Releases: prowler-cloud/prowler
Prowler 3.9.0 - Flash of the Blade
As a young boy chasing dragons
With your wooden sword so mighty
You're St. George or you're David and you always killed the beast
Times change very quickly and you had to grow up early
A house in smoking ruins and the bodies at your feet
Sometimes chasing dragons and some times walking on the edge of the blade. This Iron Maiden's song Flash of the Blade tells a good history about what comes on the table these days. Enjoy this great song written by Bruce Dickinson back in 1984 (https://www.youtube.com/watch?v=Qx0s8OqgBIw) while reading what's new!
New features to highlight in this version:
⚙️ New checks for AWS!
- New AWS Athena service with two new checks
athena_workgroup_encryption
andathena_workgroup_enforce_configuration
. - New AWS S3 check
s3_bucket_kms_encryption
. - New AWS EC2 check
ec2_instance_detailed_monitoring_enabled
. - New AWS IAM check
iam_inline_policy_no_administrative_privileges
with a new feature in the IAM service which now is capable of retrieving the inline policies for the Users, Roles and Groups. - Now in the AWS ECR
ecr_repositories_scan_vulnerabilities_in_latest_image
you can configure the minimum severity for this check to raise a FAIL finding using theecr_repository_vulnerability_minimum_severity
configuration value. Read more at https://docs.prowler.cloud/en/latest/tutorials/configuration_file/
Try them with prowler aws
and improve your security posture now! 🔒
🖌️ New CLI flag
- List all the checks in JSON format, ready to be consumed by the
--checks-file
flag. Try it withprowler aws --list-checks-json
.
📖 Developer Guide
- We keep improving the Prowler documentation, specially the Developer Guide to help our contributors. Check it in the following link https://docs.prowler.cloud/en/latest/developer-guide/introduction/.
🧑🤝🧑 Two new Prowler contributors!
- Many thanks to @vysakh-devopspace and @gerardocampo for including more checks and keep improving Prowler!
What's Changed
Features
- feat(s3): Add S3 KMS encryption check by @singergs in #2757
- feat(ec2): New check ec2_instance_detailed_monitoring_enabled by @vysakh-devopspace in #2735
- feat(checks): dump all checks as a json file by @jchrisfarris in #2683
- feat(ecr_repositories_scan_vulnerabilities_in_latest_image): Minimum severity is configurable by @jfagoagas in #2736
- feat(iam): Check inline policies in IAM Users, Groups & Roles for admin priv's by @gerardocampo in #2750
- feat(compliance): Update AWS compliance frameworks after PR 2750 by @gerardocampo in #2771
- feat(athena): New AWS Athena service + 2 workgroup checks by @jfagoagas in #2696
Fixes
- fix(azure): Status extended ends with a dot by @jfagoagas in #2725
- fix(is_account_only_allowed_in_condition): Context name on conditions are case-insensitive by @christiandavilakoobin in #2726
- fix(gcp): Status extended ends with a dot by @jfagoagas in #2734
- fix(get_checks_from_input_arn): fix function and add tests by @n4ch04 in #2749
- fix(get_checks_from_input_arn): fix logic and add tests by @n4ch04 in #2764
- fix(get_regions_from_audit_resources): fix logic and add tests by @n4ch04 in #2766
- fix(nacls): Tests by @jfagoagas in #2760
- fix(iam_policy_allows_privilege_escalation): Handle admin permission so * by @jfagoagas in #2763
- fix(checks_to_execute): --checks and --resource_arn working together by @jfagoagas in #2743
- fix(ec2_securitygroup_default_restrict_traffic): fix check only allow empty rules by @n4ch04 in #2777
Chores
- chore(regions_update): Changes in regions for AWS services. by @sergargar in #2733, #2737, #2741, #2744, #2748, #2759, #2767 and #2773, #2776
- chore(parser): Move provider logic to their folder by @jfagoagas in #2746
- chore(s3): Move lib to the AWS provider and include tests by @jfagoagas in #2664
Security
- fix(security): GitPython issue by @jfagoagas in #2720
Documentation
- docs(style): Add more details by @jfagoagas in #2724
- docs(testing): Mocking the service and the service client at the service client level by @jfagoagas in #2747
- docs(audit_config): How to use it by @jfagoagas in #2739
- docs: explain output formats by @jfagoagas in #2774
- docs: Include new config ecr_repository_vulnerability_minimum_severity by @jfagoagas in #2775
Dependencies
- build(deps-dev): bump vulture from 2.7 to 2.8 by @dependabot in #2727
- build(deps): bump mkdocs-material from 9.1.20 to 9.1.21 by @dependabot in #2728
- build(deps): bump google-api-python-client from 2.95.0 to 2.96.0 by @dependabot in #2729
- build(deps-dev): bump coverage from 7.2.7 to 7.3.0 by @dependabot in #2730
- build(deps): bump azure-identity from 1.13.0 to 1.14.0 by @dependabot in #2731
- build(deps): bump mkdocs-material from 9.1.21 to 9.2.1 by @dependabot in #2752
- build(deps): bump google-api-python-client from 2.96.0 to 2.97.0 by @dependabot in #2753
- build(deps-dev): bump pytest-randomly from 3.13.0 to 3.15.0 by @dependabot in #2755
- build(deps): bump azure-mgmt-storage from 21.0.0 to 21.1.0 by @dependabot in #2756
- build(deps): bump shodan from 1.29.1 to 1.30.0 by @dependabot in #2754
Tests
- test(python): Test with 3.9, 3.10, 3.11 by @jfagoagas in #2718
- test(coverage): Add Codecov by @jfagoagas in #2719
- test(s3): Mock S3Control when used by @jfagoagas in #2722
- fix(test-vpc): use the right import paths by @jfagoagas in #2732
- tests(check_security_group) by @jfagoagas in #2740
- chore(tests): Replace sure with standard assert by @jfagoagas in #2738
- test(vpc_endpoint_services_allowed_principals_trust_boundaries) by @jfagoagas in #2768
- fix(test): Update moto to 4.1.15 and update tests by @jfagoagas in #2769
New Contributors
- @vysakh-devopspace made their first contribution in #2735
- @gerardocampo made their first contribution in #2750
Full Changelog: 3.8.2...3.9.0
Prowler 3.8.2 - Days of Future Past
Fixes
- fix(shub): handle default output filename error by @sergargar in #2709
- fix(s3_bucket_policy_public_write_access): look at account and bucket-level public access block settings by @jchrisfarris in #2715
Chores
- chore(release): update Prowler Version to 3.8.1 by @sergargar in #2706
- docs(developer-guide): Update checks, services and include testing by @jfagoagas in #2705
- chore(aws): Improve tests and status from accessanalyzer to cloudwatch by @jfagoagas in #2711
- chore(aws): 2nd round - Improve tests and include dot in status extended by @jfagoagas in #2714
- chore(regions_update): Changes in regions for AWS services. by @sergargar in #2712 and #2717
Documentation
- docs(dev-guide): Fix a list and include some details to use the report by @jfagoagas in #2710
Full Changelog: 3.8.1...3.8.2
Prowler 3.8.1 - Days of Future Past
Fixes
- fix(cloudfront): fix ViewerProtocolPolicy and GeoRestrictionType by @jfagoagas in #2701
- fix(config): Pass a configuration file using
--config-file config.yaml
by @jfagoagas in #2679 - fix(ec2-securitygroups): Handle IPv6 public by @jfagoagas in #2690
- fix(Enum): handle Enum classes correctly by @sergargar in #2702
- fix(ds): Restore enums without optional by @jfagoagas in #2704
- fix(iam): password policy expiration by @jfagoagas in #2694
- fix(iam-dynamodb): Handle errors by @jfagoagas in #2680
- fix(iam_role_cross_service_confused_deputy_prevention): add ResourceAccount and PrincipalAccount conditions by @sergargar in #2689
- fix(organizations): request Organization Info after assume_role occurs by @jchrisfarris in #2682
- fix(security hub): include custom output filename in
resolve_security_hub_previous_findings
by @sergargar in #2687 - fix(sns): allow default SNS policy with SourceOwner by @christiandavilakoobin in #2698
- fix(typo): spelling typo in organizations_scp_check_deny_regions by @sergargar in #2691
Dependencies
- build(deps): bump mkdocs from 1.4.3 to 1.5.2 by @dependabot in #2684
- build(deps-dev): bump pylint from 2.17.4 to 2.17.5 by @dependabot in #2685
Documentation
- docs(aws-orgs): Update syntax by @jfagoagas in #2703
- docs(organizations): fix script and improve titles by @sergargar in #2693
Chores
- chore(azure): Improve AzureService class with set_clients by @jfagoagas in #2676
- chore(print): prettify prints of listings and logs by @sergargar in #2699
- chore(regions_update): Changes in regions for AWS services. by @sergargar in #2677, #2688, #2692 and #2700
- chore(service): service class type hints by @jfagoagas in #2695
Full Changelog: 3.8.0...3.8.1
Prowler 3.8.0 - Days of Future Past
A war in heaven in God's rage
He put me in this burning cage
Holy fury locks me in
Imprisoned by my deadly sin
Every hour the shadow king
Wonders what his clock will bring
I've lived and loved and that's for sure
My fatal quest forever more
2 weeks before this release, most of the Prowler full time team were watching Iron Maiden live, probably the best day of the year for us being together. This song Days of Future Past was the fourth they played in that show, we invite you to play it while reading what is new in this version that we have just crafted for you all right before BlackHat, DEFCON and BSides Vegas. Remember we will be at Black Hat Arsenal on Wednesday!
Special thanks for contributions on this release to @jchrisfarris, @edurra and @gabriel-pragin-clearscale, your code and feedback is very helpful to improve Prowler. THANK YOU!
New features to highlight in this version:
🥳 GCP scans are now x10 faster!
- We have improved the way Prowler scans GCP regions, locations and zones so now it is on average 10 times faster than before. Try it with
prowler gcp --compliance cis_2.0_gcp
if you dare!
📝 New Azure service supported sqlserver
and 3 new checks available
sqlserver_auditing_enabled
,sqlserver_azuread_administrator_enabled
andsqlserver_unrestricted_inbound_access
.- We have added new service to the Azure provider for
sqlserver
with 3 checks. Try them withprowler azure --service sqlserver
and let us know!
⚙️ New checks for AWS!:
- Two new checks for AWS for S3:
s3_bucket_public_list_acl
ands3_bucket_public_write_acl
. Try them withprowler aws --service s3
and improve your security posture now!
What's Changed
Features
- feat(aws): New AWSService class as parent by @jfagoagas in #2638
- feat(azure): add Azure SQL Server service and 3 checks by @edurra in #2665
- feat(azure): New parent class by @jfagoagas in #2642
- feat(gcp): Add internet-exposed and encryption categories by @jfagoagas in #2663
- feat(gcp): Improve gcp performance by @sergargar in #2662
- feat(gcp): Parent class by @jfagoagas in #2641
- feat(s3): Add checks for publicly listable Buckets or writable buckets by ACL by @jchrisfarris in #2628
Fixes
- fix(cloudtrail): Set status to INFO when trail is outside the audited account by @jfagoagas in #2643
- fix(cryptography): Update to 41.0.3 by @jfagoagas in #2661
- fix(docs): Azure auth and Slack integration by @jfagoagas in #2659
- fix(ec2_instance_secrets_user_data): Include line numbers in status by @jfagoagas in #2639
- fix(iam_policy_allows_privilege_escalation): Handle permissions in groups by @jfagoagas in #2655
- fix(outputs): Not use reserved keyword list as variable by @jfagoagas in #2657
- fix(s3_bucket_level_public_access_block): check s3 public access block at account level by @sergargar in #2653
- fix(sns): handle topic policy conditions by @sergargar in #2660
- fix(test_only_aws_service_linked_roles): Flaky test by @jfagoagas in #2666
- fix(vpc_endpoint_connections_trust_boundaries): Handle AWS Account ID as Principal by @jfagoagas in #2611
Tests
- test(ec2): security groups by @jfagoagas in #2627
- fix(test): mock VPC client by @jfagoagas in #2640
- test(azure): Defender service by @jfagoagas in #2669
- test(azure): IAM service by @jfagoagas in #2670
- test(azure): SQL Server Service by @jfagoagas in #2671
- test(azure): Storage Service by @jfagoagas in #2672
Chores
- chore(metadata): Typos by @gabriel-pragin-clearscale in #2629 and #2646
- chore(regions_update): Changes in regions for AWS services. by @sergargar in #2630, #2634, #2637, #2654 and #2658
- chore(security-hub): Explain Unique ID by @jfagoagas in #2631
- refactor(vpc_endpoint_connections_trust_boundaries) by @jfagoagas in #2667
- chore(readme): update providers summary table by @sergargar in #2673
Dependencies
- build(deps): bump azure-mgmt-authorization from 3.0.0 to 4.0.0 by @dependabot in #2652
- build(deps): bump google-api-python-client from 2.94.0 to 2.95.0 by @dependabot in #2649
- build(deps): bump mkdocs-material from 9.1.19 to 9.1.20 by @dependabot in #2648
- build(deps-dev): bump flake8 from 6.0.0 to 6.1.0 by @dependabot in #2651
- build(deps-dev): bump moto from 4.1.13 to 4.1.14 by @dependabot in #2650
New Contributors
- @jchrisfarris made their first contribution in #2628
- @edurra made their first contribution in #2665
Full Changelog: 3.7.2...3.8.0
Prowler 3.7.2 - Gates of Tomorrow
Fixes
- fix(allowlist): single account checks handling by @n4ch04 in #2585
- fix(assume_role): Set the AWS STS endpoint region by @jfagoagas in #2587
- fix(compute): solve key errors in compute service by @sergargar in #2610
- fix(ec2_ami_public): correct check metadata and logic by @sergargar in #2618
- fix(ecs_task_def_secrets): Improve description to explain findings by @jfagoagas in #2621
- fix(guardduty): handle disabled detectors in
guardduty_is_enabled
by @sergargar in #2616 - fix(opensearch): log exception as WARNING by @jfagoagas in #2581
- fix(pypi-release): solve GH action for release by @sergargar in #2624
- fix(s3):
__get_object_lock_configuration__
warning logs by @jfagoagas in #2608 - fix(security): certifi issue by @jfagoagas in #2623
- fix(ssm_incidents): Handle empty name by @jfagoagas in #2591
Dependencies
- build(deps): bump azure-storage-blob from 12.16.0 to 12.17.0 by @dependabot in #2596
- build(deps): bump google-api-python-client from 2.93.0 to 2.94.0 by @dependabot in #2614
- build(deps): bump mkdocs-material from 9.1.18 to 9.1.19 by @dependabot in #2615
- build(deps): bump pydantic from 1.10.11 to 1.10.12 by @dependabot in #2613
- build(deps-dev): bump moto from 4.1.12 to 4.1.13 by @dependabot in #2598
Chores
- chore(ec2): add SG name to resource_details by @sergargar in #2495
- chore(metadata): Typos by @gabriel-pragin-clearscale in #2594
- chore(regions_update): Changes in regions for AWS services. by @sergargar in #2606
Tests
- test(aws_provider): Role and User MFA by @jfagoagas in #2486
Documentation
- docs(boto3-configuration): format list by @jfagoagas in #2609
- docs(README): typos in README.md by @kagahd in #2579
New Contributors
- @gabriel-pragin-clearscale made their first contribution in #2594
Full Changelog: 3.7.1...3.7.2
Prowler 3.7.1 - Gates of Tomorrow
Fixes
- fix(iam): Handle NoSuchEntityException when calling list_attached_role_policies by @jfagoagas in #2571
- fix(allowlist): handle wildcard in account field by @n4ch04 in #2577
- fix(cond parser): add policy condition parser & apply in SQS public check by @n4ch04 in #2575
Dependencies
- build(deps-dev): bump pytest-randomly from 3.12.0 to 3.13.0 by @dependabot in #2567
- build(deps): bump boto3 from 1.26.161 to 1.26.165 by @dependabot in #2566
- build(deps): bump pydantic from 1.10.9 to 1.10.11 by @dependabot in #2568
- build(deps-dev): bump openapi-spec-validator from 0.5.7 to 0.6.0 by @dependabot in #2569
- build(deps): bump google-api-python-client from 2.91.0 to 2.92.0 by @dependabot in #2570
Chores
- chore(compliance): CIS Benchmark 2.0 for AWS by @toniblyx in #2562
- chore(regions_update): Changes in regions for AWS services. by @sergargar in #2560, #2561, #2572, #2574
Tests
- test(outputs): Remove debug by @jfagoagas in #2559
Documentation
Full Changelog: 3.7.0...3.7.1
Prowler 3.7.0 - Gates of Tomorrow
Trapped in the web, but I cut the threads
Show you the gates of tomorrow
Trapped in the web, no mercy is shed
Show you the gates of tomorrow
Trapped in the web, slaves to the dead
Show you the gates of tomorrow
Trapped in the web, but I cut the threads
Show you the gates of tomorrow
As the song says, this version of Prowler is opening gates of tomorrow! More compliance frameworks like MITRE ATT&CK®, ISO27001 (2013), AWS Well-Architected Framework Reliability pillar (in addition to the existing Security pillar), better support for the Allowlist feature, with all 73 checks for GCP covering CIS Benchmark 2.0 for Google Cloud! Take this one and start closing doors to the bad guys!
New features to highlight in this version:
🥳 GCP CIS v2.0.0 benchmark coverage!
- Prowler now supports CIS v2.0.0 benchmark for Google Cloud Platform! There were added 73 checks of GCP to fully cover the CIS framework, you can execute it with the following flag to get all CSV standard and compliance, HTML, JSON and JSON OCSF reports:
prowler gcp --compliance cis_2.0_gcp
📝 New AWS compliance frameworks available
- Prowler now supports MITRE ATT&CK for AWS, ISO27001 (2013) for AWS and AWS Well-Architected Framework Reliability Pillar v0.1. Also, the Spanish ENS RD2022 Compliance Framework has been updated.
- You can run the new compliance frameworks with the following command:
prowler aws --compliance mitre_attack_aws
prowler aws --compliance iso27001_2013_aws
prowler aws --compliance aws_well_architected_framework_reliability_pillar_aws
prowler aws --compliance ens_rd2022_aws
⚙️ Allowlist supports exceptions:
- For each check you can except Accounts, Regions, Resources and/or Tags, see more in https://docs.prowler.cloud/en/latest/tutorials/allowlist/. Thanks @zfLQ2qx2 for the feedback!
Allowlist:
Accounts:
"*":
Checks:
"ecs_task_definitions_no_environment_secrets":
Regions:
- "*"
Resources:
- "*"
Exceptions:
Accounts:
- "0123456789012"
Regions:
- "eu-west-1"
- "eu-south-2" # Will ignore every resource in check ecs_task_definitions_no_environment_secrets except the ones in account 0123456789012 located in eu-south-2 or eu-west-1
"123456789012":
Checks:
"*":
Regions:
- "*"
Resources:
- "*"
Exceptions:
Resources:
- "test"
Tags:
- "environment=prod" # Will ignore every resource except in account 123456789012 except the ones containing the string "test" and tag environment=prod
What's Changed
Features
- feat(ENS): complete ENS Compliance Framework mapping by @sergargar in #2534
- feat(MITRE): add MITRE ATT&CK framework for AWS by @sergargar in #2537
- feat(allowlist): add exceptions to allowlist by @sergargar in #2527
- feat(compliance): AWS Well-Architected Framework Reliability Pillar v0.1 by @sssalim-aws in #2536
- feat(compliance): add ISO27001 compliance framework by @pedromarting3 in #2517
- feat(lambda service): mapping lambda service to awslambda by @n4ch04 in #2538
- feat(gcp): add CIS checks by @sergargar in #2544
Fixes
- fix(apigw): Update metadata for API GW checks by @n4ch04 in #2512
- fix(bigquery_dataset_public_access): handle status correctly by @sergargar in #2542
- fix(cloudwatch secrets): fix nonetype error handling by @n4ch04 in #2543
- fix(compliance): add version to ISO27001 by @sergargar in #2523
- fix(compliance): remove unnecessary Optional attributes by @sergargar in #2514
- fix(contrib): migrate
multi-account-securityhub/run-prowler-securityhub.sh
to v3 by @sergargar in #2503 - fix(gcp): update Prowler SDK info of GCP by @sergargar in #2515
- fix(iam): add StringLike condition in
iam_role_cross_service_confused_deputy_prevention
by @sergargar in #2533 - fix(list-checks): handle listing checks when -s by @sergargar in #2540
- fix(security hub): solve Security Hub format requirements by @sergargar in #2520
- fix(vpc): handle ephemeral VPC endpoint services by @n4ch04 in #2501
- fix(reporting docs): fix S3 reporting desc by @n4ch04 in #2551
- fix(allowlist): reformat allowlist logic by @n4ch04 in #2555
Chores
- chore(OCSF): improve OCSF logic by @sergargar in #2502
- chore(ec2): reduce noise in Security Groups checks by @sergargar in #2525
- chore(region): add
get_default_region
function in AWS Services by @sergargar in #2524 - chore(regions_update): Changes in regions for AWS services. by @sergargar in #2539
- chore(docs): update DynamoDB allowlist example by @sergargar in #2552
- chore(docs): Update Amazon Linux 2 installation by @czantoine in #2553
Dependencies
- build(deps): bump boto3 from 1.26.147 to 1.26.156 by @dependabot in #2511
- build(deps): bump botocore from 1.29.156 to 1.29.161 by @dependabot in #2528
- build(deps): bump google-api-python-client from 2.89.0 to 2.90.0 by @dependabot in #2531
- build(deps): bump mkdocs-material from 9.1.16 to 9.1.17 by @dependabot in #2529
- build(deps-dev): bump moto from 4.1.11 to 4.1.12 by @dependabot in #2530
- build(deps-dev): bump openapi-spec-validator from 0.5.6 to 0.5.7 by @dependabot in #2507
- build(deps-dev): bump pytest from 7.3.2 to 7.4.0 by @dependabot in #2532
New Contributors
- @czantoine made their first contribution in #2553
Full Changelog: 3.6.1...3.7.0
Prowler 3.6.1 - Boots On
Fixes
- fix(rds checks): test if key exists prior checking it by @n4ch04 in #2489
- fix(security hub): Adds logic to map to valid ASFF statuses by @ckdake in #2491
- fix(route53): correct Hosted Zone ARN by @sergargar in #2494
- fix(asff): handle empty Recommendation Url by @sergargar in #2496
New Contributors
Full Changelog: 3.6.0...3.6.1
Prowler 3.6.0 - Boots On
Die With Your Boots On is a song of Iron Maiden's album Piece of mind, it is self explanatory, we like the vibe of that song in their lives, watch it here.
Basically, this is what we do here, we go all in or nothing! 💪🏼
We are bringing the best we have in this code of Prowler 3.6.0: some new checks, improved GCP support, new features, more fixes making it a better piece of software and more helpful for your daily job 😄
Remember to run pip install prowler --upgrade
and rock on! 🤘
New features to highlight in this version:
🥳 GCP Multi-Project support:
- Prowler now supports GCP Multi-Project scans! By default Prowler will scan all the GCP Projects that is allowed to scan, if you want to scan a single project or various specific projects you can use the following flag:
prowler gcp --project-ids <Project ID 1> <Project ID 2> ... <Project ID N>
✅ 16 new checks for GCP (Thanks to @jit-contrib ! 💪🏼 ):
- New services ApiKeys, DNS and Dataproc are covered and additional checks for Compute and IAM services.
- See all checks with
prowler gcp --list-checks
📝 OCSF Integration (Hello Amazon Security Lake!):
- OCSF JSON was added as a default output for AWS, Azure and GCP. It was based on the OCSF Schema's Security Finding v1.0.0-rc.3.
📊 AWS Well Architected Framework:
- The Security Pillar of the AWS Well-Architected Framework is now supported by Prowler, you can run it with the following command:
prowler aws --compliance aws_well_architected_framework_security_pillar_aws
⚙️ MFA supported in AWS:
- If your IAM entity enforces MFA for AWS Calls you can use
--mfa
and Prowler will ask you to input the following values to get a new session:
prowler aws --mfa
Enter ARN of MFA: arn:aws:iam::012345678910:mfa/xxxxxx
Enter MFA code: XXXXXX
What's Changed
Features
- feat(checks-gcp): Include 4 new checks covering GCP CIS by @jit-contrib in #2376
- feat(gcp): add 12 new checks for CIS Framework by @jit-contrib in #2426
- feat(gcp): add
--project-ids
flag and scan all projects by default by @sergargar in #2393 - feat(mfa): Add MFA flag if it is required by AWS IAM Entity by @senyberg in #2478
- feat(new_security_framework): AWS Well Architected Framework security pillar by @pedromarting3 in #2382
- feat(ocsf): add OCSF format as JSON output for AWS, Azure and GCP. Hello Amazon Security Lake! by @sergargar in #2429
- feat(vpc): add check
vpc_subnet_no_public_ip_by_default
by @senyberg in #2472 - feat(wellarchitected): add WellArchitected service and check by @sergargar in #2461
Fixes
- fix(arn validator): include
:
in regex by @n4ch04 in #2471 - fix(aws): Add missing resources ARN by @jfagoagas in #2453
- fix(azure): fix empty subscriptions case by @n4ch04 in #2455
- fix(backup): Handle last_execution_date when None by @jfagoagas in #2454
- fix(browser auth): fix browser auth in Azure to include tenant id by @n4ch04 in #2415
- fix(cloudfront): Bad https_enabled check comparison by @christiandavilakoobin in #2430
- fix(codebuild): handle FAIL in codebuild_project_user_controlled_buildspec by @sergargar in #2410
- fix(dataevents checks): add trails home region by @n4ch04 in #2484
- fix(ec2): handle false positive in
ec2_securitygroup_allow_ingress_from_internet_to_any_port
by @sergargar in #2449 - fix(ecr): handle LifecyclePolicyNotFoundException by @sergargar in #2411
- fix(efs): Include resource ARN and handle from input by @jfagoagas in #2452
- fix(inventory): handle exception for every call by @sergargar in #2457
- fix(kms): check only KMS CMK tags by @sergargar in #2468
- fix(README): add references to tenant-id when browser auth by @n4ch04 in #2439
- fix(services): Handle AWS service errors by @jfagoagas in #2440
- fix(services): verify Route53 records and handle TrustedAdvisor error by @sergargar in #2448
- fix(typo): typo in README.md by @sergargar in #2406
- fix(typo) typo in README.md by @toniblyx in #2407
Chores
- chore(arn): add missing ARNs to AWS Services by @sergargar in #2476
- chore(arn): include ARN of AWS accounts by @sergargar in #2477
- chore(boto3): update boto3 config by @sergargar in #2459
- chore(compliance): Update Description in aws_well_architected_framework_security_pillar_aws.json by @sssalim-aws in #2432
- chore(docs): add summary table to README.md by @toniblyx in #2402
- chore(docs): Create CONTRIBUTING.md by @toniblyx in #2416
- chore(docs): improve allowlist suggestion by @sergargar in #2466
- chore(docs): improve custom checks docs by @sergargar in #2428
- chore(logo): Add Prowler logo in SVG format & Propose to Prowler icon design by @dsict in #2423
- chore(quick inventory): add warning message by @sergargar in #2460
- chore(regions_update): Changes in regions for AWS services. by @sergargar in #2474
- chore(vpc): add mapPublicIpOnLaunch attribute to VPC subnets by @senyberg in #2470
Dependencies
- build(deps): bump alive-progress from 3.1.1 to 3.1.4 by @dependabot in #2446
- build(deps): bump boto3 from 1.26.142 to 1.26.147 by @dependabot in #2480
- build(deps): bump botocore from 1.29.147 to 1.29.152 by @dependabot in #2482
- build(deps): bump cryptography from 40.0.2 to 41.0.0 by @dependabot in #2436
- build(deps): bump google-api-python-client from 2.86.0 to 2.88.0 by @dependabot in #2483
- build(deps): bump mkdocs-material from 9.1.12 to 9.1.15 by @dependabot in #2420
- build(deps): bump pydantic from 1.10.8 to 1.10.9 by @dependabot in #2481
- build(deps-dev): bump coverage from 7.2.5 to 7.2.7 by @dependabot in #2422
- build(deps-dev): bump docker from 6.1.2 to 6.1.3 by @dependabot in #2445
- build(deps-dev): bump moto from 4.1.10 to 4.1.11 by @dependabot in #2443
- build(deps-dev): bump pytest-xdist from 3.3.0 to 3.3.1 by @dependabot in #2421
- build(deps-dev): bump pytest from 7.3.1 to 7.3.2 by @dependabot in #2479
New Contributors
- @jit-contrib made their first contribution in #2376
- @dsict made their first contribution in #2423
- @sssalim-aws made their first contribution in #2432
- @christiandavilakoobin made their first contribution in #2430
- @senyberg made their first contribution in #2470
Full Changelog: 3.5.3...3.6.0
Prowler 3.5.3 - Dune (To Tame a Land)
Fixes
- fix(ClientError): handle ClientErrors in DynamoDB and Directory Service by @sergargar in #2400
- fix(OSError): handle different OSErrors by @kij in #2398
- fix(allowlist) -
tags
parameter is a string, not a list by @kppullin in #2375 - fix(aws): Handle unique map keys by @jfagoagas in #2390
- fix(categories): remove empty categories from metadata by @sergargar in #2401
- fix(inspector2): fix active findings count by @sergargar in #2395
- fix(pypi-release): Push version change to the branch by @jfagoagas in #2374
- fix(route53_dangling_ip_subdomain_takeover): notify only IPs with AWS IP Ranges by @sergargar in #2396
Dependencies
- build(deps): bump azure-identity from 1.12.0 to 1.13.0 by @dependabot in #2386
- build(deps): bump boto3 from 1.26.125 to 1.26.138 by @dependabot in #2389
- build(deps): bump botocore from 1.29.134 to 1.29.138 by @dependabot in #2383
- build(deps): bump requests from 2.30.0 to 2.31.0 by @dependabot in #2388
- build(deps): bump shodan from 1.29.0 to 1.29.1 by @dependabot in #2385
- build(deps-dev): bump moto from 4.1.9 to 4.1.10 by @dependabot in #2384
Chores
- chore(quick-inventory): send quick inventory to output bucket by @sergargar in #2399
- chore(regions_update): Changes in regions for AWS services. by @sergargar in #2378
New Contributors
Full Changelog: 3.5.2...3.5.3