Releases: prowler-cloud/prowler
Prowler 3.16.2 - Back in the Village
What's Changed
Fixes
- fix(aws_lambda): Update obsolete lambda runtimes for v3 by @pedrooot in #3736
- fix(wafv2): Handle WAFNonexistentItemException v3 by @pedrooot in #3762
Chores
- chore(version): update Prowler v3 version by @sergargar in #3731
- chore(backport): v4 -> v3 by @jfagoagas in #3767
- chore(dispatch): just for v3 by @jfagoagas in #3712
- fix(actions): Don't need expressions within if by @jfagoagas in #3733
- chore(regions_update): Changes in regions for AWS services by @n4ch04 in #3746, #3755, #3765
- chore(deps): bump idna from 3.6 to 3.7 by @dependabot in #3758
- chore(docs): Support toggle light/dark mode by @puchy22 in #3744
Full Changelog: 3.16.1...3.16.2
Prowler 4.0.1 - The Trooper
What's Changed
Fixes
- fix(actions): use LATEST_TAG for v4 by @jfagoagas in #3703
- fix(args): Handle default argument by @jfagoagas in #3674
- fix(compliance): add field ModoEjecucion in csv output for ENS by @pedrooot in #3719
- fix(dashboard): add correct label for each dropdown by @pedrooot in #3700
- fix(dashboard): Add multiple dashboard fixes by @pedrooot in #3714
- fix(dockerfile): add missing path to build by @jfagoagas in #3680
- fix(ens): add dependencias field ENS rd2022 compliance by @pedrooot in #3701
- fix(gcp): add project id to outputs by @sergargar in #3711
- fix(k8s): improve kubernetes deployment by @sergargar in #3713
- fix(k8s): sanitize context syntax only for output file names by @sergargar in #3689
- fix(service_name): fix typo in ServiceName field by @pedrooot in #3723
Chores
- chore(action): update python version to 3.12 in GH action by @sergargar in #3705
- chore(actions): Run for master and v3 by @jfagoagas in #3685
- chore(Azure): Optimize Entra service to use async funcs by @puchy22 in #3706
- chore(dependabot): Add v3 label by @jfagoagas in #3698
- chore(dependabot): Run also for v3 branch by @jfagoagas in #3683
- chore(dispatch): just for v3 by @jfagoagas in #3712
- chore(Dockerfile): remove deprecated dash dependencies by @sergargar in #3708
- chore(Dockerfile): update Python version to 3.12 by @sergargar in #3699
- chore(docs): update CloudShell scripts by @sergargar in #3687
- chore(merge): include latest changes of v3 by @sergargar in #3686
- chore(mutelist): remove space within mutelist name by @sergargar in #3690
- chore(regions): Add backport-v3 label by @jfagoagas in #3684
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3693
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3727
Documentation
- docs(dashboard): improve dashboard documentation by @pedrooot in #3688
- docs(images): fix images link in documentation by @sergargar in #3709
- docs(mutelist): remove MUTED and explain new fields by @jfagoagas in #3726
Dependencies
- build(deps): Update boto3 to version 1.34.77 by @sergargar in #3669
- chore(deps): bump botocore from 1.34.77 to 1.34.80 by @dependabot in #3715
- chore(deps): bump google-api-python-client from 2.124.0 to 2.125.0 by @dependabot in #3678
- chore(deps): bump kubernetes from 28.1.0 to 29.0.0 by @dependabot in #3679
- chore(deps): bump trufflesecurity/trufflehog from 3.71.2 to 3.72.0 by @dependabot in #3677
- chore(deps-dev): bump moto from 5.0.4 to 5.0.5 by @dependabot in #3681
Full Changelog: 4.0.0...4.0.1
Prowler 3.16.1 - Back in the Village
What's Changed
Fixes
- fix(actions): Docker v3-latest by @jfagoagas in #3692
- fix(actions): use LATEST_TAG by @jfagoagas in #3702
- fix(compliance): Add new fields to csv output for ENS compliance by @pedrooot in #3718
- fix(compliance ENS): fixing ens compliance dashboard by @n4ch04 in #3673
- fix(docs): solve docs dependencies by @sergargar in #3661
- fix(service_name): fix typo in ServiceName field for v3 by @pedrooot in #3724
- fix: typo by @jfagoagas in #3663
Chores
- chore(actions): Run for master and v3 by @jfagoagas in #3691
- chore(backport): include latest changes in v3 by @sergargar in #3728
- chore(readme): update azure count checks by @sergargar in #3667
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3656
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3676
- chore: 3.16.0 version by @jfagoagas in #3704
Docs
- docs(poetry): Add poetry command to install doc dependencies by @puchy22 in #3664
- docs(azure): test services in Azure added by @Hugo966 in #3649
Builds
- build(deps): bump msgraph-sdk from 1.1.0 to 1.2.0 by @dependabot in #3605
- chore(deps): bump google-api-python-client from 2.124.0 to 2.125.0 by @dependabot in #3695
- chore(deps): bump pydantic from 1.10.14 to 1.10.15 by @dependabot in #3716
- chore(deps): bump trufflesecurity/trufflehog from 3.71.2 to 3.72.0 by @dependabot in #3694
- chore(deps-dev): bump moto from 5.0.4 to 5.0.5 by @dependabot in #3696
Full Changelog: 3.16.0...3.16.1
Prowler 4.0.0 - The Trooper
You'll take my life, but I'll take yours too
You'll fire your musket, but I'll run you through
So when you're waiting for the next attack
You'd better stand, there's no turning back
When I started Prowler almost eight years ago, I thought about calling it The Trooper (thetrooper
as in the command line sounds good but I thought prowler
was even better). I can say today, with no doubt that this version 4.0 of Prowler, The Trooper, is by far the software that I always wanted to release. Now, as a company, with a whole team dedicated to Prowler (Open Source and SaaS), this is even more exciting. With standard support for AWS, Azure, GCP and also Kubernetes, with all new features, this is the beginning of a new era where Open Cloud Security makes an step forward and we say: hey WE ARE HERE FOR REAL and when you're waiting for the next attack, you'd better stand, there's no turning back
Enjoy Prowler - The Trooooooooper! 🤘🏽🔥 song!
Breaking Changes
- Allowlist now is called Mutelist
- Deprecate the AWS flag
--sts-endpoint-region
since we use AWS STS regional tokens. - The
--quiet
option has been deprecated, now use the--status
flag to select the finding's status you want to get fromPASS
,FAIL
orMANUAL
. - To send only FAILS to AWS Security Hub, now use either
--send-sh-only-fails
or--security-hub --status FAIL
- All
INFO
finding's status has changedMANUAL
.
We have deprecated some of our outputs formats:
- The HTML is replaced for the new Prowler Dashboard (
prowler dashboard
) - The JSON is replaced for the JSON OCSF v1.1.0
New features to highlight in this version
Dashboard
- Prowler has local dashboard to play with gathered data easier. Run
prowler dashboard
and enjoy overview data and compliance.
🎛️ New Kubernetes provider
- Prowler has a new Kubernetes provider to improve the security posture of your clusters! Try it now with
prowler kubernetes --kubeconfig-file <kube.yaml>
- CIS Benchmark 1.8 for K8s is included.
📄 Compliance
- All compliance frameworks are executed by default and stored in a new location:
output/compliance
AWS
- The AWS provider execution by default does not scan unused services, you can enable it with
--scan-unused-services
. - 2 new checks to detect possible threads, try it now with
prowler aws --category threat-detection
for Enumeration and Privilege Escalation type of activities.
🗺️ Azure
- All Azure findings includes the location!
- CIS Benchmark for Azure 2.0 and 2.1 is included.
🔇 Mutelist
- The renamed mutelist feature is available for all the providers.
- In AWS a default allowlist is included in the execution.
🌐 Outputs
- Prowler now the outputs in a common format for all the providers.
- The only JSON output now follows the OCSF Schema v1.1.0
💻 Providers
- We have unified the way of including new providers for easier development and to add new ones.
🔨 Fixer
- We have included a new argument
--fix
to allow you to remediate findings. You can list all the available fixers withprowler aws --list-fixers
Features
- feat(mute list): change allowlist to mute list by @sergargar in #3039
- feat(CloudProvider): introduce global provider Azure&GCP by @n4ch04 in #3069
- feat(compliance): execute all compliance by default by @sergargar in #3003
- feat(kubernetes): add Kubernetes provider by @sergargar in #3226
- feat(status): add --status flag by @sergargar in #3238
- feat(AwsProvider): include new structure for AWS provider by @n4ch04 in #3252
- feat(kubernetes): add etcd, controllermanager and rbac services by @sergargar in #3261
- feat(apiserver): new 9 Kubernetes ApiServer checks by @sergargar in #3288
- feat(apiserver): new 10 Kubernetes ApiServer checks by @sergargar in #3289
- feat(apiserver): new 10 Kubernetes ApiServer checks by @sergargar in #3290
- feat(controllermanager): add checks for Kubernetes Controller Manager by @sergargar in #3291
- feat(etcd): add checks for Kubernetes etcd by @sergargar in #3294
- feat(kubelet): add 10 checks of Kubernetes Kubelet service by @sergargar in #3302
- feat(rbac): add 9 checks of Kubernetes RBAC service by @sergargar in #3314
- feat(core): add 13 checks of Kubernetes Core service by @sergargar in #3315
- feat(kubelet): add 6 checks of Kubelet configuration files on the worker nodes by @sergargar in #3335
- feat(namespace): add
--namespaces
argument and solve bugs by @sergargar in #3431 - feat(mutelist): add Mute List for all providers by @sergargar in #3548
- feat(azure): locations added to Azure findings by @Hugo966 in #3596
- feat(compliance): Add CIS 1.8 framework for Kubernetes by @pedrooot in #3600
- feat(cloudtrail): add threat detection checks for AWS (enum and priv escalation) by @sergargar in #3602
- feat(fixer): add Prowler Fixer feature! by @sergargar in #3634
- feat(dashboards): add new Prowler dashboards by @pedrooot in #3575
Documentation
- docs(kubernetes): add Kubernetes documentation by @sergargar in #3482
- chore(readme): update k8s cis by @sergargar in #3640
Fixes
- fix(gcp): fix error in generating compliance by @sergargar in #3201
- fix(kubernetes): improve in-cluster execution by @sergargar in #3397
- fix(shodan): Make it available for all the providers by @jfagoagas in #3500
- fix(azure): use subscriptions in get_locations by @jfagoagas in #3541
- fix(compliance): fix csv output for framework Mitre Attack by @pedrooot in #3574
- fix(quickinventory): Adapt for the new AWS provider class by @jfagoagas in #3569
- fix(mapping): handle None attributes in data by @sergargar in #3588
- fix(securityhub): Add validation and handle errors by @jfagoagas in #3590
- fix(providers): import modules also from outside of directory by @sergargar in #3595
Chores
- chore(sts-endpoint): deprecate
--sts-endpoint-region
by @sergargar in #3046 - chore(manual status): change INFO to MANUAL status by @sergargar in #3254
- chore(tests): add kubernetes provider tests by @sergargar in #3265
- chore(aws): Remove old provider by @jfagoagas in #3468
- chore(kubernetes): add strong ciphers config vars by @sergargar in #3470
- chore(kubernetes): enhance checks metadata by @sergargar in #3469
- chore(azure): working version executing checks by @jfagoagas in #3472
- chore(gcp): working version executing checks by @jfagoagas in #3474
- chore(kubernetes): Working provider by @jfagoagas in #3475
- chore(aws): Simplify provider by @jfagoagas in #3481
- chore(aws): Working outputs by @jfagoagas in #3488
- chore(k8s): Working outputs by @jfagoagas in #3489
- chore(gcp): working outputs by @jfagoagas in #3490
- chore(azure): working outputs by @jfagoagas in #3491
- chore(providers): Store output options and mutelist by @jfagoagas in #3497
- chore(kubernetes): add outputs fields by @sergargar in #3499
- chore(config): Store in provider by @jfagoagas in #3498
- chore(html): deprecate output by @jfagoagas in #3501
- chore(compliance): solve compliance issues by @sergargar in #3507
- chore(csv): Common output for all the providers by @jfagoagas in #3513
- chore(json): deprecate native json by @jfagoagas i...
Prowler 3.16.0 - Back in the Village
Turn the spotlights on the people
Switch the dial and eat the worm
Take your chances, kill the engine
Drop your bombs and let it burn
Enjoy the last release of Prowler v3 🤘🏽🔥 with this Iron Maiden song!
New features to highlight in this version
💪🏼 17 New Azure checks
- Prowler is improving its Azure coverage by including 17 new checks that appears in the CIS Benchmark v2.0.0 and v2.1.0.
See all the new available checks withprowler azure --list-checks
🔒 Azure CIS v2.0 and v2.1 coverage
- Prowler includes coverage for two new compliance frameworks for Azure CIS, v2.0.0 and v2.1.0. You can execute these new frameworks with
prowler azure --compliance cis_2.1_azure
🔧 More fixes and updates for all the providers
Features
- feat(azure): New check related with diagnostics settings in subscriptions by @Hugo966 in #3539
- feat(azure): New check related with logging in Azure Key Vault by @Hugo966 in #3496
- feat(azure):App check related with http logs by @Hugo966 in #3568
- feat(entra): New 11 checks related with Microsoft Entra ID by @puchy22 in #3585
- feat(azure): New check related with trusted launch in vm by @Hugo966 in #3616
- feat(azure) New Microsoft Entra ID checks by @puchy22 in #3610
- feat(entra): Manage 403 error for getting user authentication methods by @puchy22 in #3624
- feat(azure): Check related with roles and vm access with mfa by @Hugo966 in #3638
- feat(compliance): Add new CIS 2.0 / 2.1 compliance framework for Azure by @pedrooot in #3626
Fixes
- fix(metadata): change ResourceType Type for AWS Inline Policy Check by @gabrielsoltz in #3599
- fix(sts): handle China STS regions by @sergargar in #3613
- fix(azure): fixed check
vm_ensure_using_managed_disks
metadata by @Hugo966 in #3617 - fix(aws): break loop after FAIL in SQS and SNS checks by @kagahd in #3618
- fix(azure): normalize tenant domain set in checks by @sergargar in #3641
- fix(cis_2.0_azure): add remaining requirement with id 1.25 by @pedrooot in #3646
- fix(azure): add DefaultValue to Azure CIS compliance by @pedrooot in #3652
Documentation
- docs: Update number of Azure checks by @jfagoagas in #3639
- docs(azure): Add new permissions necessary from Microsoft Entra ID by @puchy22 in #3648
Chores
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3598, #3609, #3615, #3621, #3637, #3647
- chore(version): update Prowler version by @sergargar in #3614
- chore(apigateway): Handle NotFoundException by @jfagoagas in #3623
- chore(action): Prepare containers release for v4 by @jfagoagas in #3597
- chore(entra): Moving constants from checks and services to config file by @puchy22 in #3645
- chore(azure): Fix AKS and App tests to new format by @puchy22 in #3651
Dependencies
- build(deps): bump trufflesecurity/trufflehog from 3.70.2 to 3.71.0 by @dependabot in #3603
- build(deps): bump crazy-max/ghaction-import-gpg from 4 to 6 by @dependabot in #3604
- build(deps-dev): bump mkdocs-material from 9.5.14 to 9.5.15 by @dependabot in #3606
- build(deps-dev): bump pytest-cov from 4.1.0 to 5.0.0 by @dependabot in #3607
- build(deps): bump google-api-python-client from 2.122.0 to 2.123.0 by @dependabot in #3608
- build(deps): bump tj-actions/changed-files from 43 to 44 by @dependabot in #3627
- build(deps): bump trufflesecurity/trufflehog from 3.71.0 to 3.71.2 by @dependabot in #3628
- build(deps): bump google-api-python-client from 2.123.0 to 2.124.0 by @dependabot in #3630
- build(deps-dev): bump mkdocs-material from 9.5.15 to 9.5.17 by @dependabot in #3633
- build(deps-dev): bump safety from 3.0.1 to 3.1.0 by @dependabot in #3632
- build(deps-dev): bump moto from 5.0.3 to 5.0.4 by @dependabot in #3629
Full Changelog: 3.15.3...3.16.0
Prowler 3.15.3 - Children of the Damned
Chores
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3581
- chore(actions): Set branch based on version by @jfagoagas in #3580
- chore(gcp): remove unnecessary default project id by @sergargar in #3586
- chore(release): update Prowler Version to 3.15.2. by @jfagoagas in #3591
Fixes
- fix(compliance): fix csv output for framework Mitre Attack v3 by @pedrooot in #3584
- fix(json-asff): Remediation.Recommendation.Text < 512 chars by @jfagoagas in #3589
- fix(apigatewayv2): handle empty names by @sergargar in #3592
- fix(securityhub): Remove region from exception match by @jfagoagas in #3593
Full Changelog: 3.15.2...3.15.3
Prowler 3.15.2 - Children of the Damned
Fixes
- fix(actions): Remove indent by @jfagoagas in #3577
- fix(cloudtrail): use dictionary instead of list by @sergargar in #3579
Full Changelog: 3.15.1...3.15.2
Prowler 3.15.1 - Children of the Damned
Fixes
- fix(action): Release on whatever branch by @jfagoagas in #3576
- fix(iam): handle KeyError in service_last_accessed by @sergargar in #3555
Chores
- chore(compliance): rename AWS FTR compliance by @sergargar in #3550
- chore(readme): update number of Prowler checks by @sergargar in #3544
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3547
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3552
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3566
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3571
- chore(release): update Prowler Version to 3.15.0 by @n4ch04 in #3543
Dependencies
- build(deps): bump azure-mgmt-compute from 30.5.0 to 30.6.0 by @dependabot in #3559
- build(deps): bump tj-actions/changed-files from 42 to 43 by @dependabot in #3560
- build(deps): bump trufflesecurity/trufflehog from 3.69.0 to 3.70.2 by @dependabot in #3561
- build(deps-dev): bump black from 24.2.0 to 24.3.0 by @dependabot in #3563
- build(deps-dev): bump coverage from 7.4.3 to 7.4.4 by @dependabot in #3558
- build(deps-dev): bump mkdocs-material from 9.5.12 to 9.5.14 by @dependabot in #3562
Full Changelog: 3.15.0...3.15.1
Prowler 3.15.0 - Children of the Damned
You’re children of the damned
Your backs against the wall
You turn into the light
You’re burning in the night
Beware the cloud security issues that paralyze! As per Bruce Dickinson comments at the BBC, this Iron Maiden song part of The Number of the Beast album was inspired by by Black Sabbath’s “Children of the Sea”. In any case, let’s put all those cloud security misconfigurations against the wall now!
Enjoy it! 🤘🏽🔥
New features to highlight in this version:
💪🏼 40 New Azure checks
- Prowler is improving its Azure coverage by including 40 new checks that appears in the CIS Benchmark v2.1.0.
(Thanks @Hugo966, @pedrooot and @puchy22 for their contributions and performance!)
See all the new available checks with
prowler azure -l
🔒 Shodan.io support for Azure and GCP
- Now, Prowler lets you also check if any public IPs in Azure or GCP are exposed in Shodan.
Try it withprowler gcp -c compute_public_address_shodan --shodan <API_KEY>
andprowler azure -c network_public_ip_shodan --shodan <API_KEY>
The Shodan API Key can also be set in the
config.yaml
file instead of using the--shodan
flag.
✅ Added Kubernetes Coverage in Cloud Providers
- New checks that cover Kubernetes managed services in AWS (EKS), Azure (AKS) and in GCP (GKE/GCR) are now available in Prowler. Try them with
prowler aws/azure/gcp --services eks/aks/gke
📝 New AWS FTR Compliance
- AWS FTR helps you identify AWS Well-Architected best practices specific to your software or solution.
You can execute the new AWS Foundational Technical Review Compliance Framework withprowler aws --compliance foundational_technical_review_aws
Features
- feat(aws): add 2 new Amazon EKS checks from CIS by @sergargar in #3439
- feat(aws): Get organizations metadata if delegated admin by @jfagoagas in #3435
- feat(azure): add new check related with cmk by @Hugo966 in #3466
- feat(azure): add new check related with Public IPs in Shodan.io by @pedrooot in #3433
- feat(azure): Azure new checks related with AKS by @puchy22 in #3476
- feat(azure): Azure new checks related with App Service by @puchy22 in #3432
- feat(azure): Azure new check
policy_ensure_asc_enforcement_enabled
by @puchy22 in #3452 - feat(azure): Checks related to Azure Keyvault by @pedrooot in #3430
- feat(Azure): Entra service with two checks by @puchy22 in #3510
- feat(azure): New azure monitor check
monitor_ensure_diagnostic_setting_appropriate
by @Hugo966 in #3421 - feat(azure): new monitoring check ensuring storage account with logs private by @Hugo966 in #3453
- feat(azure): New check related with network flow logs by @Hugo966 in #3535
- feat(azure): 10 new checks related with alerts in monitoring by @Hugo966 in #3516
- feat(compliance): Add new compliance foundational_technical_review_aws by @pedrooot in #3511
- feat(gcp): add 3 new checks for GKE CIS by @sergargar in #3440
- feat(gcp): add Shodan check for GCP External Addresses by @sergargar in #3486
Fixes
- fix(checks_loader): Handle exceptions and always load checks by @jfagoagas in #3479
- fix(check_loader): Add validation in 'Categories' field from metadata by @pedrooot in #3480
- fix(cloudwatch): correct recommendation text by @sergargar in #3538
- fix(compliance): add default severity to Manual Mocked Metadata by @sergargar in #3484
- fix(compliance): set correct CSV Compliance model for CIS by @sergargar in #3503
- fix(compliance): set Generic Compliance as last model by @sergargar in #3487
- fix(compliance): set the provider dynamically in Manual checks by @sergargar in #3502
- fix(docs): Add docs group to install by @jfagoagas in #3436
- fix(docs): Fix some typos in requirements page by @pedrooot in #3504
- fix(docs): Fix typo and change info about mocking by @pedrooot in #3438
- fix(docs): readthedocs install by @jfagoagas in #3437
- fix(ecr): check if ECR Repository Policies does not exist by @sergargar in #3451
- fix(error_handling): delete unnecessary error in logger.error by @pedrooot in #3454
- fix(gcp): handle KeyError in Compute service by @sergargar in #3471
- fix(gcp): remove Default Project ID requirement by @sergargar in #3459
- fix(glue): Add mocked ARN by @jfagoagas in #3515
- fix(iam): ignore Root User in iam_user_mfa_enabled_console_access by @sergargar in #3537
- fix(LICENSE): update LICENSE copyright by @sergargar in #3508
- fix(security_hub): Handle user facing errors by @jfagoagas in #3456
Chores
- chore(action): Link docs in PR by @jfagoagas in #3448
- chore(allowlist): add AFT IAM roles to allowlist by @sergargar in #3460
- chore(arn): improve resource ARNs in checks by @sergargar in #3388
- chore(azure): Manage new errors in the Defender service by @puchy22 in #3534
- chore(docs): improve documentation for Azure debugging by @pedrooot in #3411
- chore(docs): Prettify notes and add dates by @jfagoagas in #3434
- chore(fixme): Add fixme for credentials refresh by @jfagoagas in #3485
- chore(gcp): set GCP account in output file name by @sergargar in #3461
- chore(README): update checks summary table by @sergargar in #3483
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3429
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3457
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3465
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3473
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3505
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3509
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3518
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3520
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3528
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3533
- chore(release): update Prowler Version to 3.14.0 by @n4ch04 in #3422
- chore: update feature request label by @jfagoagas in #3464
- docs(compliance): Add newline to format list by @jfagoagas in #3455
- docs: New overview page by @toniblyx in #3427
- docs: Update documentation links by @jfagoagas in #3424
- docs: Update README.md with bigger Slack link by @toniblyx in #3425
Dependencies
- build(deps): bump azure-keyvault-keys from 4.8.0 to 4.9.0 by @dependabot in #3443
- build(deps): bump azure-storage-blob from 12.19.0 to 12.19.1 by @dependabot in #3527
- build(deps): bump cryptography from 42.0.2 to 42.0.4 by @dependabot in #3428
- build(deps): bump google-api-python-client from 2.120.0 to 2.122.0 by @dependabot in #3531
- build(deps): bump slack-sdk from 3.27.0 to 3.27.1 by @dependabot in #3494
- build(deps): bump trufflesecurity/trufflehog from 3.68.4 to 3.69.0 by @dependabot in #3522
- build(deps-dev): bump...
Prowler 3.14.0 - Paschendale
Home, far away
From the war, a chance to live again
Home, far away
But the war, no chance to live again
Prowler 3.14 is here! Like the PI number, this version will drive you through the magic of fixing security issues in your cloud infrastructure, more Azure checks for your joy and amusement. Enjoy it! 🤘🏽🔥
New features to highlight in this version:
💪🏼 25 New Azure checks
- Prowler is improving its Azure coverage by including 25 more new checks that appears in the CIS Benchmark v2.0.0.
(Thanks again @pedrooot and @puchy22 for their contributions, way to go!)
See all the new available checks with
prowler azure -l
Features
- feat(azure): Add new checks related to Network service by @pedrooot in #3402
- feat(azure): Add new checks related to PostgreSQL service by @pedrooot in #3409
- feat(azure): Add new checks related App Insights service by @puchy22 in #3395
- feat(azure): Add new checks related MySQL service by @puchy22 in #3385
- feat(azure): Add new checks related to CosmosDB by @pedrooot in #3386
- feat(azure): Add new checks related VMs service. by @puchy22 in #3408
Fixes
- fix(azure): Typo in appinsights service by @puchy22 in #3407
- fix(backup): handle if
last_attempted_execution_date
is None by @sergargar in #3394 - fix(inspector2): Report must have status field by @jfagoagas in #3419
- fix(labeler): Add right path for testing by @jfagoagas in #3405
- fix(labeler): Work on forks too by @jfagoagas in #3410
- fix(storage): update metadata with CIS 2.0 in
storage_default_network_access_rule_is_denied
by @Hugo966 in #3387
Chores
- chore(list): list compliance and categories sorted by @sergargar in #3381
- chore(pull-request): Add automatic labeler by @jfagoagas in #3398
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3384, #3401 and #3406
- chore(release): update Prowler Version to 3.13.0 by @sergargar in #3380
- test(aws): Add default Boto3 credentials by @jfagoagas in #3404
Dependencies
- build(deps): bump google-api-python-client from 2.116.0 to 2.117.0 by @dependabot in #3391
- build(deps): bump google-api-python-client from 2.117.0 to 2.118.0 by @dependabot in #3417
- build(deps): bump mkdocs-material from 9.5.6 to 9.5.9 by @dependabot in #3392
- build(deps): bump mkdocs-material from 9.5.9 to 9.5.10 by @dependabot in #3416
- build(deps): bump slack-sdk from 3.26.2 to 3.27.0 by @dependabot in #3415
- build(deps): bump trufflesecurity/trufflehog from 3.67.2 to 3.67.5 by @dependabot in #3393
- build(deps): bump trufflesecurity/trufflehog from 3.67.5 to 3.67.6 by @dependabot in #3412
- build(deps-dev): bump bandit from 1.7.6 to 1.7.7 by @dependabot in #3390
- build(deps-dev): bump black from 24.1.1 to 24.2.0 by @dependabot in #3389
- build(deps-dev): bump moto from 5.0.1 to 5.0.2 by @dependabot in #3413
- build(deps-dev): bump pytest from 8.0.0 to 8.0.1 by @dependabot in #3414
New Contributors
Full Changelog: 3.13.0...3.14.0