Workflow

Prowler-cloud

Latest version: v5.0.5

Safety actively analyzes 693883 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 21 of 31

3.11.2

Not secure
What's Changed

Fixes
* fix(ec2_securitygroup_not_used): check if security group is associated by sergargar in https://github.com/prowler-cloud/prowler/pull/3026
* fix(GuardDuty): only execute checks if GuardDuty enabled by sergargar in https://github.com/prowler-cloud/prowler/pull/3028
* fix(securityhub): Use enabled_regions instead of audited_regions by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3029

Chores
* chore(accessanalyzer): include service in allowlist_non_default_regions by sergargar in https://github.com/prowler-cloud/prowler/pull/3025
* chore(args): make compatible severity and services arguments by sergargar in https://github.com/prowler-cloud/prowler/pull/3024
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/3035
* chore(release): update Prowler Version to 3.11.1 by sergargar in https://github.com/prowler-cloud/prowler/pull/3021
* chore: modify latest version msg by R3DRUN3 in https://github.com/prowler-cloud/prowler/pull/3036
* chore(azure regions): support non default azure region by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3013

Builds
* build(deps): bump alive-progress from 3.1.4 to 3.1.5 by dependabot in https://github.com/prowler-cloud/prowler/pull/3033
* build(deps): bump azure-storage-blob from 12.18.3 to 12.19.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3034
* build(deps): bump google-api-python-client from 2.106.0 to 2.107.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3032
* build(deps-dev): bump moto from 4.2.7 to 4.2.8 by dependabot in https://github.com/prowler-cloud/prowler/pull/3030
* build(deps-dev): bump pytest-xdist from 3.3.1 to 3.4.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3031

New Contributors
* R3DRUN3 made their first contribution in https://github.com/prowler-cloud/prowler/pull/3036

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.11.1...3.11.2

3.11.1

Not secure
What's Changed

Fixes
* fix(aws): check all conditions in IAM policy parser by mtronrd in https://github.com/prowler-cloud/prowler/pull/3006
* fix(clean local output dirs): clean dirs when output to S3 by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2997
* fix(cloudtrail): handle HasInsightSelectors key by sergargar in https://github.com/prowler-cloud/prowler/pull/2996
* fix(docs): improve allowlist examples by sergargar in https://github.com/prowler-cloud/prowler/pull/2995
* fix(iam): do not list tags for inline policies by sergargar in https://github.com/prowler-cloud/prowler/pull/3014
* fix(iam-sqs): handle exceptions for non-existent resources by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3010
* fix(rds): check if engines exist in region by sergargar in https://github.com/prowler-cloud/prowler/pull/3012
* fix(s3 race condition): catch error if a bucket does not exist any longer by kagahd in https://github.com/prowler-cloud/prowler/pull/3000
* fix(SQS): fix invalid SQS ARNs by mtronrd in https://github.com/prowler-cloud/prowler/pull/3016
* refactor(allowlist): simplify and handle corner cases with exceptions empty and * by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3019

Chores
* chore(brew): remove brew action by sergargar in https://github.com/prowler-cloud/prowler/pull/2994
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2993, https://github.com/prowler-cloud/prowler/pull/2998, https://github.com/prowler-cloud/prowler/pull/3001, https://github.com/prowler-cloud/prowler/pull/3007, https://github.com/prowler-cloud/prowler/pull/3011, https://github.com/prowler-cloud/prowler/pull/3020, https://github.com/prowler-cloud/prowler/pull/2992, https://github.com/prowler-cloud/prowler/pull/3008 and https://github.com/prowler-cloud/prowler/pull/3019
* docs(gcp): update GCP permissions by sergargar in https://github.com/prowler-cloud/prowler/pull/3008

Builds
* build(deps): bump google-api-python-client from 2.105.0 to 2.106.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3005
* build(deps): bump mkdocs-material from 9.4.7 to 9.4.8 by dependabot in https://github.com/prowler-cloud/prowler/pull/3004

New Contributors
* mtronrd made their first contribution in https://github.com/prowler-cloud/prowler/pull/3006

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.11.0...3.11.1

3.11.0

Not secure
_Sailing on and on and north across the sea
Sailing on and on and north 'til all is calm_

Dare to delve into this spectral realm, where the frightful protection of Prowler awaits you.
Happy haunting and secure coding this Halloween! πŸ§›β€β™‚οΈπŸ•ΈοΈπŸŒ™

New features to highlight in this version:

πŸ”Ž **Ignore Findings from services not in actual use**
- Prowler now allows you to ignore unused services findings, so you can reduce the number of findings in Prowler's reports.
`prowler <provider> --ignore-unused-services`
> See more in https://docs.prowler.cloud/en/latest/tutorials/ignore-unused-services/

βš™οΈ **New AWS Allowlist including AWS Control Tower resources**
- New allowlist file that ensures that applies to all resources created by AWS Control Tower when setting up a landing zone:
`prowler aws --allowlist prowler/config/aws_allowlist.yaml`
> See more in https://docs.prowler.cloud/en/latest/tutorials/allowlist/#default-aws-allowlist

🏷️ **STS V2 Tokens**
- Now Prowler will call Regional AWS STS endpoints to get session tokens valid in all AWS Regions.
> See more in https://docs.prowler.cloud/en/latest/tutorials/aws/role-assumption/#sts-endpoint-region

βœ… **New 9 checks for AWS!**
- New Account check `account_maintain_different_contact_details_to_security_billing_and_operations`
- New CloudTrail check `cloudtrail_multi_region_enabled_logging_management_events`
- New EC2 DataLifecycle Manager service and check `dlm_ebs_snapshot_lifecycle_policy_exists`
- New EC2 EBS check `ec2_ebs_volume_snapshots_exists`
- New DocumentDB service and check `documentdb_instance_storage_encrypted`
- New Support check `trustedadvisor_premium_support_plan_subscribed`
- New Neptune service and check `neptune_cluster_uses_public_subnet`
- New Elasticache service and check `elasticache_cluster_uses_public_subnet`
- New IAM check `iam_user_with_temporary_credentials`

Thanks to [Jit](https://www.jit.io/.) jit-contrib for their help on this checks.

Try them with `prowler aws` and improve your security posture now! πŸ”’

πŸ“ **Check Aliases are now supported**
- Now, Prowler allows you to use aliases for the checks. You only have to add the CheckAliases key to the check's metadata with a list of the aliases and then, you can execute it with: `prowler <provider> -c/--checks <check_alias_1>`
> See more in https://docs.prowler.cloud/en/latest/tutorials/check-aliases/

What's Changed
Features
* feat(alias): add check alias functionality by sergargar in https://github.com/prowler-cloud/prowler/pull/2971
* feat(allowlist): allowlist non-default regions configuration by sergargar in https://github.com/prowler-cloud/prowler/pull/2974
* feat(aws): New CloudTrail, DLM, DocumentDB, EC2, Account and Support checks by jit-contrib in https://github.com/prowler-cloud/prowler/pull/2675
* feat(aws): New Neptune, ElastiCache, APIGW and IAM checks by jit-contrib in https://github.com/prowler-cloud/prowler/pull/2862
* feat(controltower): add AWS Control Tower resources to default Allowlist configuration file by sergargar in https://github.com/prowler-cloud/prowler/pull/2953
* feat(ignore unused services): add `--ignore-unused-services` argument to ignore findings from services not in actual use by sergargar in https://github.com/prowler-cloud/prowler/pull/2936
* feat(report interface): add reporting interface call after report by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2948
* feat(vpc): add vpc, nacl or subnet names in findings by sergargar in https://github.com/prowler-cloud/prowler/pull/2928

Fixes
* fix(allowlist): verify if allowlist file exists by sergargar in https://github.com/prowler-cloud/prowler/pull/2988
* fix(APIGateway): Improve check naming by sergargar in https://github.com/prowler-cloud/prowler/pull/2952
* fix(cis): remove new lines in CIS csv by sergargar https://github.com/prowler-cloud/prowler/pull/2989
* fix(cloudtrail service): typo in logging info by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2976
* fix(ec2_instance_imdsv2_enabled ): verify if metadata service is disabled by therealtoastycat in https://github.com/prowler-cloud/prowler/pull/2978
* fix(ec2_securitygroup_not_used): Mock Lambda service by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2947
* fix(elbv2_desync_mitigation_mode): improve logic by sergargar in https://github.com/prowler-cloud/prowler/pull/2986
* fix(gcp): set always location to lowercase by sergargar in https://github.com/prowler-cloud/prowler/pull/2970
* fix(GuardDuty): Add `enabled_in_account` parameter by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2979
* fix(outputs): remove empty outputs by sergargar https://github.com/prowler-cloud/prowler/pull/2990
* fix(resource filters): add missing resource filters by sergargar in https://github.com/prowler-cloud/prowler/pull/2951
* fix(security group): check if security groups are used by Lambda by sergargar in https://github.com/prowler-cloud/prowler/pull/2944
* fix(sqs): Handle AWS.SimpleQueueService.NonExistentQueue in list_queue_tags by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2939
* fix(sts): force v2 STS tokens by sergargar in https://github.com/prowler-cloud/prowler/pull/2956
* fix(vpc): ignore com.amazonaws.vpce endpoints by sergargar in https://github.com/prowler-cloud/prowler/pull/2929
* fix(vpc_endpoint_services_allowed_principals_trust_boundaries): Principal by jfagoagas https://github.com/prowler-cloud/prowler/pull/2991
* fix(tests): remove tests folder after execution by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2962

Documentation
* chore(docs): Add report.region criteria by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2930
* docs(config): add missing configurable variables by kagahd in https://github.com/prowler-cloud/prowler/pull/2941
* chore(docs): add STS Endpoint and Allowlist updates by sergargar in https://github.com/prowler-cloud/prowler/pull/2964
* chore(docs): allowlist non-default regions by sergargar in https://github.com/prowler-cloud/prowler/pull/2980
* docs(v2_v3_mapping): document prowler v3.10.0 changes by kagahd in https://github.com/prowler-cloud/prowler/pull/2955

Chores
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2927, https://github.com/prowler-cloud/prowler/pull/2937, https://github.com/prowler-cloud/prowler/pull/2942, https://github.com/prowler-cloud/prowler/pull/2945, https://github.com/prowler-cloud/prowler/pull/2954, https://github.com/prowler-cloud/prowler/pull/2961
* chore(allowlist): Extract allowlist from report by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2975
* chore(allowlist): prettify allowlist names by sergargar in https://github.com/prowler-cloud/prowler/pull/2963
* chore(APIGatewayV2): improve check naming by sergargar in https://github.com/prowler-cloud/prowler/pull/2966
* chore(create_role_to_assume_cfn.yaml): Add DLM permissions by sergargar in https://github.com/prowler-cloud/prowler/pull/2949
* chore(gcp): print inactive GCP APIs by sergargar in https://github.com/prowler-cloud/prowler/pull/2987
* chore(github): ignore permissions path in GitHub actions by sergargar in https://github.com/prowler-cloud/prowler/pull/2950
* chore(permissions): add DLM permissions by sergargar in https://github.com/prowler-cloud/prowler/pull/2946

Dependencies
* build(deps): bump azure-identity from 1.14.1 to 1.15.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2982
* build(deps): bump azure-storage-blob from 12.18.2 to 12.18.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/2931
* build(deps): bump google-api-python-client from 2.104.0 to 2.105.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2985
* build(deps): bump mkdocs-material from 9.4.6 to 9.4.7 by dependabot in https://github.com/prowler-cloud/prowler/pull/2983
* build(deps): bump shodan from 1.30.0 to 1.30.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2935
* build(deps): bump urllib3 from 1.26.17 to 1.26.18 by dependabot in https://github.com/prowler-cloud/prowler/pull/2940
* build(deps-dev): bump moto from 4.2.6 to 4.2.7 by dependabot in https://github.com/prowler-cloud/prowler/pull/2984
* build(deps-dev): bump openapi-spec-validator from 0.6.0 to 0.7.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2958
* build(deps-dev): bump pylint from 3.0.1 to 3.0.2 by dependabot in https://github.com/prowler-cloud/prowler/pull/2957
* build(deps-dev): bump pytest from 7.4.2 to 7.4.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/2981
* build(deps-dev): bump vulture from 2.9.1 to 2.10 by dependabot in https://github.com/prowler-cloud/prowler/pull/2960
* build(deps-dev): bump werkzeug from 2.3.4 to 3.0.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2968

New Contributors
* therealtoastycat made their first contribution in https://github.com/prowler-cloud/prowler/pull/2978

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.10.0...3.11.0

3.10.0

Not secure
_Then they summoned me over to join in with them
At the dance of the dead
Into the circle of fire I followed them
Into the middle I was led_

_Dance of Death_ is an Iron Maiden's song, released on their 2003 album of the same name. The song combines the band's signature heavy metal sound with progressive elements. Lyrically, the song tells a story of a medieval dance of death, a symbolic representation of mortality and the inevitability of death. The lyrics are filled with vivid and dark imagery, and the song features intricate guitar work and powerful vocals from Bruce Dickinson. Enjoy this great song (https://www.youtube.com/watch?v=3659fTXvFts) while reading what's new! 🎸

New features to highlight in this version:

βš™οΈ **New checks for AWS!**
- New AWS IAM check `iam_role_administratoraccess_policy`.
- New AWS WAFv2 check `wafv2_webacl_logging_enabled`.
- Now the AWS IAM credentials checks (`iam_disable_90_days_credentials`, `iam_disable_45_days_credentials` and `iam_disable_30_days_credentials`) have been changed to two generic checks called `iam_user_accesskey_unused` and `iam_user_console_access_unused`. By default, it will fail when they are unused for 45 days, you can configure this value using the `max_unused_access_keys_days` and `max_console_access_days` configuration values. Read more at https://docs.prowler.cloud/en/latest/tutorials/configuration_file/

Try them with `prowler aws` and improve your security posture now! πŸ”’

🏷️ **Security Hub Tagging**
- Now Prowler will add AWS Resource Tags to every Security Hub finding and to json-asff outputs!

πŸ§‘β€πŸ€β€πŸ§‘ **Five new Prowler contributors!**
- Many thanks to CameronTStark, sbldevnet, JackStuart, devopspacellp and taylerhaviland for including more checks and keep improving Prowler!

What's Changed
Features
* feat(Dockerfile): add curl package to docker image by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2812
* feat(iam): add new check iam_role_administratoraccess_policy by kagahd in https://github.com/prowler-cloud/prowler/pull/2822
* feat(iam): improve disable credentials checks by sergargar in https://github.com/prowler-cloud/prowler/pull/2909
* feat(json-asff): adds AWS resource tags in json-asff and SecurityHub findings by sbldevnet in https://github.com/prowler-cloud/prowler/pull/2786
* feat(unix timestamp): add the --unix-timestamp flag to docs by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2816
* feat(unix timestamp): add unix timestamp to outputs by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2813
* feat(wafv2): Add check wafv2_webacl_logging_enabled by devopspacellp in https://github.com/prowler-cloud/prowler/pull/2898

Fixes
* fix(acm): add certificate id by sergargar in https://github.com/prowler-cloud/prowler/pull/2903
* fix(apigw): KeyError name by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2858
* fix(apikeys_..._90_days): fix key creation time with dinamic date by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2798
* fix(autoscaling_find_secrets_ec2_launch_configuration): Fix UnicodeDecodeError by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2870
* fix(aws): Include missing ARNs by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2880
* fix(azure): Typo in SQL check by JackStuart in https://github.com/prowler-cloud/prowler/pull/2881
* fix(cloudtrail_s3_dataevents_read/write_enabled): Handle S3 ARN by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2844
* fix(cloudwatch): ignore new lines in filters by sergargar in https://github.com/prowler-cloud/prowler/pull/2912
* fix(custom checks): fix import from s3 by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2901
* fix(dockerfile): Use latest curl by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2897
* fix(Dockerfile): update alpine version by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2925
* fix(ds): GetSnapshotLimits for MicrosoftAD by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2859
* fix(ebs): improve snapshot encryption logic and typos by taylerhaviland in https://github.com/prowler-cloud/prowler/pull/2836
* fix(ec2 ebs/instance checks): unify checks logic by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2795
* fix(ec2 nacl checks):unify logic by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2799
* fix(ec2 tests): add region and delete search sg checks by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2788
* fix(ec2 tests): add tags and region non sg checks by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2781
* fix(ec2_elastic_ip_unassigned): rename check by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2882
* fix(ec2_instance_..._ssm): mock ssm service and client in all the tests by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2804
* fix(eks_control_plane_endpoint_access_restricted): handle endpoint private access by Fennerr in https://github.com/prowler-cloud/prowler/pull/2824
* fix(eks_endpoints_not_publicly_accessible): handle endpoint private access by Fennerr in https://github.com/prowler-cloud/prowler/pull/2825
* fix(elb): add resource ARN to checks by sergargar in https://github.com/prowler-cloud/prowler/pull/2906
* fix(elbv2): Handle LoadBalancerNotFound by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2860
* fix(findingID): remove duplicate finding IDs by sergargar in https://github.com/prowler-cloud/prowler/pull/2890
* fix(html): unroll regions set prior concat by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2790
* fix(iam): findings of some checks may have been lost by kagahd in https://github.com/prowler-cloud/prowler/pull/2847
* fix(iam): Handle NoSuchEntityException in ListRolePolicies by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2857
* fix(iam): Handle NoSuchEntity when calling list_role_policies by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2872
* fix(iam credentials checks): unify logic by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2883
* fix(iam creds checks): add missing tests and fix current ones by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2888
* fix(iam creds tests): dont use search and negative indexes by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2899
* fix(iam_inline_policy_no_administrative_privileges): set resource id as the entity name by sergargar in https://github.com/prowler-cloud/prowler/pull/2820
* fix(iam_policy_no_administrative_privileges): check does not exist and maps not to check122 by kagahd in https://github.com/prowler-cloud/prowler/pull/2797
* fix(is_valid_arn): include . into resource name by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2789
* fix(outputs_unix_timestamp): Remove subsecond by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2861
* fix(pipeline): launch linters with file changes by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2911
* fix(policy_condition_parser): add StringEquals aws:SourceArn condition by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2793
* fix(pre-commit): add file filter to python linters by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2818
* fix(remove_custom_checks_module): delete service folder if empty by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2885
* fix(s3_bucket_policy_public_write_access): Handle S3 Policy without Principal by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2871
* fix(securityhub): archive SecurityHub findings in empty regions by sergargar in https://github.com/prowler-cloud/prowler/pull/2908
* fix(sqs_queues_not_publicly_accessible): Improve status extended by Fennerr in https://github.com/prowler-cloud/prowler/pull/2848
* fix(storage_ensure_minimum_tls_version_12): misspelling in metadata by CameronTStark in https://github.com/prowler-cloud/prowler/pull/2835
* fix(testing docs): fix testing docs typos and syntax by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2803
* fix(version): add timeout and check HTTP errors by sergargar in https://github.com/prowler-cloud/prowler/pull/2886
* fix(vpc): solves CidrBlock KeyError by sergargar in https://github.com/prowler-cloud/prowler/pull/2817
* fix(vpc_peering_routing_tables_with_least_privilege): check only peering routes by sergargar in https://github.com/prowler-cloud/prowler/pull/2887
* fix(pull-request.yml): launch linters when source code modified by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2922
* fix(build-lint-push pipeline): pass pipeline when ignored files by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2915

Chores
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2779, https://github.com/prowler-cloud/prowler/pull/2787, https://github.com/prowler-cloud/prowler/pull/2791, https://github.com/prowler-cloud/prowler/pull/2794, https://github.com/prowler-cloud/prowler/pull/2801, https://github.com/prowler-cloud/prowler/pull/2802, https://github.com/prowler-cloud/prowler/pull/2814, https://github.com/prowler-cloud/prowler/pull/2819, https://github.com/prowler-cloud/prowler/pull/2821, https://github.com/prowler-cloud/prowler/pull/2833, https://github.com/prowler-cloud/prowler/pull/2842, https://github.com/prowler-cloud/prowler/pull/2845, https://github.com/prowler-cloud/prowler/pull/2846, https://github.com/prowler-cloud/prowler/pull/2852, https://github.com/prowler-cloud/prowler/pull/2853, https://github.com/prowler-cloud/prowler/pull/2863, https://github.com/prowler-cloud/prowler/pull/2869, https://github.com/prowler-cloud/prowler/pull/2873, https://github.com/prowler-cloud/prowler/pull/2875, https://github.com/prowler-cloud/prowler/pull/2879, https://github.com/prowler-cloud/prowler/pull/2902, https://github.com/prowler-cloud/prowler/pull/2905, https://github.com/prowler-cloud/prowler/pull/2907 and https://github.com/prowler-cloud/prowler/pull/2923
* chore(iam): add IAM privilege escalation cases by sergargar in https://github.com/prowler-cloud/prowler/pull/2921
* docs(aws): Move regions and profiles to AWS by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2874
* docs(developer-guide): fix typos by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2878
* docs(misc): add option -z by sergargar in https://github.com/prowler-cloud/prowler/pull/2914
* docs(pull-request): Include check list to create/review PR by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2913
* refactor(security_hub): Send findings in batches by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2868
* test(utils): Include missing tests by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2884
* test(ec2_instance_managed_by_ssm): missing tests by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2800
* test(vpc_peering_routing_tables_with_least_privilege): add test by sergargar in https://github.com/prowler-cloud/prowler/pull/2889

Dependencies
* build(deps): bump azure-storage-blob from 12.18.1 to 12.18.2 by dependabot in https://github.com/prowler-cloud/prowler/pull/2916
* build(deps): bump cryptography from 41.0.3 to 41.0.4 by dependabot in https://github.com/prowler-cloud/prowler/pull/2856
* build(deps): bump google-api-python-client from 2.101.0 to 2.102.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2918
* build(deps): bump google-auth-httplib2 from 0.1.0 to 0.1.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2826
* build(deps): bump mkdocs-material from 9.4.3 to 9.4.4 by dependabot in https://github.com/prowler-cloud/prowler/pull/2917
* build(deps): bump mkdocs from 1.5.2 to 1.5.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/2849
* build(deps): bump pydantic from 1.10.12 to 1.10.13 by dependabot in https://github.com/prowler-cloud/prowler/pull/2891
* build(deps): bump slack-sdk from 3.22.0 to 3.23.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2919
* build(deps): bump urllib3 from 1.26.15 to 1.26.17 by dependabot in https://github.com/prowler-cloud/prowler/pull/2896
* build(deps-dev): bump coverage from 7.3.1 to 7.3.2 by dependabot in https://github.com/prowler-cloud/prowler/pull/2895
* build(deps-dev): bump gitpython from 3.1.35 to 3.1.37 by dependabot in https://github.com/prowler-cloud/prowler/pull/2924
* build(deps-dev): bump moto from 4.2.4 to 4.2.5 by dependabot in https://github.com/prowler-cloud/prowler/pull/2892
* build(deps-dev): bump pylint from 3.0.0 to 3.0.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2920
* build(deps-dev): bump pytest from 7.4.1 to 7.4.2 by dependabot in https://github.com/prowler-cloud/prowler/pull/2827
* build(deps-dev): bump vulture from 2.8 to 2.9.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2785

New Contributors
* CameronTStark made their first contribution in https://github.com/prowler-cloud/prowler/pull/2835
* taylerhaviland made their first contribution in https://github.com/prowler-cloud/prowler/pull/2836
* JackStuart made their first contribution in https://github.com/prowler-cloud/prowler/pull/2881
* sbldevnet made their first contribution in https://github.com/prowler-cloud/prowler/pull/2786
* devopspacellp made their first contribution in https://github.com/prowler-cloud/prowler/pull/2898

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.9.0...3.10.0

3.9.0

Not secure
_As a young boy chasing dragons
With your wooden sword so mighty
You're St. George or you're David and you always killed the beast
Times change very quickly and you had to grow up early
A house in smoking ruins and the bodies at your feet_

Sometimes chasing dragons and some times walking on the edge of the blade. This Iron Maiden's song _Flash of the Blade_ tells a good history about what comes on the table these days. Enjoy this great song written by Bruce Dickinson back in 1984 (https://www.youtube.com/watch?v=Qx0s8OqgBIw) while reading what's new!

New features to highlight in this version:

βš™οΈ **New checks for AWS!**
- New AWS Athena service with two new checks `athena_workgroup_encryption` and `athena_workgroup_enforce_configuration`.
- New AWS S3 check `s3_bucket_kms_encryption`.
- New AWS EC2 check `ec2_instance_detailed_monitoring_enabled`.
- New AWS IAM check `iam_inline_policy_no_administrative_privileges` with a new feature in the IAM service which now is capable of retrieving the inline policies for the Users, Roles and Groups.
- Now in the AWS ECR `ecr_repositories_scan_vulnerabilities_in_latest_image` you can configure the minimum severity for this check to raise a FAIL finding using the `ecr_repository_vulnerability_minimum_severity` configuration value. Read more at https://docs.prowler.cloud/en/latest/tutorials/configuration_file/

Try them with `prowler aws` and improve your security posture now! πŸ”’

πŸ–ŒοΈ **New CLI flag**
- List all the checks in JSON format, ready to be consumed by the `--checks-file` flag. Try it with `prowler aws --list-checks-json`.

πŸ“– **Developer Guide**
- We keep improving the Prowler documentation, specially the Developer Guide to help our contributors. Check it in the following link https://docs.prowler.cloud/en/latest/developer-guide/introduction/.

πŸ§‘β€πŸ€β€πŸ§‘ **Two new Prowler contributors!**
- Many thanks to vysakh-devopspace and gerardocampo for including more checks and keep improving Prowler!


What's Changed
Features
* feat(s3): Add S3 KMS encryption check by singergs in https://github.com/prowler-cloud/prowler/pull/2757
* feat(ec2): New check ec2_instance_detailed_monitoring_enabled by vysakh-devopspace in https://github.com/prowler-cloud/prowler/pull/2735
* feat(checks): dump all checks as a json file by jchrisfarris in https://github.com/prowler-cloud/prowler/pull/2683
* feat(ecr_repositories_scan_vulnerabilities_in_latest_image): Minimum severity is configurable by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2736
* feat(iam): Check inline policies in IAM Users, Groups & Roles for admin priv's by gerardocampo in https://github.com/prowler-cloud/prowler/pull/2750
* feat(compliance): Update AWS compliance frameworks after PR 2750 by gerardocampo in https://github.com/prowler-cloud/prowler/pull/2771
* feat(athena): New AWS Athena service + 2 workgroup checks by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2696

Fixes
* fix(azure): Status extended ends with a dot by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2725
* fix(is_account_only_allowed_in_condition): Context name on conditions are case-insensitive by christiandavilakoobin in https://github.com/prowler-cloud/prowler/pull/2726
* fix(gcp): Status extended ends with a dot by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2734
* fix(get_checks_from_input_arn): fix function and add tests by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2749
* fix(get_checks_from_input_arn): fix logic and add tests by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2764
* fix(get_regions_from_audit_resources): fix logic and add tests by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2766
* fix(nacls): Tests by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2760
* fix(iam_policy_allows_privilege_escalation): Handle admin permission so * by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2763
* fix(checks_to_execute): --checks and --resource_arn working together by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2743
* fix(ec2_securitygroup_default_restrict_traffic): fix check only allow empty rules by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2777

Chores
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2733, https://github.com/prowler-cloud/prowler/pull/2737, https://github.com/prowler-cloud/prowler/pull/2741, https://github.com/prowler-cloud/prowler/pull/2744, https://github.com/prowler-cloud/prowler/pull/2748, https://github.com/prowler-cloud/prowler/pull/2759, https://github.com/prowler-cloud/prowler/pull/2767 and https://github.com/prowler-cloud/prowler/pull/2773, https://github.com/prowler-cloud/prowler/pull/2776
* chore(parser): Move provider logic to their folder by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2746
* chore(s3): Move lib to the AWS provider and include tests by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2664

Security
* fix(security): GitPython issue by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2720

Documentation
* docs(style): Add more details by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2724
* docs(testing): Mocking the service and the service client at the service client level by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2747
* docs(audit_config): How to use it by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2739
* docs: explain output formats by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2774
* docs: Include new config ecr_repository_vulnerability_minimum_severity by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2775

Dependencies
* build(deps-dev): bump vulture from 2.7 to 2.8 by dependabot in https://github.com/prowler-cloud/prowler/pull/2727
* build(deps): bump mkdocs-material from 9.1.20 to 9.1.21 by dependabot in https://github.com/prowler-cloud/prowler/pull/2728
* build(deps): bump google-api-python-client from 2.95.0 to 2.96.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2729
* build(deps-dev): bump coverage from 7.2.7 to 7.3.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2730
* build(deps): bump azure-identity from 1.13.0 to 1.14.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2731
* build(deps): bump mkdocs-material from 9.1.21 to 9.2.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2752
* build(deps): bump google-api-python-client from 2.96.0 to 2.97.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2753
* build(deps-dev): bump pytest-randomly from 3.13.0 to 3.15.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2755
* build(deps): bump azure-mgmt-storage from 21.0.0 to 21.1.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2756
* build(deps): bump shodan from 1.29.1 to 1.30.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2754

Tests
* test(python): Test with 3.9, 3.10, 3.11 by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2718
* test(coverage): Add Codecov by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2719
* test(s3): Mock S3Control when used by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2722
* fix(test-vpc): use the right import paths by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2732
* tests(check_security_group) by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2740
* chore(tests): Replace sure with standard assert by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2738
* test(vpc_endpoint_services_allowed_principals_trust_boundaries) by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2768
* fix(test): Update moto to 4.1.15 and update tests by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2769

New Contributors
* vysakh-devopspace made their first contribution in https://github.com/prowler-cloud/prowler/pull/2735
* gerardocampo made their first contribution in https://github.com/prowler-cloud/prowler/pull/2750

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.8.2...3.9.0

3.8.2

Not secure
Fixes
* fix(shub): handle default output filename error by sergargar in https://github.com/prowler-cloud/prowler/pull/2709
* fix(s3_bucket_policy_public_write_access): look at account and bucket-level public access block settings by jchrisfarris in https://github.com/prowler-cloud/prowler/pull/2715


Chores
* chore(release): update Prowler Version to 3.8.1 by sergargar in https://github.com/prowler-cloud/prowler/pull/2706
* docs(developer-guide): Update checks, services and include testing by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2705
* chore(aws): Improve tests and status from accessanalyzer to cloudwatch by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2711
* chore(aws): 2nd round - Improve tests and include dot in status extended by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2714
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2712 and https://github.com/prowler-cloud/prowler/pull/2717

Documentation
* docs(dev-guide): Fix a list and include some details to use the report by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2710


**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.8.1...3.8.2

Page 21 of 31

Links

Releases

Has known vulnerabilities

Previous Next

Β© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.