Workflow

Prowler-cloud

Latest version: v5.4.3

Safety actively analyzes 723976 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 23 of 34

3.12.1

Not secure
Fixes
* fix(rds): handle api call error response by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3258
* fix(apigatewayv2_api_access_logging_enabled): Finding ID should be unique by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3263
* fix(allowlist): Handle empty exceptions by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3266
* fix(fms): handle list compliance status error by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3259

Chores
* chore(release): update Prowler Version to 3.12.0 by sergargar in https://github.com/prowler-cloud/prowler/pull/3242
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/3249, https://github.com/prowler-cloud/prowler/pull/3256, https://github.com/prowler-cloud/prowler/pull/3268
* chore(s3): Update log not to duplicate it by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3255
* chore(readme): remove deprecated library name by sergargar in https://github.com/prowler-cloud/prowler/pull/3251
* chore(precommit): set trufflehog as command by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3262

Docs
* docs: Add Codecov badge by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3248

Dependencies
* build(deps-dev): bump moto from 4.2.12 to 4.2.13 by dependabot in https://github.com/prowler-cloud/prowler/pull/3244
* build(deps): bump google-api-python-client from 2.111.0 to 2.113.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3245
* build(deps-dev): bump flake8 from 6.1.0 to 7.0.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3246
* build(deps-dev): bump gitpython from 3.1.37 to 3.1.41 by dependabot in https://github.com/prowler-cloud/prowler/pull/3257
* build(deps): bump jinja2 from 3.1.2 to 3.1.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/3267


**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.12.0...3.12.1

3.12.0

Not secure
_Just sixteen, a pickup truck, out of money, out of luck
I've got nowhere to call my own, hit the gas, and here I go
I'm running free yeah, I'm running free
I'm running free yeah, oh I'm running free_

[Iron Maiden's Running Free](https://www.youtube.com/watch?v=iUpaMRxlRUc) song was published as single of their first album back in 1980. This song is all about running wild and running free as we do at Prowler, making cloud security open and transparent, easy to use and easy to customize, for you and thousands of organizations around the world.

_hit the gas, and here I go!_ This version is full of new features and important improvements requested by our vibrant community. Go ahead and smash your electric guitar and use Prowler straightaway by yourself or just using our service at [prowler.com](https://prowler.com).

Enjoy it! 🀘🏽πŸ”₯

New features to highlight in this version:

✍️ **Custom Checks Metadata**
- Now you can override the **Severity** from a check using the `--custom-checks-metadata-file custom_checks_metadata.yaml`. (Thanks venkyvajrala for the feature!)
> See more in https://docs.prowler.cloud/en/latest/tutorials/custom-checks-metadata/

πŸ‘· **Custom AWS Role Session name**
- Now you can customize the Role Session name that Prowler uses when assuming an AWS Role with `--role-session-name <role_session_name>`.
> See more in https://docs.prowler.cloud/en/latest/tutorials/aws/role-assumption/#custom-role-session-name

πŸ”§ **Scan only AWS enabled regions**
- Prowler now only scans AWS regions if they are enabled making the scan faster without the need to review services in regions that are not enabled.

🧡 **Improved threading using ThreadPoolExecutor**
- For the AWS Service now we use a [`ThreadPoolExecutor`](https://docs.python.org/3/library/concurrent.futures.html#threadpoolexecutor) to improve concurrency management and allowing to parallelise per resources not only per regions. Thanks to Fennerr for the improvement!

πŸ› **Bug fixing**
- Now the AWS Lambda service scans each Lambda function for secrets without the need to persist the code in memory therefore reducing drastically the memory usage.
- Tons of bug fixes in services, outputs, checks and some other core functions.

Features
* feat(cognito): add Amazon Cognito service by sergargar in https://github.com/prowler-cloud/prowler/pull/3060
* feat(custom_checks_metadata): Add checks metadata overide for severity by venkyvajrala in https://github.com/prowler-cloud/prowler/pull/3038
* feat(aws): Added AWS role session name parameter by Fennerr in https://github.com/prowler-cloud/prowler/pull/3234
* feat(securityhub): Send only FAILs but storing all in the output files by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3195

Fixes
* fix(access-analyzer): Handle ValidationException by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3165
* fix(allowlist): Analyse single and multi account allowlist if present by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3210
* fix(apigw_restapi_auth check): add method auth testing by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3183
* fix(aws_regions): Get enabled regions by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3095
* fix(clean local output dirs): change function description by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3068
* fix(cloudtrail): Handle UnsupportedOperationException by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3166
* fix(codeartifact): solve dependency confusion check by congon4tor in https://github.com/prowler-cloud/prowler/pull/2999
* fix(deps): Add missing jsonschema by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3052
* fix(docs): csv fields by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3092
* fix(docs): typo in reporting/csv by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3094
* fix(elasticache): Handle CacheClusterNotFound by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3174
* fix(fms): Handle PolicyComplianceStatusList key error by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3230
* fix(gcp): fix UnknownApiNameOrVersion error by sergargar in https://github.com/prowler-cloud/prowler/pull/3202
* fix(gcp): improve logging messages by sergargar in https://github.com/prowler-cloud/prowler/pull/3185
* fix(gcp provider): move generate_client for consistency by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3064
* fix(generate_regional_clients): Global is not needed anymore by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3162
* fix(iam): Handle NoSuchEntity in list_group_policies by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3197
* fix(json-ocsf): add profile only for AWS provider by sergargar in https://github.com/prowler-cloud/prowler/pull/3051
* fix(lambda): memory leakage with lambda function code by Fennerr in https://github.com/prowler-cloud/prowler/pull/3167
* fix(organizations_scp_check_deny_regions): enhance check logic by sergargar in https://github.com/prowler-cloud/prowler/pull/3239
* fix(outputs): initialize_file_descriptor is called dynamically by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3050
* fix(s3): Handle NoSuchBucket in the service by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3173
* fix(s3): handle NoSuchBucketPolicy error by sergargar in https://github.com/prowler-cloud/prowler/pull/3217
* fix(send_to_s3_bucket): don't kill exec when fail by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3088
* fix(set_azure_audit_info): assign correct logging when no auth by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3063
* fix(threading): Improved threading for the AWS Service by Fennerr in https://github.com/prowler-cloud/prowler/pull/3175
* fix(trustedadvisor): handle missing dict key by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3075
* fix(trustedadvisor): solve trustedadvisor check metadata by sergargar in https://github.com/prowler-cloud/prowler/pull/3216
* fix(vpc_different_regions): Handle if there are no VPC by williambrady in https://github.com/prowler-cloud/prowler/pull/3081
* revert(clean local dirs): delete clean local dirs output feature by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3087

Chores
* chore(actions): not launch linters for mkdocs.yml by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3093
* chore(actions prowler4): add prowler 4.0 branch to actions by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3184
* chore(elb): Improve status in elbv2_insecure_ssl_ciphers by Fennerr in https://github.com/prowler-cloud/prowler/pull/3169
* chore(ens): do not apply recomendation type to score by sergargar in https://github.com/prowler-cloud/prowler/pull/3058
* chore(moto): install all moto dependencies by sergargar in https://github.com/prowler-cloud/prowler/pull/3048
* chore(python): update python version constraint <3.12 by sergargar in https://github.com/prowler-cloud/prowler/pull/3047
* chore(s3 bucket input validation): validates input bucket by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3198
* chore(sqs_...not_publicly_accessible): less restrictive condition test by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3211
* chore: сhanged concatenation of strings to f-strings to improve readability by eukub in https://github.com/prowler-cloud/prowler/pull/3227
* chore(exception): handle error in describing regions by sergargar in https://github.com/prowler-cloud/prowler/pull/3241
* chore(role arguments): enhance role arguments validation by sergargar in https://github.com/prowler-cloud/prowler/pull/3240
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/3045, https://github.com/prowler-cloud/prowler/pull/3168, https://github.com/prowler-cloud/prowler/pull/3059, https://github.com/prowler-cloud/prowler/pull/3079, https://github.com/prowler-cloud/prowler/pull/3065, https://github.com/prowler-cloud/prowler/pull/3074, https://github.com/prowler-cloud/prowler/pull/3182, https://github.com/prowler-cloud/prowler/pull/3189, https://github.com/prowler-cloud/prowler/pull/3196
* refactor(cloudwatch): simplify logic by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3172
* refactor(load_checks_to_execute): Refactor function and add tests by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3066
* refactor(severities): Define it in one place by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3086

Docs
* docs(aws): Added debug information to inspect retries in API calls by Fennerr in https://github.com/prowler-cloud/prowler/pull/3186
* docs(cloudshell): Add missing steps to workaround by AlexGidarakos in https://github.com/prowler-cloud/prowler/pull/3191
* docs(cloudshell): Add workaround to clone from github by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3190
* docs(cloudshell): Update AWS CloudShell installation steps by AlexGidarakos in https://github.com/prowler-cloud/prowler/pull/3192
* docs(parallel-execution): Combining the output files by Fennerr in https://github.com/prowler-cloud/prowler/pull/3096
* docs(parallel-execution): How to execute it in parallel by Fennerr in https://github.com/prowler-cloud/prowler/pull/3091

Dependencies
* build(deps): bump cryptography from 41.0.4 to 41.0.6 by dependabot in https://github.com/prowler-cloud/prowler/pull/3078
* build(deps): bump google-api-python-client from 2.110.0 to 2.111.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3224
* build(deps): bump google-auth-httplib2 from 0.1.1 to 0.2.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3207
* build(deps): bump jsonschema from 4.18.0 to 4.20.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3057
* build(deps): bump mkdocs-material from 9.5.2 to 9.5.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/3220
* build(deps): bump shodan from 1.30.1 to 1.31.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3221
* build(deps): bump slack-sdk from 3.26.0 to 3.26.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/3107
* build(deps): bump tj-actions/changed-files from 39 to 41 in /.github/workflows by dependabot in https://github.com/prowler-cloud/prowler/pull/3235
* build(deps-dev): bump bandit from 1.7.5 to 1.7.6 by dependabot in https://github.com/prowler-cloud/prowler/pull/3179
* build(deps-dev): bump coverage from 7.3.4 to 7.4.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3233
* build(deps-dev): bump docker from 6.1.3 to 7.0.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3180
* build(deps-dev): bump freezegun from 1.3.1 to 1.4.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3222
* build(deps-dev): bump moto from 4.2.11 to 4.2.12 by dependabot in https://github.com/prowler-cloud/prowler/pull/3205
* build(deps-dev): bump pylint from 3.0.2 to 3.0.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/3203
* build(deps-dev): bump pytest-xdist from 3.4.0 to 3.5.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3071
* build(deps-dev): bump pytest from 7.4.3 to 7.4.4 by dependabot in https://github.com/prowler-cloud/prowler/pull/3232

Tests
* test(audit_info): refactor services tests by n4ch04 and jfagoagas in https://github.com/prowler-cloud/prowler/pull/3103, https://github.com/prowler-cloud/prowler/pull/3112, https://github.com/prowler-cloud/prowler/pull/3099, https://github.com/prowler-cloud/prowler/pull/3098, https://github.com/prowler-cloud/prowler/pull/3100, https://github.com/prowler-cloud/prowler/pull/3102, https://github.com/prowler-cloud/prowler/pull/3101, https://github.com/prowler-cloud/prowler/pull/3104, https://github.com/prowler-cloud/prowler/pull/3105, https://github.com/prowler-cloud/prowler/pull/3110, https://github.com/prowler-cloud/prowler/pull/3116, https://github.com/prowler-cloud/prowler/pull/3119, https://github.com/prowler-cloud/prowler/pull/3118, https://github.com/prowler-cloud/prowler/pull/3117, https://github.com/prowler-cloud/prowler/pull/3121, https://github.com/prowler-cloud/prowler/pull/3120, https://github.com/prowler-cloud/prowler/pull/3122, https://github.com/prowler-cloud/prowler/pull/3125, https://github.com/prowler-cloud/prowler/pull/3123, https://github.com/prowler-cloud/prowler/pull/3124, https://github.com/prowler-cloud/prowler/pull/3126, https://github.com/prowler-cloud/prowler/pull/3127, https://github.com/prowler-cloud/prowler/pull/3129, https://github.com/prowler-cloud/prowler/pull/3130, https://github.com/prowler-cloud/prowler/pull/3128, https://github.com/prowler-cloud/prowler/pull/3133, https://github.com/prowler-cloud/prowler/pull/3134, https://github.com/prowler-cloud/prowler/pull/3135, https://github.com/prowler-cloud/prowler/pull/3131, https://github.com/prowler-cloud/prowler/pull/3136, https://github.com/prowler-cloud/prowler/pull/3137, https://github.com/prowler-cloud/prowler/pull/3138, https://github.com/prowler-cloud/prowler/pull/3139, https://github.com/prowler-cloud/prowler/pull/3140, https://github.com/prowler-cloud/prowler/pull/3141, https://github.com/prowler-cloud/prowler/pull/3143, https://github.com/prowler-cloud/prowler/pull/3142, https://github.com/prowler-cloud/prowler/pull/3145, https://github.com/prowler-cloud/prowler/pull/3144, https://github.com/prowler-cloud/prowler/pull/3146, https://github.com/prowler-cloud/prowler/pull/3147, https://github.com/prowler-cloud/prowler/pull/3150, https://github.com/prowler-cloud/prowler/pull/3149, https://github.com/prowler-cloud/prowler/pull/3148, https://github.com/prowler-cloud/prowler/pull/3151, https://github.com/prowler-cloud/prowler/pull/3152, https://github.com/prowler-cloud/prowler/pull/3155, https://github.com/prowler-cloud/prowler/pull/3156, https://github.com/prowler-cloud/prowler/pull/3157, https://github.com/prowler-cloud/prowler/pull/3153, https://github.com/prowler-cloud/prowler/pull/3158, https://github.com/prowler-cloud/prowler/pull/3154, https://github.com/prowler-cloud/prowler/pull/3159, https://github.com/prowler-cloud/prowler/pull/3161, https://github.com/prowler-cloud/prowler/pull/3132, https://github.com/prowler-cloud/prowler/pull/3111, https://github.com/prowler-cloud/prowler/pull/3160, https://github.com/prowler-cloud/prowler/pull/3097, https://github.com/prowler-cloud/prowler/pull/3163, https://github.com/prowler-cloud/prowler/pull/3164, https://github.com/prowler-cloud/prowler/pull/3113, https://github.com/prowler-cloud/prowler/pull/3114, https://github.com/prowler-cloud/prowler/pull/3115
* test(aws_account_id): refactor by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3161

New Contributors
* venkyvajrala made their first contribution in https://github.com/prowler-cloud/prowler/pull/3038
* AlexGidarakos made their first contribution in https://github.com/prowler-cloud/prowler/pull/3191
* eukub made their first contribution in https://github.com/prowler-cloud/prowler/pull/3227

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.11.3...3.12.0

3.11.3

Not secure
What's Changed

Fixes
* fix(securityhub): findings not being imported or archived in non-aws partitions by johnny2lu in https://github.com/prowler-cloud/prowler/pull/3040
* fix(json): check if profile is None by sergargar in https://github.com/prowler-cloud/prowler/pull/3043

Chores
* chore(release): update Prowler Version to 3.11.2 by sergargar in https://github.com/prowler-cloud/prowler/pull/3037
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/3042

New Contributors
* johnny2lu made their first contribution in https://github.com/prowler-cloud/prowler/pull/3040

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.11.2...3.11.3

3.11.2

Not secure
What's Changed

Fixes
* fix(ec2_securitygroup_not_used): check if security group is associated by sergargar in https://github.com/prowler-cloud/prowler/pull/3026
* fix(GuardDuty): only execute checks if GuardDuty enabled by sergargar in https://github.com/prowler-cloud/prowler/pull/3028
* fix(securityhub): Use enabled_regions instead of audited_regions by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3029

Chores
* chore(accessanalyzer): include service in allowlist_non_default_regions by sergargar in https://github.com/prowler-cloud/prowler/pull/3025
* chore(args): make compatible severity and services arguments by sergargar in https://github.com/prowler-cloud/prowler/pull/3024
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/3035
* chore(release): update Prowler Version to 3.11.1 by sergargar in https://github.com/prowler-cloud/prowler/pull/3021
* chore: modify latest version msg by R3DRUN3 in https://github.com/prowler-cloud/prowler/pull/3036
* chore(azure regions): support non default azure region by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3013

Builds
* build(deps): bump alive-progress from 3.1.4 to 3.1.5 by dependabot in https://github.com/prowler-cloud/prowler/pull/3033
* build(deps): bump azure-storage-blob from 12.18.3 to 12.19.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3034
* build(deps): bump google-api-python-client from 2.106.0 to 2.107.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3032
* build(deps-dev): bump moto from 4.2.7 to 4.2.8 by dependabot in https://github.com/prowler-cloud/prowler/pull/3030
* build(deps-dev): bump pytest-xdist from 3.3.1 to 3.4.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3031

New Contributors
* R3DRUN3 made their first contribution in https://github.com/prowler-cloud/prowler/pull/3036

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.11.1...3.11.2

3.11.1

Not secure
What's Changed

Fixes
* fix(aws): check all conditions in IAM policy parser by mtronrd in https://github.com/prowler-cloud/prowler/pull/3006
* fix(clean local output dirs): clean dirs when output to S3 by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2997
* fix(cloudtrail): handle HasInsightSelectors key by sergargar in https://github.com/prowler-cloud/prowler/pull/2996
* fix(docs): improve allowlist examples by sergargar in https://github.com/prowler-cloud/prowler/pull/2995
* fix(iam): do not list tags for inline policies by sergargar in https://github.com/prowler-cloud/prowler/pull/3014
* fix(iam-sqs): handle exceptions for non-existent resources by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3010
* fix(rds): check if engines exist in region by sergargar in https://github.com/prowler-cloud/prowler/pull/3012
* fix(s3 race condition): catch error if a bucket does not exist any longer by kagahd in https://github.com/prowler-cloud/prowler/pull/3000
* fix(SQS): fix invalid SQS ARNs by mtronrd in https://github.com/prowler-cloud/prowler/pull/3016
* refactor(allowlist): simplify and handle corner cases with exceptions empty and * by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3019

Chores
* chore(brew): remove brew action by sergargar in https://github.com/prowler-cloud/prowler/pull/2994
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2993, https://github.com/prowler-cloud/prowler/pull/2998, https://github.com/prowler-cloud/prowler/pull/3001, https://github.com/prowler-cloud/prowler/pull/3007, https://github.com/prowler-cloud/prowler/pull/3011, https://github.com/prowler-cloud/prowler/pull/3020, https://github.com/prowler-cloud/prowler/pull/2992, https://github.com/prowler-cloud/prowler/pull/3008 and https://github.com/prowler-cloud/prowler/pull/3019
* docs(gcp): update GCP permissions by sergargar in https://github.com/prowler-cloud/prowler/pull/3008

Builds
* build(deps): bump google-api-python-client from 2.105.0 to 2.106.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/3005
* build(deps): bump mkdocs-material from 9.4.7 to 9.4.8 by dependabot in https://github.com/prowler-cloud/prowler/pull/3004

New Contributors
* mtronrd made their first contribution in https://github.com/prowler-cloud/prowler/pull/3006

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.11.0...3.11.1

3.11.0

Not secure
_Sailing on and on and north across the sea
Sailing on and on and north 'til all is calm_

Dare to delve into this spectral realm, where the frightful protection of Prowler awaits you.
Happy haunting and secure coding this Halloween! πŸ§›β€β™‚οΈπŸ•ΈοΈπŸŒ™

New features to highlight in this version:

πŸ”Ž **Ignore Findings from services not in actual use**
- Prowler now allows you to ignore unused services findings, so you can reduce the number of findings in Prowler's reports.
`prowler <provider> --ignore-unused-services`
> See more in https://docs.prowler.cloud/en/latest/tutorials/ignore-unused-services/

βš™οΈ **New AWS Allowlist including AWS Control Tower resources**
- New allowlist file that ensures that applies to all resources created by AWS Control Tower when setting up a landing zone:
`prowler aws --allowlist prowler/config/aws_allowlist.yaml`
> See more in https://docs.prowler.cloud/en/latest/tutorials/allowlist/#default-aws-allowlist

🏷️ **STS V2 Tokens**
- Now Prowler will call Regional AWS STS endpoints to get session tokens valid in all AWS Regions.
> See more in https://docs.prowler.cloud/en/latest/tutorials/aws/role-assumption/#sts-endpoint-region

βœ… **New 9 checks for AWS!**
- New Account check `account_maintain_different_contact_details_to_security_billing_and_operations`
- New CloudTrail check `cloudtrail_multi_region_enabled_logging_management_events`
- New EC2 DataLifecycle Manager service and check `dlm_ebs_snapshot_lifecycle_policy_exists`
- New EC2 EBS check `ec2_ebs_volume_snapshots_exists`
- New DocumentDB service and check `documentdb_instance_storage_encrypted`
- New Support check `trustedadvisor_premium_support_plan_subscribed`
- New Neptune service and check `neptune_cluster_uses_public_subnet`
- New Elasticache service and check `elasticache_cluster_uses_public_subnet`
- New IAM check `iam_user_with_temporary_credentials`

Thanks to [Jit](https://www.jit.io/.) jit-contrib for their help on this checks.

Try them with `prowler aws` and improve your security posture now! πŸ”’

πŸ“ **Check Aliases are now supported**
- Now, Prowler allows you to use aliases for the checks. You only have to add the CheckAliases key to the check's metadata with a list of the aliases and then, you can execute it with: `prowler <provider> -c/--checks <check_alias_1>`
> See more in https://docs.prowler.cloud/en/latest/tutorials/check-aliases/

What's Changed
Features
* feat(alias): add check alias functionality by sergargar in https://github.com/prowler-cloud/prowler/pull/2971
* feat(allowlist): allowlist non-default regions configuration by sergargar in https://github.com/prowler-cloud/prowler/pull/2974
* feat(aws): New CloudTrail, DLM, DocumentDB, EC2, Account and Support checks by jit-contrib in https://github.com/prowler-cloud/prowler/pull/2675
* feat(aws): New Neptune, ElastiCache, APIGW and IAM checks by jit-contrib in https://github.com/prowler-cloud/prowler/pull/2862
* feat(controltower): add AWS Control Tower resources to default Allowlist configuration file by sergargar in https://github.com/prowler-cloud/prowler/pull/2953
* feat(ignore unused services): add `--ignore-unused-services` argument to ignore findings from services not in actual use by sergargar in https://github.com/prowler-cloud/prowler/pull/2936
* feat(report interface): add reporting interface call after report by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2948
* feat(vpc): add vpc, nacl or subnet names in findings by sergargar in https://github.com/prowler-cloud/prowler/pull/2928

Fixes
* fix(allowlist): verify if allowlist file exists by sergargar in https://github.com/prowler-cloud/prowler/pull/2988
* fix(APIGateway): Improve check naming by sergargar in https://github.com/prowler-cloud/prowler/pull/2952
* fix(cis): remove new lines in CIS csv by sergargar https://github.com/prowler-cloud/prowler/pull/2989
* fix(cloudtrail service): typo in logging info by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2976
* fix(ec2_instance_imdsv2_enabled ): verify if metadata service is disabled by therealtoastycat in https://github.com/prowler-cloud/prowler/pull/2978
* fix(ec2_securitygroup_not_used): Mock Lambda service by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2947
* fix(elbv2_desync_mitigation_mode): improve logic by sergargar in https://github.com/prowler-cloud/prowler/pull/2986
* fix(gcp): set always location to lowercase by sergargar in https://github.com/prowler-cloud/prowler/pull/2970
* fix(GuardDuty): Add `enabled_in_account` parameter by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2979
* fix(outputs): remove empty outputs by sergargar https://github.com/prowler-cloud/prowler/pull/2990
* fix(resource filters): add missing resource filters by sergargar in https://github.com/prowler-cloud/prowler/pull/2951
* fix(security group): check if security groups are used by Lambda by sergargar in https://github.com/prowler-cloud/prowler/pull/2944
* fix(sqs): Handle AWS.SimpleQueueService.NonExistentQueue in list_queue_tags by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2939
* fix(sts): force v2 STS tokens by sergargar in https://github.com/prowler-cloud/prowler/pull/2956
* fix(vpc): ignore com.amazonaws.vpce endpoints by sergargar in https://github.com/prowler-cloud/prowler/pull/2929
* fix(vpc_endpoint_services_allowed_principals_trust_boundaries): Principal by jfagoagas https://github.com/prowler-cloud/prowler/pull/2991
* fix(tests): remove tests folder after execution by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2962

Documentation
* chore(docs): Add report.region criteria by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2930
* docs(config): add missing configurable variables by kagahd in https://github.com/prowler-cloud/prowler/pull/2941
* chore(docs): add STS Endpoint and Allowlist updates by sergargar in https://github.com/prowler-cloud/prowler/pull/2964
* chore(docs): allowlist non-default regions by sergargar in https://github.com/prowler-cloud/prowler/pull/2980
* docs(v2_v3_mapping): document prowler v3.10.0 changes by kagahd in https://github.com/prowler-cloud/prowler/pull/2955

Chores
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2927, https://github.com/prowler-cloud/prowler/pull/2937, https://github.com/prowler-cloud/prowler/pull/2942, https://github.com/prowler-cloud/prowler/pull/2945, https://github.com/prowler-cloud/prowler/pull/2954, https://github.com/prowler-cloud/prowler/pull/2961
* chore(allowlist): Extract allowlist from report by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2975
* chore(allowlist): prettify allowlist names by sergargar in https://github.com/prowler-cloud/prowler/pull/2963
* chore(APIGatewayV2): improve check naming by sergargar in https://github.com/prowler-cloud/prowler/pull/2966
* chore(create_role_to_assume_cfn.yaml): Add DLM permissions by sergargar in https://github.com/prowler-cloud/prowler/pull/2949
* chore(gcp): print inactive GCP APIs by sergargar in https://github.com/prowler-cloud/prowler/pull/2987
* chore(github): ignore permissions path in GitHub actions by sergargar in https://github.com/prowler-cloud/prowler/pull/2950
* chore(permissions): add DLM permissions by sergargar in https://github.com/prowler-cloud/prowler/pull/2946

Dependencies
* build(deps): bump azure-identity from 1.14.1 to 1.15.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2982
* build(deps): bump azure-storage-blob from 12.18.2 to 12.18.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/2931
* build(deps): bump google-api-python-client from 2.104.0 to 2.105.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2985
* build(deps): bump mkdocs-material from 9.4.6 to 9.4.7 by dependabot in https://github.com/prowler-cloud/prowler/pull/2983
* build(deps): bump shodan from 1.30.0 to 1.30.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2935
* build(deps): bump urllib3 from 1.26.17 to 1.26.18 by dependabot in https://github.com/prowler-cloud/prowler/pull/2940
* build(deps-dev): bump moto from 4.2.6 to 4.2.7 by dependabot in https://github.com/prowler-cloud/prowler/pull/2984
* build(deps-dev): bump openapi-spec-validator from 0.6.0 to 0.7.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2958
* build(deps-dev): bump pylint from 3.0.1 to 3.0.2 by dependabot in https://github.com/prowler-cloud/prowler/pull/2957
* build(deps-dev): bump pytest from 7.4.2 to 7.4.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/2981
* build(deps-dev): bump vulture from 2.9.1 to 2.10 by dependabot in https://github.com/prowler-cloud/prowler/pull/2960
* build(deps-dev): bump werkzeug from 2.3.4 to 3.0.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2968

New Contributors
* therealtoastycat made their first contribution in https://github.com/prowler-cloud/prowler/pull/2978

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.10.0...3.11.0

Page 23 of 34

Links

Releases

Has known vulnerabilities

Previous Next

Β© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.