Prowler 3.16.2 - Back in the Village

What's Changed

Fixes

• fix(aws_lambda): Update obsolete lambda runtimes for v3 by @pedrooot in #3736
• fix(wafv2): Handle WAFNonexistentItemException v3 by @pedrooot in #3762

Chores

• chore(version): update Prowler v3 version by @sergargar in #3731
• chore(backport): v4 -> v3 by @jfagoagas in #3767
  • chore(dispatch): just for v3 by @jfagoagas in #3712
  • fix(actions): Don't need expressions within if by @jfagoagas in #3733
  • chore(regions_update): Changes in regions for AWS services by @n4ch04 in #3746, #3755, #3765
  • chore(deps): bump idna from 3.6 to 3.7 by @dependabot in #3758
  • chore(docs): Support toggle light/dark mode by @puchy22 in #3744

Full Changelog: 3.16.1...3.16.2

Prowler 4.0.1 - The Trooper

What's Changed

Fixes

• fix(actions): use LATEST_TAG for v4 by @jfagoagas in #3703
• fix(args): Handle default argument by @jfagoagas in #3674
• fix(compliance): add field ModoEjecucion in csv output for ENS by @pedrooot in #3719
• fix(dashboard): add correct label for each dropdown by @pedrooot in #3700
• fix(dashboard): Add multiple dashboard fixes by @pedrooot in #3714
• fix(dockerfile): add missing path to build by @jfagoagas in #3680
• fix(ens): add dependencias field ENS rd2022 compliance by @pedrooot in #3701
• fix(gcp): add project id to outputs by @sergargar in #3711
• fix(k8s): improve kubernetes deployment by @sergargar in #3713
• fix(k8s): sanitize context syntax only for output file names by @sergargar in #3689
• fix(service_name): fix typo in ServiceName field by @pedrooot in #3723

Chores

• chore(action): update python version to 3.12 in GH action by @sergargar in #3705
• chore(actions): Run for master and v3 by @jfagoagas in #3685
• chore(Azure): Optimize Entra service to use async funcs by @puchy22 in #3706
• chore(dependabot): Add v3 label by @jfagoagas in #3698
• chore(dependabot): Run also for v3 branch by @jfagoagas in #3683
• chore(dispatch): just for v3 by @jfagoagas in #3712
• chore(Dockerfile): remove deprecated dash dependencies by @sergargar in #3708
• chore(Dockerfile): update Python version to 3.12 by @sergargar in #3699
• chore(docs): update CloudShell scripts by @sergargar in #3687
• chore(merge): include latest changes of v3 by @sergargar in #3686
• chore(mutelist): remove space within mutelist name by @sergargar in #3690
• chore(regions): Add backport-v3 label by @jfagoagas in #3684
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3693
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3727

Documentation

• docs(dashboard): improve dashboard documentation by @pedrooot in #3688
• docs(images): fix images link in documentation by @sergargar in #3709
• docs(mutelist): remove MUTED and explain new fields by @jfagoagas in #3726

Dependencies

• build(deps): Update boto3 to version 1.34.77 by @sergargar in #3669
• chore(deps): bump botocore from 1.34.77 to 1.34.80 by @dependabot in #3715
• chore(deps): bump google-api-python-client from 2.124.0 to 2.125.0 by @dependabot in #3678
• chore(deps): bump kubernetes from 28.1.0 to 29.0.0 by @dependabot in #3679
• chore(deps): bump trufflesecurity/trufflehog from 3.71.2 to 3.72.0 by @dependabot in #3677
• chore(deps-dev): bump moto from 5.0.4 to 5.0.5 by @dependabot in #3681

Full Changelog: 4.0.0...4.0.1

Prowler 3.16.1 - Back in the Village

What's Changed

Fixes

• fix(actions): Docker v3-latest by @jfagoagas in #3692
• fix(actions): use LATEST_TAG by @jfagoagas in #3702
• fix(compliance): Add new fields to csv output for ENS compliance by @pedrooot in #3718
• fix(compliance ENS): fixing ens compliance dashboard by @n4ch04 in #3673
• fix(docs): solve docs dependencies by @sergargar in #3661
• fix(service_name): fix typo in ServiceName field for v3 by @pedrooot in #3724
• fix: typo by @jfagoagas in #3663

Chores

• chore(actions): Run for master and v3 by @jfagoagas in #3691
• chore(backport): include latest changes in v3 by @sergargar in #3728
• chore(readme): update azure count checks by @sergargar in #3667
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3656
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3676
• chore: 3.16.0 version by @jfagoagas in #3704

Docs

• docs(poetry): Add poetry command to install doc dependencies by @puchy22 in #3664
• docs(azure): test services in Azure added by @Hugo966 in #3649

Builds

• build(deps): bump msgraph-sdk from 1.1.0 to 1.2.0 by @dependabot in #3605
• chore(deps): bump google-api-python-client from 2.124.0 to 2.125.0 by @dependabot in #3695
• chore(deps): bump pydantic from 1.10.14 to 1.10.15 by @dependabot in #3716
• chore(deps): bump trufflesecurity/trufflehog from 3.71.2 to 3.72.0 by @dependabot in #3694
• chore(deps-dev): bump moto from 5.0.4 to 5.0.5 by @dependabot in #3696

Full Changelog: 3.16.0...3.16.1

Prowler 4.0.0 - The Trooper

You'll take my life, but I'll take yours too
You'll fire your musket, but I'll run you through
So when you're waiting for the next attack
You'd better stand, there's no turning back

When I started Prowler almost eight years ago, I thought about calling it The Trooper (thetrooper as in the command line sounds good but I thought prowler was even better). I can say today, with no doubt that this version 4.0 of Prowler, The Trooper, is by far the software that I always wanted to release. Now, as a company, with a whole team dedicated to Prowler (Open Source and SaaS), this is even more exciting. With standard support for AWS, Azure, GCP and also Kubernetes, with all new features, this is the beginning of a new era where Open Cloud Security makes an step forward and we say: hey WE ARE HERE FOR REAL and when you're waiting for the next attack, you'd better stand, there's no turning back

Enjoy Prowler - The Trooooooooper! 🤘🏽🔥 song!

Breaking Changes

• Allowlist now is called Mutelist
• Deprecate the AWS flag --sts-endpoint-region since we use AWS STS regional tokens.
• The --quiet option has been deprecated, now use the --status flag to select the finding's status you want to get from PASS, FAIL or MANUAL.
• To send only FAILS to AWS Security Hub, now use either --send-sh-only-fails or --security-hub --status FAIL
• All INFO finding's status has changed MANUAL.

We have deprecated some of our outputs formats:

• The HTML is replaced for the new Prowler Dashboard (prowler dashboard)
• The JSON is replaced for the JSON OCSF v1.1.0

New features to highlight in this version

Dashboard

• Prowler has local dashboard to play with gathered data easier. Run prowler dashboard and enjoy overview data and compliance.
  

🎛️ New Kubernetes provider

• Prowler has a new Kubernetes provider to improve the security posture of your clusters! Try it now with prowler kubernetes --kubeconfig-file <kube.yaml>
• CIS Benchmark 1.8 for K8s is included.

📄 Compliance

• All compliance frameworks are executed by default and stored in a new location: output/compliance

AWS

• The AWS provider execution by default does not scan unused services, you can enable it with --scan-unused-services.
• 2 new checks to detect possible threads, try it now with prowler aws --category threat-detection for Enumeration and Privilege Escalation type of activities.

🗺️ Azure

• All Azure findings includes the location!
• CIS Benchmark for Azure 2.0 and 2.1 is included.

🔇 Mutelist

• The renamed mutelist feature is available for all the providers.
• In AWS a default allowlist is included in the execution.

🌐 Outputs

• Prowler now the outputs in a common format for all the providers.
• The only JSON output now follows the OCSF Schema v1.1.0

💻 Providers

• We have unified the way of including new providers for easier development and to add new ones.

🔨 Fixer

• We have included a new argument --fix to allow you to remediate findings. You can list all the available fixers with prowler aws --list-fixers

Features

• feat(mute list): change allowlist to mute list by @sergargar in #3039
• feat(CloudProvider): introduce global provider Azure&GCP by @n4ch04 in #3069
• feat(compliance): execute all compliance by default by @sergargar in #3003
• feat(kubernetes): add Kubernetes provider by @sergargar in #3226
• feat(status): add --status flag by @sergargar in #3238
• feat(AwsProvider): include new structure for AWS provider by @n4ch04 in #3252
• feat(kubernetes): add etcd, controllermanager and rbac services by @sergargar in #3261
• feat(apiserver): new 9 Kubernetes ApiServer checks by @sergargar in #3288
• feat(apiserver): new 10 Kubernetes ApiServer checks by @sergargar in #3289
• feat(apiserver): new 10 Kubernetes ApiServer checks by @sergargar in #3290
• feat(controllermanager): add checks for Kubernetes Controller Manager by @sergargar in #3291
• feat(etcd): add checks for Kubernetes etcd by @sergargar in #3294
• feat(kubelet): add 10 checks of Kubernetes Kubelet service by @sergargar in #3302
• feat(rbac): add 9 checks of Kubernetes RBAC service by @sergargar in #3314
• feat(core): add 13 checks of Kubernetes Core service by @sergargar in #3315
• feat(kubelet): add 6 checks of Kubelet configuration files on the worker nodes by @sergargar in #3335
• feat(namespace): add --namespaces argument and solve bugs by @sergargar in #3431
• feat(mutelist): add Mute List for all providers by @sergargar in #3548
• feat(azure): locations added to Azure findings by @Hugo966 in #3596
• feat(compliance): Add CIS 1.8 framework for Kubernetes by @pedrooot in #3600
• feat(cloudtrail): add threat detection checks for AWS (enum and priv escalation) by @sergargar in #3602
• feat(fixer): add Prowler Fixer feature! by @sergargar in #3634
• feat(dashboards): add new Prowler dashboards by @pedrooot in #3575

Documentation

• docs(kubernetes): add Kubernetes documentation by @sergargar in #3482
• chore(readme): update k8s cis by @sergargar in #3640

Fixes

• fix(gcp): fix error in generating compliance by @sergargar in #3201
• fix(kubernetes): improve in-cluster execution by @sergargar in #3397
• fix(shodan): Make it available for all the providers by @jfagoagas in #3500
• fix(azure): use subscriptions in get_locations by @jfagoagas in #3541
• fix(compliance): fix csv output for framework Mitre Attack by @pedrooot in #3574
• fix(quickinventory): Adapt for the new AWS provider class by @jfagoagas in #3569
• fix(mapping): handle None attributes in data by @sergargar in #3588
• fix(securityhub): Add validation and handle errors by @jfagoagas in #3590
• fix(providers): import modules also from outside of directory by @sergargar in #3595

Chores

• chore(sts-endpoint): deprecate --sts-endpoint-region by @sergargar in #3046
• chore(manual status): change INFO to MANUAL status by @sergargar in #3254
• chore(tests): add kubernetes provider tests by @sergargar in #3265
• chore(aws): Remove old provider by @jfagoagas in #3468
• chore(kubernetes): add strong ciphers config vars by @sergargar in #3470
• chore(kubernetes): enhance checks metadata by @sergargar in #3469
• chore(azure): working version executing checks by @jfagoagas in #3472
• chore(gcp): working version executing checks by @jfagoagas in #3474
• chore(kubernetes): Working provider by @jfagoagas in #3475
• chore(aws): Simplify provider by @jfagoagas in #3481
• chore(aws): Working outputs by @jfagoagas in #3488
• chore(k8s): Working outputs by @jfagoagas in #3489
• chore(gcp): working outputs by @jfagoagas in #3490
• chore(azure): working outputs by @jfagoagas in #3491
• chore(providers): Store output options and mutelist by @jfagoagas in #3497
• chore(kubernetes): add outputs fields by @sergargar in #3499
• chore(config): Store in provider by @jfagoagas in #3498
• chore(html): deprecate output by @jfagoagas in #3501
• chore(compliance): solve compliance issues by @sergargar in #3507
• chore(csv): Common output for all the providers by @jfagoagas in #3513
• chore(json): deprecate native json by @jfagoagas i...

Prowler 3.16.0 - Back in the Village

Turn the spotlights on the people
Switch the dial and eat the worm
Take your chances, kill the engine
Drop your bombs and let it burn

Enjoy the last release of Prowler v3 🤘🏽🔥 with this Iron Maiden song!

New features to highlight in this version

💪🏼 17 New Azure checks

• Prowler is improving its Azure coverage by including 17 new checks that appears in the CIS Benchmark v2.0.0 and v2.1.0.
  See all the new available checks with prowler azure --list-checks

🔒 Azure CIS v2.0 and v2.1 coverage

• Prowler includes coverage for two new compliance frameworks for Azure CIS, v2.0.0 and v2.1.0. You can execute these new frameworks with prowler azure --compliance cis_2.1_azure

🔧 More fixes and updates for all the providers

Features

• feat(azure): New check related with diagnostics settings in subscriptions by @Hugo966 in #3539
• feat(azure): New check related with logging in Azure Key Vault by @Hugo966 in #3496
• feat(azure):App check related with http logs by @Hugo966 in #3568
• feat(entra): New 11 checks related with Microsoft Entra ID by @puchy22 in #3585
• feat(azure): New check related with trusted launch in vm by @Hugo966 in #3616
• feat(azure) New Microsoft Entra ID checks by @puchy22 in #3610
• feat(entra): Manage 403 error for getting user authentication methods by @puchy22 in #3624
• feat(azure): Check related with roles and vm access with mfa by @Hugo966 in #3638
• feat(compliance): Add new CIS 2.0 / 2.1 compliance framework for Azure by @pedrooot in #3626

Fixes

• fix(metadata): change ResourceType Type for AWS Inline Policy Check by @gabrielsoltz in #3599
• fix(sts): handle China STS regions by @sergargar in #3613
• fix(azure): fixed check vm_ensure_using_managed_disks metadata by @Hugo966 in #3617
• fix(aws): break loop after FAIL in SQS and SNS checks by @kagahd in #3618
• fix(azure): normalize tenant domain set in checks by @sergargar in #3641
• fix(cis_2.0_azure): add remaining requirement with id 1.25 by @pedrooot in #3646
• fix(azure): add DefaultValue to Azure CIS compliance by @pedrooot in #3652

Documentation

• docs: Update number of Azure checks by @jfagoagas in #3639
• docs(azure): Add new permissions necessary from Microsoft Entra ID by @puchy22 in #3648

Chores

• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3598, #3609, #3615, #3621, #3637, #3647
• chore(version): update Prowler version by @sergargar in #3614
• chore(apigateway): Handle NotFoundException by @jfagoagas in #3623
• chore(action): Prepare containers release for v4 by @jfagoagas in #3597
• chore(entra): Moving constants from checks and services to config file by @puchy22 in #3645
• chore(azure): Fix AKS and App tests to new format by @puchy22 in #3651

Dependencies

• build(deps): bump trufflesecurity/trufflehog from 3.70.2 to 3.71.0 by @dependabot in #3603
• build(deps): bump crazy-max/ghaction-import-gpg from 4 to 6 by @dependabot in #3604
• build(deps-dev): bump mkdocs-material from 9.5.14 to 9.5.15 by @dependabot in #3606
• build(deps-dev): bump pytest-cov from 4.1.0 to 5.0.0 by @dependabot in #3607
• build(deps): bump google-api-python-client from 2.122.0 to 2.123.0 by @dependabot in #3608
• build(deps): bump tj-actions/changed-files from 43 to 44 by @dependabot in #3627
• build(deps): bump trufflesecurity/trufflehog from 3.71.0 to 3.71.2 by @dependabot in #3628
• build(deps): bump google-api-python-client from 2.123.0 to 2.124.0 by @dependabot in #3630
• build(deps-dev): bump mkdocs-material from 9.5.15 to 9.5.17 by @dependabot in #3633
• build(deps-dev): bump safety from 3.0.1 to 3.1.0 by @dependabot in #3632
• build(deps-dev): bump moto from 5.0.3 to 5.0.4 by @dependabot in #3629

Full Changelog: 3.15.3...3.16.0

Prowler 3.15.3 - Children of the Damned

Chores

• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3581
• chore(actions): Set branch based on version by @jfagoagas in #3580
• chore(gcp): remove unnecessary default project id by @sergargar in #3586
• chore(release): update Prowler Version to 3.15.2. by @jfagoagas in #3591

Fixes

• fix(compliance): fix csv output for framework Mitre Attack v3 by @pedrooot in #3584
• fix(json-asff): Remediation.Recommendation.Text < 512 chars by @jfagoagas in #3589
• fix(apigatewayv2): handle empty names by @sergargar in #3592
• fix(securityhub): Remove region from exception match by @jfagoagas in #3593

Full Changelog: 3.15.2...3.15.3

Prowler 3.15.2 - Children of the Damned

Fixes

• fix(actions): Remove indent by @jfagoagas in #3577
• fix(cloudtrail): use dictionary instead of list by @sergargar in #3579

Full Changelog: 3.15.1...3.15.2

Prowler 3.15.1 - Children of the Damned

Fixes

• fix(action): Release on whatever branch by @jfagoagas in #3576
• fix(iam): handle KeyError in service_last_accessed by @sergargar in #3555

Chores

• chore(compliance): rename AWS FTR compliance by @sergargar in #3550
• chore(readme): update number of Prowler checks by @sergargar in #3544
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3547
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3552
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3566
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3571
• chore(release): update Prowler Version to 3.15.0 by @n4ch04 in #3543

Dependencies

• build(deps): bump azure-mgmt-compute from 30.5.0 to 30.6.0 by @dependabot in #3559
• build(deps): bump tj-actions/changed-files from 42 to 43 by @dependabot in #3560
• build(deps): bump trufflesecurity/trufflehog from 3.69.0 to 3.70.2 by @dependabot in #3561
• build(deps-dev): bump black from 24.2.0 to 24.3.0 by @dependabot in #3563
• build(deps-dev): bump coverage from 7.4.3 to 7.4.4 by @dependabot in #3558
• build(deps-dev): bump mkdocs-material from 9.5.12 to 9.5.14 by @dependabot in #3562

Full Changelog: 3.15.0...3.15.1

Prowler 3.15.0 - Children of the Damned

You’re children of the damned
Your backs against the wall
You turn into the light
You’re burning in the night

Beware the cloud security issues that paralyze! As per Bruce Dickinson comments at the BBC, this Iron Maiden song part of The Number of the Beast album was inspired by by Black Sabbath’s “Children of the Sea”. In any case, let’s put all those cloud security misconfigurations against the wall now!

Enjoy it! 🤘🏽🔥

New features to highlight in this version:

💪🏼 40 New Azure checks

• Prowler is improving its Azure coverage by including 40 new checks that appears in the CIS Benchmark v2.1.0.
  (Thanks @Hugo966, @pedrooot and @puchy22 for their contributions and performance!)

See all the new available checks with prowler azure -l

🔒 Shodan.io support for Azure and GCP

• Now, Prowler lets you also check if any public IPs in Azure or GCP are exposed in Shodan.
  Try it with prowler gcp -c compute_public_address_shodan --shodan <API_KEY> and prowler azure -c network_public_ip_shodan --shodan <API_KEY>

The Shodan API Key can also be set in the config.yaml file instead of using the --shodan flag.

✅ Added Kubernetes Coverage in Cloud Providers

• New checks that cover Kubernetes managed services in AWS (EKS), Azure (AKS) and in GCP (GKE/GCR) are now available in Prowler. Try them with prowler aws/azure/gcp --services eks/aks/gke

📝 New AWS FTR Compliance

• AWS FTR helps you identify AWS Well-Architected best practices specific to your software or solution.
  You can execute the new AWS Foundational Technical Review Compliance Framework with prowler aws --compliance foundational_technical_review_aws

Features

• feat(aws): add 2 new Amazon EKS checks from CIS by @sergargar in #3439
• feat(aws): Get organizations metadata if delegated admin by @jfagoagas in #3435
• feat(azure): add new check related with cmk by @Hugo966 in #3466
• feat(azure): add new check related with Public IPs in Shodan.io by @pedrooot in #3433
• feat(azure): Azure new checks related with AKS by @puchy22 in #3476
• feat(azure): Azure new checks related with App Service by @puchy22 in #3432
• feat(azure): Azure new check policy_ensure_asc_enforcement_enabled by @puchy22 in #3452
• feat(azure): Checks related to Azure Keyvault by @pedrooot in #3430
• feat(Azure): Entra service with two checks by @puchy22 in #3510
• feat(azure): New azure monitor check monitor_ensure_diagnostic_setting_appropriate by @Hugo966 in #3421
• feat(azure): new monitoring check ensuring storage account with logs private by @Hugo966 in #3453
• feat(azure): New check related with network flow logs by @Hugo966 in #3535
• feat(azure): 10 new checks related with alerts in monitoring by @Hugo966 in #3516
• feat(compliance): Add new compliance foundational_technical_review_aws by @pedrooot in #3511
• feat(gcp): add 3 new checks for GKE CIS by @sergargar in #3440
• feat(gcp): add Shodan check for GCP External Addresses by @sergargar in #3486

Fixes

• fix(checks_loader): Handle exceptions and always load checks by @jfagoagas in #3479
• fix(check_loader): Add validation in 'Categories' field from metadata by @pedrooot in #3480
• fix(cloudwatch): correct recommendation text by @sergargar in #3538
• fix(compliance): add default severity to Manual Mocked Metadata by @sergargar in #3484
• fix(compliance): set correct CSV Compliance model for CIS by @sergargar in #3503
• fix(compliance): set Generic Compliance as last model by @sergargar in #3487
• fix(compliance): set the provider dynamically in Manual checks by @sergargar in #3502
• fix(docs): Add docs group to install by @jfagoagas in #3436
• fix(docs): Fix some typos in requirements page by @pedrooot in #3504
• fix(docs): Fix typo and change info about mocking by @pedrooot in #3438
• fix(docs): readthedocs install by @jfagoagas in #3437
• fix(ecr): check if ECR Repository Policies does not exist by @sergargar in #3451
• fix(error_handling): delete unnecessary error in logger.error by @pedrooot in #3454
• fix(gcp): handle KeyError in Compute service by @sergargar in #3471
• fix(gcp): remove Default Project ID requirement by @sergargar in #3459
• fix(glue): Add mocked ARN by @jfagoagas in #3515
• fix(iam): ignore Root User in iam_user_mfa_enabled_console_access by @sergargar in #3537
• fix(LICENSE): update LICENSE copyright by @sergargar in #3508
• fix(security_hub): Handle user facing errors by @jfagoagas in #3456

Chores

• chore(action): Link docs in PR by @jfagoagas in #3448
• chore(allowlist): add AFT IAM roles to allowlist by @sergargar in #3460
• chore(arn): improve resource ARNs in checks by @sergargar in #3388
• chore(azure): Manage new errors in the Defender service by @puchy22 in #3534
• chore(docs): improve documentation for Azure debugging by @pedrooot in #3411
• chore(docs): Prettify notes and add dates by @jfagoagas in #3434
• chore(fixme): Add fixme for credentials refresh by @jfagoagas in #3485
• chore(gcp): set GCP account in output file name by @sergargar in #3461
• chore(README): update checks summary table by @sergargar in #3483
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3429
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3457
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3465
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3473
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3505
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3509
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3518
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3520
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3528
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3533
• chore(release): update Prowler Version to 3.14.0 by @n4ch04 in #3422
• chore: update feature request label by @jfagoagas in #3464
• docs(compliance): Add newline to format list by @jfagoagas in #3455
• docs: New overview page by @toniblyx in #3427
• docs: Update documentation links by @jfagoagas in #3424
• docs: Update README.md with bigger Slack link by @toniblyx in #3425

Dependencies

• build(deps): bump azure-keyvault-keys from 4.8.0 to 4.9.0 by @dependabot in #3443
• build(deps): bump azure-storage-blob from 12.19.0 to 12.19.1 by @dependabot in #3527
• build(deps): bump cryptography from 42.0.2 to 42.0.4 by @dependabot in #3428
• build(deps): bump google-api-python-client from 2.120.0 to 2.122.0 by @dependabot in #3531
• build(deps): bump slack-sdk from 3.27.0 to 3.27.1 by @dependabot in #3494
• build(deps): bump trufflesecurity/trufflehog from 3.68.4 to 3.69.0 by @dependabot in #3522
• build(deps-dev): bump...

Prowler 3.14.0 - Paschendale

Home, far away
From the war, a chance to live again
Home, far away
But the war, no chance to live again

Iron Maiden's Paschendale.

Prowler 3.14 is here! Like the PI number, this version will drive you through the magic of fixing security issues in your cloud infrastructure, more Azure checks for your joy and amusement. Enjoy it! 🤘🏽🔥

New features to highlight in this version:

💪🏼 25 New Azure checks

• Prowler is improving its Azure coverage by including 25 more new checks that appears in the CIS Benchmark v2.0.0.
  (Thanks again @pedrooot and @puchy22 for their contributions, way to go!)

See all the new available checks with prowler azure -l

Features

• feat(azure): Add new checks related to Network service by @pedrooot in #3402
• feat(azure): Add new checks related to PostgreSQL service by @pedrooot in #3409
• feat(azure): Add new checks related App Insights service by @puchy22 in #3395
• feat(azure): Add new checks related MySQL service by @puchy22 in #3385
• feat(azure): Add new checks related to CosmosDB by @pedrooot in #3386
• feat(azure): Add new checks related VMs service. by @puchy22 in #3408

Fixes

• fix(azure): Typo in appinsights service by @puchy22 in #3407
• fix(backup): handle if last_attempted_execution_date is None by @sergargar in #3394
• fix(inspector2): Report must have status field by @jfagoagas in #3419
• fix(labeler): Add right path for testing by @jfagoagas in #3405
• fix(labeler): Work on forks too by @jfagoagas in #3410
• fix(storage): update metadata with CIS 2.0 in storage_default_network_access_rule_is_denied by @Hugo966 in #3387

Chores

• chore(list): list compliance and categories sorted by @sergargar in #3381
• chore(pull-request): Add automatic labeler by @jfagoagas in #3398
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3384, #3401 and #3406
• chore(release): update Prowler Version to 3.13.0 by @sergargar in #3380
• test(aws): Add default Boto3 credentials by @jfagoagas in #3404

Dependencies

• build(deps): bump google-api-python-client from 2.116.0 to 2.117.0 by @dependabot in #3391
• build(deps): bump google-api-python-client from 2.117.0 to 2.118.0 by @dependabot in #3417
• build(deps): bump mkdocs-material from 9.5.6 to 9.5.9 by @dependabot in #3392
• build(deps): bump mkdocs-material from 9.5.9 to 9.5.10 by @dependabot in #3416
• build(deps): bump slack-sdk from 3.26.2 to 3.27.0 by @dependabot in #3415
• build(deps): bump trufflesecurity/trufflehog from 3.67.2 to 3.67.5 by @dependabot in #3393
• build(deps): bump trufflesecurity/trufflehog from 3.67.5 to 3.67.6 by @dependabot in #3412
• build(deps-dev): bump bandit from 1.7.6 to 1.7.7 by @dependabot in #3390
• build(deps-dev): bump black from 24.1.1 to 24.2.0 by @dependabot in #3389
• build(deps-dev): bump moto from 5.0.1 to 5.0.2 by @dependabot in #3413
• build(deps-dev): bump pytest from 8.0.0 to 8.0.1 by @dependabot in #3414

New Contributors

• @Hugo966 made their first contribution in #3387

Full Changelog: 3.13.0...3.14.0