Workflow

Prowler-cloud

Latest version: v5.4.2

Safety actively analyzes 723217 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 23 of 33

3.12.0

Not secure
_Just sixteen, a pickup truck, out of money, out of luck
I've got nowhere to call my own, hit the gas, and here I go
I'm running free yeah, I'm running free
I'm running free yeah, oh I'm running free_

[Iron Maiden's Running Free](https://www.youtube.com/watch?v=iUpaMRxlRUc) song was published as single of their first album back in 1980. This song is all about running wild and running free as we do at Prowler, making cloud security open and transparent, easy to use and easy to customize, for you and thousands of organizations around the world.

_hit the gas, and here I go!_ This version is full of new features and important improvements requested by our vibrant community. Go ahead and smash your electric guitar and use Prowler straightaway by yourself or just using our service at [prowler.com](https://prowler.com).

Enjoy it! 🀘🏽πŸ”₯

New features to highlight in this version:

✍️ **Custom Checks Metadata**
- Now you can override the **Severity** from a check using the `--custom-checks-metadata-file custom_checks_metadata.yaml`. (Thanks venkyvajrala for the feature!)
> See more in https://docs.prowler.cloud/en/latest/tutorials/custom-checks-metadata/

πŸ‘· **Custom AWS Role Session name**
- Now you can customize the Role Session name that Prowler uses when assuming an AWS Role with `--role-session-name <role_session_name>`.
> See more in https://docs.prowler.cloud/en/latest/tutorials/aws/role-assumption/#custom-role-session-name

πŸ”§ **Scan only AWS enabled regions**
- Prowler now only scans AWS regions if they are enabled making the scan faster without the need to review services in regions that are not enabled.

🧡 **Improved threading using ThreadPoolExecutor**
- For the AWS Service now we use a [`ThreadPoolExecutor`](https://docs.python.org/3/library/concurrent.futures.html#threadpoolexecutor) to improve concurrency management and allowing to parallelise per resources not only per regions. Thanks to Fennerr for the improvement!

πŸ› **Bug fixing**
- Now the AWS Lambda service scans each Lambda function for secrets without the need to persist the code in memory therefore reducing drastically the memory usage.
- Tons of bug fixes in services, outputs, checks and some other core functions.

Features
* feat(cognito): add Amazon Cognito service by sergargar in https://github.com/prowler-cloud/prowler/pull/3060
* feat(custom_checks_metadata): Add checks metadata overide for severity by venkyvajrala in https://github.com/prowler-cloud/prowler/pull/3038
* feat(aws): Added AWS role session name parameter by Fennerr in https://github.com/prowler-cloud/prowler/pull/3234
* feat(securityhub): Send only FAILs but storing all in the output files by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3195

Fixes
* fix(access-analyzer): Handle ValidationException by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3165
* fix(allowlist): Analyse single and multi account allowlist if present by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3210
* fix(apigw_restapi_auth check): add method auth testing by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3183
* fix(aws_regions): Get enabled regions by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3095
* fix(clean local output dirs): change function description by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3068
* fix(cloudtrail): Handle UnsupportedOperationException by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3166
* fix(codeartifact): solve dependency confusion check by congon4tor in https://github.com/prowler-cloud/prowler/pull/2999
* fix(deps): Add missing jsonschema by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3052
* fix(docs): csv fields by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3092
* fix(docs): typo in reporting/csv by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3094
* fix(elasticache): Handle CacheClusterNotFound by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3174
* fix(fms): Handle PolicyComplianceStatusList key error by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3230
* fix(gcp): fix UnknownApiNameOrVersion error by sergargar in https://github.com/prowler-cloud/prowler/pull/3202
* fix(gcp): improve logging messages by sergargar in https://github.com/prowler-cloud/prowler/pull/3185
* fix(gcp provider): move generate_client for consistency by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3064
* fix(generate_regional_clients): Global is not needed anymore by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3162
* fix(iam): Handle NoSuchEntity in list_group_policies by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3197
* fix(json-ocsf): add profile only for AWS provider by sergargar in https://github.com/prowler-cloud/prowler/pull/3051
* fix(lambda): memory leakage with lambda function code by Fennerr in https://github.com/prowler-cloud/prowler/pull/3167
* fix(organizations_scp_check_deny_regions): enhance check logic by sergargar in https://github.com/prowler-cloud/prowler/pull/3239
* fix(outputs): initialize_file_descriptor is called dynamically by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3050
* fix(s3): Handle NoSuchBucket in the service by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3173
* fix(s3): handle NoSuchBucketPolicy error by sergargar in https://github.com/prowler-cloud/prowler/pull/3217
* fix(send_to_s3_bucket): don't kill exec when fail by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3088
* fix(set_azure_audit_info): assign correct logging when no auth by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3063
* fix(threading): Improved threading for the AWS Service by Fennerr in https://github.com/prowler-cloud/prowler/pull/3175
* fix(trustedadvisor): handle missing dict key by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3075
* fix(trustedadvisor): solve trustedadvisor check metadata by sergargar in https://github.com/prowler-cloud/prowler/pull/3216
* fix(vpc_different_regions): Handle if there are no VPC by williambrady in https://github.com/prowler-cloud/prowler/pull/3081
* revert(clean local dirs): delete clean local dirs output feature by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3087

Chores
* chore(actions): not launch linters for mkdocs.yml by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3093
* chore(actions prowler4): add prowler 4.0 branch to actions by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3184
* chore(elb): Improve status in elbv2_insecure_ssl_ciphers by Fennerr in https://github.com/prowler-cloud/prowler/pull/3169
* chore(ens): do not apply recomendation type to score by sergargar in https://github.com/prowler-cloud/prowler/pull/3058
* chore(moto): install all moto dependencies by sergargar in https://github.com/prowler-cloud/prowler/pull/3048
* chore(python): update python version constraint <3.12 by sergargar in https://github.com/prowler-cloud/prowler/pull/3047
* chore(s3 bucket input validation): validates input bucket by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3198
* chore(sqs_...not_publicly_accessible): less restrictive condition test by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3211
* chore: сhanged concatenation of strings to f-strings to improve readability by eukub in https://github.com/prowler-cloud/prowler/pull/3227
* chore(exception): handle error in describing regions by sergargar in https://github.com/prowler-cloud/prowler/pull/3241
* chore(role arguments): enhance role arguments validation by sergargar in https://github.com/prowler-cloud/prowler/pull/3240
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/3045, https://github.com/prowler-cloud/prowler/pull/3168, https://github.com/prowler-cloud/prowler/pull/3059, https://github.com/prowler-cloud/prowler/pull/3079, https://github.com/prowler-cloud/prowler/pull/3065, https://github.com/prowler-cloud/prowler/pull/3074, https://github.com/prowler-cloud/prowler/pull/3182, https://github.com/prowler-cloud/prowler/pull/3189, https://github.com/prowler-cloud/prowler/pull/3196
* refactor(cloudwatch): simplify logic by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3172
* refactor(load_checks_to_execute): Refactor function and add tests by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3066
* refactor(severities): Define it in one place by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3086

Docs
* docs(aws): Added debug information to inspect retries in API calls by Fennerr in https://github.com/prowler-cloud/prowler/pull/3186
* docs(cloudshell): Add missing steps to workaround by AlexGidarakos in https://github.com/prowler-cloud/prowler/pull/3191
* docs(cloudshell): Add workaround to clone from github by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3190
* docs(cloudshell): Update AWS CloudShell installation steps by AlexGidarakos in https://github.com/prowler-cloud/prowler/pull/3192
* docs(parallel-execution): Combining the output files by Fennerr in https://github.com/prowler-cloud/prowler/pull/3096
* docs(parallel-execution): How to execute it in parallel by Fennerr in https://github.com/prowler-cloud/prowler/pull/3091

Dependencies
* build(deps): bump cryptography from 41.0.4 to 41.0.6 by dependabot in https://github.com/prowler-cloud/prowler/pull/3078
* build(deps): bump google-api-python-client from 2.110.0 to 2.111.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3224
* build(deps): bump google-auth-httplib2 from 0.1.1 to 0.2.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3207
* build(deps): bump jsonschema from 4.18.0 to 4.20.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3057
* build(deps): bump mkdocs-material from 9.5.2 to 9.5.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/3220
* build(deps): bump shodan from 1.30.1 to 1.31.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3221
* build(deps): bump slack-sdk from 3.26.0 to 3.26.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/3107
* build(deps): bump tj-actions/changed-files from 39 to 41 in /.github/workflows by dependabot in https://github.com/prowler-cloud/prowler/pull/3235
* build(deps-dev): bump bandit from 1.7.5 to 1.7.6 by dependabot in https://github.com/prowler-cloud/prowler/pull/3179
* build(deps-dev): bump coverage from 7.3.4 to 7.4.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3233
* build(deps-dev): bump docker from 6.1.3 to 7.0.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3180
* build(deps-dev): bump freezegun from 1.3.1 to 1.4.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3222
* build(deps-dev): bump moto from 4.2.11 to 4.2.12 by dependabot in https://github.com/prowler-cloud/prowler/pull/3205
* build(deps-dev): bump pylint from 3.0.2 to 3.0.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/3203
* build(deps-dev): bump pytest-xdist from 3.4.0 to 3.5.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3071
* build(deps-dev): bump pytest from 7.4.3 to 7.4.4 by dependabot in https://github.com/prowler-cloud/prowler/pull/3232

Tests
* test(audit_info): refactor services tests by n4ch04 and jfagoagas in https://github.com/prowler-cloud/prowler/pull/3103, https://github.com/prowler-cloud/prowler/pull/3112, https://github.com/prowler-cloud/prowler/pull/3099, https://github.com/prowler-cloud/prowler/pull/3098, https://github.com/prowler-cloud/prowler/pull/3100, https://github.com/prowler-cloud/prowler/pull/3102, https://github.com/prowler-cloud/prowler/pull/3101, https://github.com/prowler-cloud/prowler/pull/3104, https://github.com/prowler-cloud/prowler/pull/3105, https://github.com/prowler-cloud/prowler/pull/3110, https://github.com/prowler-cloud/prowler/pull/3116, https://github.com/prowler-cloud/prowler/pull/3119, https://github.com/prowler-cloud/prowler/pull/3118, https://github.com/prowler-cloud/prowler/pull/3117, https://github.com/prowler-cloud/prowler/pull/3121, https://github.com/prowler-cloud/prowler/pull/3120, https://github.com/prowler-cloud/prowler/pull/3122, https://github.com/prowler-cloud/prowler/pull/3125, https://github.com/prowler-cloud/prowler/pull/3123, https://github.com/prowler-cloud/prowler/pull/3124, https://github.com/prowler-cloud/prowler/pull/3126, https://github.com/prowler-cloud/prowler/pull/3127, https://github.com/prowler-cloud/prowler/pull/3129, https://github.com/prowler-cloud/prowler/pull/3130, https://github.com/prowler-cloud/prowler/pull/3128, https://github.com/prowler-cloud/prowler/pull/3133, https://github.com/prowler-cloud/prowler/pull/3134, https://github.com/prowler-cloud/prowler/pull/3135, https://github.com/prowler-cloud/prowler/pull/3131, https://github.com/prowler-cloud/prowler/pull/3136, https://github.com/prowler-cloud/prowler/pull/3137, https://github.com/prowler-cloud/prowler/pull/3138, https://github.com/prowler-cloud/prowler/pull/3139, https://github.com/prowler-cloud/prowler/pull/3140, https://github.com/prowler-cloud/prowler/pull/3141, https://github.com/prowler-cloud/prowler/pull/3143, https://github.com/prowler-cloud/prowler/pull/3142, https://github.com/prowler-cloud/prowler/pull/3145, https://github.com/prowler-cloud/prowler/pull/3144, https://github.com/prowler-cloud/prowler/pull/3146, https://github.com/prowler-cloud/prowler/pull/3147, https://github.com/prowler-cloud/prowler/pull/3150, https://github.com/prowler-cloud/prowler/pull/3149, https://github.com/prowler-cloud/prowler/pull/3148, https://github.com/prowler-cloud/prowler/pull/3151, https://github.com/prowler-cloud/prowler/pull/3152, https://github.com/prowler-cloud/prowler/pull/3155, https://github.com/prowler-cloud/prowler/pull/3156, https://github.com/prowler-cloud/prowler/pull/3157, https://github.com/prowler-cloud/prowler/pull/3153, https://github.com/prowler-cloud/prowler/pull/3158, https://github.com/prowler-cloud/prowler/pull/3154, https://github.com/prowler-cloud/prowler/pull/3159, https://github.com/prowler-cloud/prowler/pull/3161, https://github.com/prowler-cloud/prowler/pull/3132, https://github.com/prowler-cloud/prowler/pull/3111, https://github.com/prowler-cloud/prowler/pull/3160, https://github.com/prowler-cloud/prowler/pull/3097, https://github.com/prowler-cloud/prowler/pull/3163, https://github.com/prowler-cloud/prowler/pull/3164, https://github.com/prowler-cloud/prowler/pull/3113, https://github.com/prowler-cloud/prowler/pull/3114, https://github.com/prowler-cloud/prowler/pull/3115
* test(aws_account_id): refactor by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3161

New Contributors
* venkyvajrala made their first contribution in https://github.com/prowler-cloud/prowler/pull/3038
* AlexGidarakos made their first contribution in https://github.com/prowler-cloud/prowler/pull/3191
* eukub made their first contribution in https://github.com/prowler-cloud/prowler/pull/3227

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.11.3...3.12.0

3.11.3

Not secure
What's Changed

Fixes
* fix(securityhub): findings not being imported or archived in non-aws partitions by johnny2lu in https://github.com/prowler-cloud/prowler/pull/3040
* fix(json): check if profile is None by sergargar in https://github.com/prowler-cloud/prowler/pull/3043

Chores
* chore(release): update Prowler Version to 3.11.2 by sergargar in https://github.com/prowler-cloud/prowler/pull/3037
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/3042

New Contributors
* johnny2lu made their first contribution in https://github.com/prowler-cloud/prowler/pull/3040

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.11.2...3.11.3

3.11.2

Not secure
What's Changed

Fixes
* fix(ec2_securitygroup_not_used): check if security group is associated by sergargar in https://github.com/prowler-cloud/prowler/pull/3026
* fix(GuardDuty): only execute checks if GuardDuty enabled by sergargar in https://github.com/prowler-cloud/prowler/pull/3028
* fix(securityhub): Use enabled_regions instead of audited_regions by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3029

Chores
* chore(accessanalyzer): include service in allowlist_non_default_regions by sergargar in https://github.com/prowler-cloud/prowler/pull/3025
* chore(args): make compatible severity and services arguments by sergargar in https://github.com/prowler-cloud/prowler/pull/3024
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/3035
* chore(release): update Prowler Version to 3.11.1 by sergargar in https://github.com/prowler-cloud/prowler/pull/3021
* chore: modify latest version msg by R3DRUN3 in https://github.com/prowler-cloud/prowler/pull/3036
* chore(azure regions): support non default azure region by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3013

Builds
* build(deps): bump alive-progress from 3.1.4 to 3.1.5 by dependabot in https://github.com/prowler-cloud/prowler/pull/3033
* build(deps): bump azure-storage-blob from 12.18.3 to 12.19.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3034
* build(deps): bump google-api-python-client from 2.106.0 to 2.107.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3032
* build(deps-dev): bump moto from 4.2.7 to 4.2.8 by dependabot in https://github.com/prowler-cloud/prowler/pull/3030
* build(deps-dev): bump pytest-xdist from 3.3.1 to 3.4.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3031

New Contributors
* R3DRUN3 made their first contribution in https://github.com/prowler-cloud/prowler/pull/3036

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.11.1...3.11.2

3.11.1

Not secure
What's Changed

Fixes
* fix(aws): check all conditions in IAM policy parser by mtronrd in https://github.com/prowler-cloud/prowler/pull/3006
* fix(clean local output dirs): clean dirs when output to S3 by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2997
* fix(cloudtrail): handle HasInsightSelectors key by sergargar in https://github.com/prowler-cloud/prowler/pull/2996
* fix(docs): improve allowlist examples by sergargar in https://github.com/prowler-cloud/prowler/pull/2995
* fix(iam): do not list tags for inline policies by sergargar in https://github.com/prowler-cloud/prowler/pull/3014
* fix(iam-sqs): handle exceptions for non-existent resources by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3010
* fix(rds): check if engines exist in region by sergargar in https://github.com/prowler-cloud/prowler/pull/3012
* fix(s3 race condition): catch error if a bucket does not exist any longer by kagahd in https://github.com/prowler-cloud/prowler/pull/3000
* fix(SQS): fix invalid SQS ARNs by mtronrd in https://github.com/prowler-cloud/prowler/pull/3016
* refactor(allowlist): simplify and handle corner cases with exceptions empty and * by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3019

Chores
* chore(brew): remove brew action by sergargar in https://github.com/prowler-cloud/prowler/pull/2994
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2993, https://github.com/prowler-cloud/prowler/pull/2998, https://github.com/prowler-cloud/prowler/pull/3001, https://github.com/prowler-cloud/prowler/pull/3007, https://github.com/prowler-cloud/prowler/pull/3011, https://github.com/prowler-cloud/prowler/pull/3020, https://github.com/prowler-cloud/prowler/pull/2992, https://github.com/prowler-cloud/prowler/pull/3008 and https://github.com/prowler-cloud/prowler/pull/3019
* docs(gcp): update GCP permissions by sergargar in https://github.com/prowler-cloud/prowler/pull/3008

Builds
* build(deps): bump google-api-python-client from 2.105.0 to 2.106.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3005
* build(deps): bump mkdocs-material from 9.4.7 to 9.4.8 by dependabot in https://github.com/prowler-cloud/prowler/pull/3004

New Contributors
* mtronrd made their first contribution in https://github.com/prowler-cloud/prowler/pull/3006

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.11.0...3.11.1

3.11.0

Not secure
_Sailing on and on and north across the sea
Sailing on and on and north 'til all is calm_

Dare to delve into this spectral realm, where the frightful protection of Prowler awaits you.
Happy haunting and secure coding this Halloween! πŸ§›β€β™‚οΈπŸ•ΈοΈπŸŒ™

New features to highlight in this version:

πŸ”Ž **Ignore Findings from services not in actual use**
- Prowler now allows you to ignore unused services findings, so you can reduce the number of findings in Prowler's reports.
`prowler <provider> --ignore-unused-services`
> See more in https://docs.prowler.cloud/en/latest/tutorials/ignore-unused-services/

βš™οΈ **New AWS Allowlist including AWS Control Tower resources**
- New allowlist file that ensures that applies to all resources created by AWS Control Tower when setting up a landing zone:
`prowler aws --allowlist prowler/config/aws_allowlist.yaml`
> See more in https://docs.prowler.cloud/en/latest/tutorials/allowlist/#default-aws-allowlist

🏷️ **STS V2 Tokens**
- Now Prowler will call Regional AWS STS endpoints to get session tokens valid in all AWS Regions.
> See more in https://docs.prowler.cloud/en/latest/tutorials/aws/role-assumption/#sts-endpoint-region

βœ… **New 9 checks for AWS!**
- New Account check `account_maintain_different_contact_details_to_security_billing_and_operations`
- New CloudTrail check `cloudtrail_multi_region_enabled_logging_management_events`
- New EC2 DataLifecycle Manager service and check `dlm_ebs_snapshot_lifecycle_policy_exists`
- New EC2 EBS check `ec2_ebs_volume_snapshots_exists`
- New DocumentDB service and check `documentdb_instance_storage_encrypted`
- New Support check `trustedadvisor_premium_support_plan_subscribed`
- New Neptune service and check `neptune_cluster_uses_public_subnet`
- New Elasticache service and check `elasticache_cluster_uses_public_subnet`
- New IAM check `iam_user_with_temporary_credentials`

Thanks to [Jit](https://www.jit.io/.) jit-contrib for their help on this checks.

Try them with `prowler aws` and improve your security posture now! πŸ”’

πŸ“ **Check Aliases are now supported**
- Now, Prowler allows you to use aliases for the checks. You only have to add the CheckAliases key to the check's metadata with a list of the aliases and then, you can execute it with: `prowler <provider> -c/--checks <check_alias_1>`
> See more in https://docs.prowler.cloud/en/latest/tutorials/check-aliases/

What's Changed
Features
* feat(alias): add check alias functionality by sergargar in https://github.com/prowler-cloud/prowler/pull/2971
* feat(allowlist): allowlist non-default regions configuration by sergargar in https://github.com/prowler-cloud/prowler/pull/2974
* feat(aws): New CloudTrail, DLM, DocumentDB, EC2, Account and Support checks by jit-contrib in https://github.com/prowler-cloud/prowler/pull/2675
* feat(aws): New Neptune, ElastiCache, APIGW and IAM checks by jit-contrib in https://github.com/prowler-cloud/prowler/pull/2862
* feat(controltower): add AWS Control Tower resources to default Allowlist configuration file by sergargar in https://github.com/prowler-cloud/prowler/pull/2953
* feat(ignore unused services): add `--ignore-unused-services` argument to ignore findings from services not in actual use by sergargar in https://github.com/prowler-cloud/prowler/pull/2936
* feat(report interface): add reporting interface call after report by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2948
* feat(vpc): add vpc, nacl or subnet names in findings by sergargar in https://github.com/prowler-cloud/prowler/pull/2928

Fixes
* fix(allowlist): verify if allowlist file exists by sergargar in https://github.com/prowler-cloud/prowler/pull/2988
* fix(APIGateway): Improve check naming by sergargar in https://github.com/prowler-cloud/prowler/pull/2952
* fix(cis): remove new lines in CIS csv by sergargar https://github.com/prowler-cloud/prowler/pull/2989
* fix(cloudtrail service): typo in logging info by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2976
* fix(ec2_instance_imdsv2_enabled ): verify if metadata service is disabled by therealtoastycat in https://github.com/prowler-cloud/prowler/pull/2978
* fix(ec2_securitygroup_not_used): Mock Lambda service by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2947
* fix(elbv2_desync_mitigation_mode): improve logic by sergargar in https://github.com/prowler-cloud/prowler/pull/2986
* fix(gcp): set always location to lowercase by sergargar in https://github.com/prowler-cloud/prowler/pull/2970
* fix(GuardDuty): Add `enabled_in_account` parameter by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2979
* fix(outputs): remove empty outputs by sergargar https://github.com/prowler-cloud/prowler/pull/2990
* fix(resource filters): add missing resource filters by sergargar in https://github.com/prowler-cloud/prowler/pull/2951
* fix(security group): check if security groups are used by Lambda by sergargar in https://github.com/prowler-cloud/prowler/pull/2944
* fix(sqs): Handle AWS.SimpleQueueService.NonExistentQueue in list_queue_tags by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2939
* fix(sts): force v2 STS tokens by sergargar in https://github.com/prowler-cloud/prowler/pull/2956
* fix(vpc): ignore com.amazonaws.vpce endpoints by sergargar in https://github.com/prowler-cloud/prowler/pull/2929
* fix(vpc_endpoint_services_allowed_principals_trust_boundaries): Principal by jfagoagas https://github.com/prowler-cloud/prowler/pull/2991
* fix(tests): remove tests folder after execution by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2962

Documentation
* chore(docs): Add report.region criteria by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2930
* docs(config): add missing configurable variables by kagahd in https://github.com/prowler-cloud/prowler/pull/2941
* chore(docs): add STS Endpoint and Allowlist updates by sergargar in https://github.com/prowler-cloud/prowler/pull/2964
* chore(docs): allowlist non-default regions by sergargar in https://github.com/prowler-cloud/prowler/pull/2980
* docs(v2_v3_mapping): document prowler v3.10.0 changes by kagahd in https://github.com/prowler-cloud/prowler/pull/2955

Chores
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2927, https://github.com/prowler-cloud/prowler/pull/2937, https://github.com/prowler-cloud/prowler/pull/2942, https://github.com/prowler-cloud/prowler/pull/2945, https://github.com/prowler-cloud/prowler/pull/2954, https://github.com/prowler-cloud/prowler/pull/2961
* chore(allowlist): Extract allowlist from report by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2975
* chore(allowlist): prettify allowlist names by sergargar in https://github.com/prowler-cloud/prowler/pull/2963
* chore(APIGatewayV2): improve check naming by sergargar in https://github.com/prowler-cloud/prowler/pull/2966
* chore(create_role_to_assume_cfn.yaml): Add DLM permissions by sergargar in https://github.com/prowler-cloud/prowler/pull/2949
* chore(gcp): print inactive GCP APIs by sergargar in https://github.com/prowler-cloud/prowler/pull/2987
* chore(github): ignore permissions path in GitHub actions by sergargar in https://github.com/prowler-cloud/prowler/pull/2950
* chore(permissions): add DLM permissions by sergargar in https://github.com/prowler-cloud/prowler/pull/2946

Dependencies
* build(deps): bump azure-identity from 1.14.1 to 1.15.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2982
* build(deps): bump azure-storage-blob from 12.18.2 to 12.18.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/2931
* build(deps): bump google-api-python-client from 2.104.0 to 2.105.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2985
* build(deps): bump mkdocs-material from 9.4.6 to 9.4.7 by dependabot in https://github.com/prowler-cloud/prowler/pull/2983
* build(deps): bump shodan from 1.30.0 to 1.30.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2935
* build(deps): bump urllib3 from 1.26.17 to 1.26.18 by dependabot in https://github.com/prowler-cloud/prowler/pull/2940
* build(deps-dev): bump moto from 4.2.6 to 4.2.7 by dependabot in https://github.com/prowler-cloud/prowler/pull/2984
* build(deps-dev): bump openapi-spec-validator from 0.6.0 to 0.7.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2958
* build(deps-dev): bump pylint from 3.0.1 to 3.0.2 by dependabot in https://github.com/prowler-cloud/prowler/pull/2957
* build(deps-dev): bump pytest from 7.4.2 to 7.4.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/2981
* build(deps-dev): bump vulture from 2.9.1 to 2.10 by dependabot in https://github.com/prowler-cloud/prowler/pull/2960
* build(deps-dev): bump werkzeug from 2.3.4 to 3.0.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2968

New Contributors
* therealtoastycat made their first contribution in https://github.com/prowler-cloud/prowler/pull/2978

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.10.0...3.11.0

3.10.0

Not secure
_Then they summoned me over to join in with them
At the dance of the dead
Into the circle of fire I followed them
Into the middle I was led_

_Dance of Death_ is an Iron Maiden's song, released on their 2003 album of the same name. The song combines the band's signature heavy metal sound with progressive elements. Lyrically, the song tells a story of a medieval dance of death, a symbolic representation of mortality and the inevitability of death. The lyrics are filled with vivid and dark imagery, and the song features intricate guitar work and powerful vocals from Bruce Dickinson. Enjoy this great song (https://www.youtube.com/watch?v=3659fTXvFts) while reading what's new! 🎸

New features to highlight in this version:

βš™οΈ **New checks for AWS!**
- New AWS IAM check `iam_role_administratoraccess_policy`.
- New AWS WAFv2 check `wafv2_webacl_logging_enabled`.
- Now the AWS IAM credentials checks (`iam_disable_90_days_credentials`, `iam_disable_45_days_credentials` and `iam_disable_30_days_credentials`) have been changed to two generic checks called `iam_user_accesskey_unused` and `iam_user_console_access_unused`. By default, it will fail when they are unused for 45 days, you can configure this value using the `max_unused_access_keys_days` and `max_console_access_days` configuration values. Read more at https://docs.prowler.cloud/en/latest/tutorials/configuration_file/

Try them with `prowler aws` and improve your security posture now! πŸ”’

🏷️ **Security Hub Tagging**
- Now Prowler will add AWS Resource Tags to every Security Hub finding and to json-asff outputs!

πŸ§‘β€πŸ€β€πŸ§‘ **Five new Prowler contributors!**
- Many thanks to CameronTStark, sbldevnet, JackStuart, devopspacellp and taylerhaviland for including more checks and keep improving Prowler!

What's Changed
Features
* feat(Dockerfile): add curl package to docker image by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2812
* feat(iam): add new check iam_role_administratoraccess_policy by kagahd in https://github.com/prowler-cloud/prowler/pull/2822
* feat(iam): improve disable credentials checks by sergargar in https://github.com/prowler-cloud/prowler/pull/2909
* feat(json-asff): adds AWS resource tags in json-asff and SecurityHub findings by sbldevnet in https://github.com/prowler-cloud/prowler/pull/2786
* feat(unix timestamp): add the --unix-timestamp flag to docs by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2816
* feat(unix timestamp): add unix timestamp to outputs by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2813
* feat(wafv2): Add check wafv2_webacl_logging_enabled by devopspacellp in https://github.com/prowler-cloud/prowler/pull/2898

Fixes
* fix(acm): add certificate id by sergargar in https://github.com/prowler-cloud/prowler/pull/2903
* fix(apigw): KeyError name by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2858
* fix(apikeys_..._90_days): fix key creation time with dinamic date by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2798
* fix(autoscaling_find_secrets_ec2_launch_configuration): Fix UnicodeDecodeError by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2870
* fix(aws): Include missing ARNs by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2880
* fix(azure): Typo in SQL check by JackStuart in https://github.com/prowler-cloud/prowler/pull/2881
* fix(cloudtrail_s3_dataevents_read/write_enabled): Handle S3 ARN by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2844
* fix(cloudwatch): ignore new lines in filters by sergargar in https://github.com/prowler-cloud/prowler/pull/2912
* fix(custom checks): fix import from s3 by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2901
* fix(dockerfile): Use latest curl by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2897
* fix(Dockerfile): update alpine version by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2925
* fix(ds): GetSnapshotLimits for MicrosoftAD by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2859
* fix(ebs): improve snapshot encryption logic and typos by taylerhaviland in https://github.com/prowler-cloud/prowler/pull/2836
* fix(ec2 ebs/instance checks): unify checks logic by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2795
* fix(ec2 nacl checks):unify logic by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2799
* fix(ec2 tests): add region and delete search sg checks by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2788
* fix(ec2 tests): add tags and region non sg checks by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2781
* fix(ec2_elastic_ip_unassigned): rename check by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2882
* fix(ec2_instance_..._ssm): mock ssm service and client in all the tests by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2804
* fix(eks_control_plane_endpoint_access_restricted): handle endpoint private access by Fennerr in https://github.com/prowler-cloud/prowler/pull/2824
* fix(eks_endpoints_not_publicly_accessible): handle endpoint private access by Fennerr in https://github.com/prowler-cloud/prowler/pull/2825
* fix(elb): add resource ARN to checks by sergargar in https://github.com/prowler-cloud/prowler/pull/2906
* fix(elbv2): Handle LoadBalancerNotFound by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2860
* fix(findingID): remove duplicate finding IDs by sergargar in https://github.com/prowler-cloud/prowler/pull/2890
* fix(html): unroll regions set prior concat by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2790
* fix(iam): findings of some checks may have been lost by kagahd in https://github.com/prowler-cloud/prowler/pull/2847
* fix(iam): Handle NoSuchEntityException in ListRolePolicies by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2857
* fix(iam): Handle NoSuchEntity when calling list_role_policies by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2872
* fix(iam credentials checks): unify logic by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2883
* fix(iam creds checks): add missing tests and fix current ones by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2888
* fix(iam creds tests): dont use search and negative indexes by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2899
* fix(iam_inline_policy_no_administrative_privileges): set resource id as the entity name by sergargar in https://github.com/prowler-cloud/prowler/pull/2820
* fix(iam_policy_no_administrative_privileges): check does not exist and maps not to check122 by kagahd in https://github.com/prowler-cloud/prowler/pull/2797
* fix(is_valid_arn): include . into resource name by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2789
* fix(outputs_unix_timestamp): Remove subsecond by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2861
* fix(pipeline): launch linters with file changes by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2911
* fix(policy_condition_parser): add StringEquals aws:SourceArn condition by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2793
* fix(pre-commit): add file filter to python linters by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2818
* fix(remove_custom_checks_module): delete service folder if empty by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2885
* fix(s3_bucket_policy_public_write_access): Handle S3 Policy without Principal by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2871
* fix(securityhub): archive SecurityHub findings in empty regions by sergargar in https://github.com/prowler-cloud/prowler/pull/2908
* fix(sqs_queues_not_publicly_accessible): Improve status extended by Fennerr in https://github.com/prowler-cloud/prowler/pull/2848
* fix(storage_ensure_minimum_tls_version_12): misspelling in metadata by CameronTStark in https://github.com/prowler-cloud/prowler/pull/2835
* fix(testing docs): fix testing docs typos and syntax by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2803
* fix(version): add timeout and check HTTP errors by sergargar in https://github.com/prowler-cloud/prowler/pull/2886
* fix(vpc): solves CidrBlock KeyError by sergargar in https://github.com/prowler-cloud/prowler/pull/2817
* fix(vpc_peering_routing_tables_with_least_privilege): check only peering routes by sergargar in https://github.com/prowler-cloud/prowler/pull/2887
* fix(pull-request.yml): launch linters when source code modified by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2922
* fix(build-lint-push pipeline): pass pipeline when ignored files by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2915

Chores
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2779, https://github.com/prowler-cloud/prowler/pull/2787, https://github.com/prowler-cloud/prowler/pull/2791, https://github.com/prowler-cloud/prowler/pull/2794, https://github.com/prowler-cloud/prowler/pull/2801, https://github.com/prowler-cloud/prowler/pull/2802, https://github.com/prowler-cloud/prowler/pull/2814, https://github.com/prowler-cloud/prowler/pull/2819, https://github.com/prowler-cloud/prowler/pull/2821, https://github.com/prowler-cloud/prowler/pull/2833, https://github.com/prowler-cloud/prowler/pull/2842, https://github.com/prowler-cloud/prowler/pull/2845, https://github.com/prowler-cloud/prowler/pull/2846, https://github.com/prowler-cloud/prowler/pull/2852, https://github.com/prowler-cloud/prowler/pull/2853, https://github.com/prowler-cloud/prowler/pull/2863, https://github.com/prowler-cloud/prowler/pull/2869, https://github.com/prowler-cloud/prowler/pull/2873, https://github.com/prowler-cloud/prowler/pull/2875, https://github.com/prowler-cloud/prowler/pull/2879, https://github.com/prowler-cloud/prowler/pull/2902, https://github.com/prowler-cloud/prowler/pull/2905, https://github.com/prowler-cloud/prowler/pull/2907 and https://github.com/prowler-cloud/prowler/pull/2923
* chore(iam): add IAM privilege escalation cases by sergargar in https://github.com/prowler-cloud/prowler/pull/2921
* docs(aws): Move regions and profiles to AWS by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2874
* docs(developer-guide): fix typos by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2878
* docs(misc): add option -z by sergargar in https://github.com/prowler-cloud/prowler/pull/2914
* docs(pull-request): Include check list to create/review PR by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2913
* refactor(security_hub): Send findings in batches by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2868
* test(utils): Include missing tests by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2884
* test(ec2_instance_managed_by_ssm): missing tests by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2800
* test(vpc_peering_routing_tables_with_least_privilege): add test by sergargar in https://github.com/prowler-cloud/prowler/pull/2889

Dependencies
* build(deps): bump azure-storage-blob from 12.18.1 to 12.18.2 by dependabot in https://github.com/prowler-cloud/prowler/pull/2916
* build(deps): bump cryptography from 41.0.3 to 41.0.4 by dependabot in https://github.com/prowler-cloud/prowler/pull/2856
* build(deps): bump google-api-python-client from 2.101.0 to 2.102.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2918
* build(deps): bump google-auth-httplib2 from 0.1.0 to 0.1.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2826
* build(deps): bump mkdocs-material from 9.4.3 to 9.4.4 by dependabot in https://github.com/prowler-cloud/prowler/pull/2917
* build(deps): bump mkdocs from 1.5.2 to 1.5.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/2849
* build(deps): bump pydantic from 1.10.12 to 1.10.13 by dependabot in https://github.com/prowler-cloud/prowler/pull/2891
* build(deps): bump slack-sdk from 3.22.0 to 3.23.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2919
* build(deps): bump urllib3 from 1.26.15 to 1.26.17 by dependabot in https://github.com/prowler-cloud/prowler/pull/2896
* build(deps-dev): bump coverage from 7.3.1 to 7.3.2 by dependabot in https://github.com/prowler-cloud/prowler/pull/2895
* build(deps-dev): bump gitpython from 3.1.35 to 3.1.37 by dependabot in https://github.com/prowler-cloud/prowler/pull/2924
* build(deps-dev): bump moto from 4.2.4 to 4.2.5 by dependabot in https://github.com/prowler-cloud/prowler/pull/2892
* build(deps-dev): bump pylint from 3.0.0 to 3.0.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2920
* build(deps-dev): bump pytest from 7.4.1 to 7.4.2 by dependabot in https://github.com/prowler-cloud/prowler/pull/2827
* build(deps-dev): bump vulture from 2.8 to 2.9.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2785

New Contributors
* CameronTStark made their first contribution in https://github.com/prowler-cloud/prowler/pull/2835
* taylerhaviland made their first contribution in https://github.com/prowler-cloud/prowler/pull/2836
* JackStuart made their first contribution in https://github.com/prowler-cloud/prowler/pull/2881
* sbldevnet made their first contribution in https://github.com/prowler-cloud/prowler/pull/2786
* devopspacellp made their first contribution in https://github.com/prowler-cloud/prowler/pull/2898

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.9.0...3.10.0

Page 23 of 33

Links

Releases

Has known vulnerabilities

Previous Next

Β© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.