionable recommendations for strengthening perimeter defenses.
The GCP Perimeter mod covers VPC security, firewall rules, and public access configurations. It examines both network-level and service-level exposure, helping organizations understand their attack surface across Google Cloud Platform.
Enhanced Cost Optimization
Our Thrifty mods have expanded with new cost-saving opportunities across AWS and Azure. These additions focus on underutilized resources and configuration optimizations that can yield immediate savings, with 4 new controls added to each platform.
The new controls identify unused load balancers, oversized instances, and misconfigured storage classes. Each recommendation includes estimated savings calculations and implementation guidance, making it easier for teams to prioritize cost optimization efforts.
Compliance Framework Updates
We've updated our compliance coverage with the latest framework versions, including CIS v5 for AWS, CIS v4 for Azure and GCP, and NIST CSF v2 for AWS, Azure, and GCP. These updates ensure organizations can align with current security standards and regulatory requirements.
The Google Workspace compliance mod was released featuring the CIS v1.2.0 benchmark, extending our SaaS security coverage for organizations to secure their collaboration platforms alongside their cloud infrastructure.
Comprehensive Inventory Insights
New insights mods provide detailed inventory reporting across AWS, Azure, and GCP. These dashboards offer visibility into resource distribution, configuration patterns, and utilization metrics across cloud environments.
The Azure Cost and Usage insights mod deserves special attention, providing detailed cost analysis capabilities that complement the standard Azure cost management tools. This addition gives teams granular visibility into spending patterns and resource optimization opportunities.
Platform Improvements
Our AWS plugin has undergone a major SDK migration, moving from v1 to v2 while maintaining compatibility across all 540 tables. This update improves performance and ensures long-term supportability, with 7 new tables added as part of the enhancement.
The GitHub plugin now supports fine-grained access tokens, providing more granular permission control for repository access. The Azure plugin received 9 new columns for the azure_storage_account table and rate limiter improvements across 165 tables, while the GCP plugin added rate limiter tags for 118 tables.
The new Bluesky plugin reflects our commitment to emerging platforms, providing social media monitoring capabilities as organizations expand their digital presence monitoring.
Enhanced Log Analysis
Tailpipe continues to evolve with new log sources and improved analysis capabilities. The AWS plugin now includes the ALB connection log and Security Hub finding tables, plus a new CloudWatch log group source. The VPC flow log table has been enhanced as a custom table providing improved network traffic analysis.
The Azure plugin introduces the cost and usage table, enabling detailed financial analysis of cloud spending and complementing the insights dashboard with raw data access for custom reporting needs.
Developer Resources
To support teams building their own mods and plugins, we've published comprehensive AI development guides for Steampipe, Powerpipe, and Tailpipe.
These guides reflect our learnings from this development cycle and provide practical approaches for accelerating mod development while maintaining quality and consistency.
Community Impact
This release addresses over 20 community-requested features and resolves long-standing issues across our platforms. The scope of improvements reflects our commitment to responsive development and community-driven priorities.
The combination of new capabilities and enhanced existing features provides teams with more comprehensive tools for cloud security, compliance, and cost management across their entire infrastructure.
What's Next
This substantial release establishes a foundation for continued expansion across all platforms. We're particularly excited about the potential for cross-platform insights as organizations increasingly adopt multi-cloud strategies.
The enhanced development capabilities that enabled this release will continue to drive innovation, allowing us to be more responsive to emerging security challenges and compliance requirements.