Workflow

Prowler

Latest version: v4.2.4

Safety actively analyzes 641954 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 17 of 26

3.8.1

Not secure
Fixes
* fix(cloudfront): fix ViewerProtocolPolicy and GeoRestrictionType by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2701
* fix(config): Pass a configuration file using `--config-file config.yaml` by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2679
* fix(ec2-securitygroups): Handle IPv6 public by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2690
* fix(Enum): handle Enum classes correctly by sergargar in https://github.com/prowler-cloud/prowler/pull/2702
* fix(ds): Restore enums without optional by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2704
* fix(iam): password policy expiration by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2694
* fix(iam-dynamodb): Handle errors by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2680
* fix(iam_role_cross_service_confused_deputy_prevention): add ResourceAccount and PrincipalAccount conditions by sergargar in https://github.com/prowler-cloud/prowler/pull/2689
* fix(organizations): request Organization Info after assume_role occurs by jchrisfarris in https://github.com/prowler-cloud/prowler/pull/2682
* fix(security hub): include custom output filename in `resolve_security_hub_previous_findings` by sergargar in https://github.com/prowler-cloud/prowler/pull/2687
* fix(sns): allow default SNS policy with SourceOwner by christiandavilakoobin in https://github.com/prowler-cloud/prowler/pull/2698
* fix(typo): spelling typo in organizations_scp_check_deny_regions by sergargar in https://github.com/prowler-cloud/prowler/pull/2691

Dependencies
* build(deps): bump mkdocs from 1.4.3 to 1.5.2 by dependabot in https://github.com/prowler-cloud/prowler/pull/2684
* build(deps-dev): bump pylint from 2.17.4 to 2.17.5 by dependabot in https://github.com/prowler-cloud/prowler/pull/2685

Documentation
* docs(aws-orgs): Update syntax by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2703
* docs(organizations): fix script and improve titles by sergargar in https://github.com/prowler-cloud/prowler/pull/2693

Chores
* chore(azure): Improve AzureService class with __set_clients__ by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2676
* chore(print): prettify prints of listings and logs by sergargar in https://github.com/prowler-cloud/prowler/pull/2699
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2677, https://github.com/prowler-cloud/prowler/pull/2688, https://github.com/prowler-cloud/prowler/pull/2692 and https://github.com/prowler-cloud/prowler/pull/2700
* chore(service): service class type hints by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2695


**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.8.0...3.8.1

3.8.0

Not secure
> _A war in heaven in God's rage
> He put me in this burning cage
> Holy fury locks me in
> Imprisoned by my deadly sin
> Every hour the shadow king
> Wonders what his clock will bring
> I've lived and loved and that's for sure
> My fatal quest forever more_

2 weeks before this release, most of the Prowler full time team were watching Iron Maiden live, probably the best day of the year for us being together. This song [Days of Future Past](https://www.youtube.com/watch?v=9sHUr6FzjX8) was the fourth they played in that show, we invite you to play it while reading what is new in this version that we have just crafted for you all right before BlackHat, DEFCON and BSides Vegas. Remember we will be at Black Hat Arsenal on Wednesday!

Special thanks for contributions on this release to jchrisfarris, edurra and gabriel-pragin-clearscale, your code and feedback is very helpful to improve Prowler. THANK YOU!

New features to highlight in this version:
🥳 **GCP scans are now x10 faster!**

- We have improved the way Prowler scans GCP regions, locations and zones so now it is on average 10 times faster than before. Try it with `prowler gcp --compliance cis_2.0_gcp` if you dare!

📝 **New Azure service supported `sqlserver` and 3 new checks available**

- `sqlserver_auditing_enabled`, `sqlserver_azuread_administrator_enabled` and `sqlserver_unrestricted_inbound_access`.
- We have added new service to the Azure provider for `sqlserver` with 3 checks. Try them with `prowler azure --service sqlserver` and let us know!

⚙️ **New checks for AWS!**:

- Two new checks for AWS for S3:`s3_bucket_public_list_acl` and `s3_bucket_public_write_acl`. Try them with `prowler aws --service s3` and improve your security posture now!

What's Changed
Features
* feat(aws): New AWSService class as parent by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2638
* feat(azure): add Azure SQL Server service and 3 checks by edurra in https://github.com/prowler-cloud/prowler/pull/2665
* feat(azure): New parent class by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2642
* feat(gcp): Add internet-exposed and encryption categories by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2663
* feat(gcp): Improve gcp performance by sergargar in https://github.com/prowler-cloud/prowler/pull/2662
* feat(gcp): Parent class by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2641
* feat(s3): Add checks for publicly listable Buckets or writable buckets by ACL by jchrisfarris in https://github.com/prowler-cloud/prowler/pull/2628

Fixes
* fix(cloudtrail): Set status to INFO when trail is outside the audited account by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2643
* fix(cryptography): Update to 41.0.3 by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2661
* fix(docs): Azure auth and Slack integration by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2659
* fix(ec2_instance_secrets_user_data): Include line numbers in status by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2639
* fix(iam_policy_allows_privilege_escalation): Handle permissions in groups by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2655
* fix(outputs): Not use reserved keyword list as variable by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2657
* fix(s3_bucket_level_public_access_block): check s3 public access block at account level by sergargar in https://github.com/prowler-cloud/prowler/pull/2653
* fix(sns): handle topic policy conditions by sergargar in https://github.com/prowler-cloud/prowler/pull/2660
* fix(test_only_aws_service_linked_roles): Flaky test by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2666
* fix(vpc_endpoint_connections_trust_boundaries): Handle AWS Account ID as Principal by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2611

Tests
* test(ec2): security groups by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2627
* fix(test): mock VPC client by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2640
* test(azure): Defender service by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2669
* test(azure): IAM service by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2670
* test(azure): SQL Server Service by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2671
* test(azure): Storage Service by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2672

Chores
* chore(metadata): Typos by gabriel-pragin-clearscale in https://github.com/prowler-cloud/prowler/pull/2629 and https://github.com/prowler-cloud/prowler/pull/2646
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2630, https://github.com/prowler-cloud/prowler/pull/2634, https://github.com/prowler-cloud/prowler/pull/2637, https://github.com/prowler-cloud/prowler/pull/2654 and https://github.com/prowler-cloud/prowler/pull/2658
* chore(security-hub): Explain Unique ID by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2631
* refactor(vpc_endpoint_connections_trust_boundaries) by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2667
* chore(readme): update providers summary table by sergargar in https://github.com/prowler-cloud/prowler/pull/2673

Dependencies
* build(deps): bump azure-mgmt-authorization from 3.0.0 to 4.0.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2652
* build(deps): bump google-api-python-client from 2.94.0 to 2.95.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2649
* build(deps): bump mkdocs-material from 9.1.19 to 9.1.20 by dependabot in https://github.com/prowler-cloud/prowler/pull/2648
* build(deps-dev): bump flake8 from 6.0.0 to 6.1.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2651
* build(deps-dev): bump moto from 4.1.13 to 4.1.14 by dependabot in https://github.com/prowler-cloud/prowler/pull/2650

New Contributors
* jchrisfarris made their first contribution in https://github.com/prowler-cloud/prowler/pull/2628
* edurra made their first contribution in https://github.com/prowler-cloud/prowler/pull/2665

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.7.2...3.8.0

3.7.2

Not secure
Fixes
* fix(allowlist): single account checks handling by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2585
* fix(assume_role): Set the AWS STS endpoint region by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2587
* fix(compute): solve key errors in compute service by sergargar in https://github.com/prowler-cloud/prowler/pull/2610
* fix(ec2_ami_public): correct check metadata and logic by sergargar in https://github.com/prowler-cloud/prowler/pull/2618
* fix(ecs_task_def_secrets): Improve description to explain findings by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2621
* fix(guardduty): handle disabled detectors in `guardduty_is_enabled` by sergargar in https://github.com/prowler-cloud/prowler/pull/2616
* fix(opensearch): log exception as WARNING by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2581
* fix(pypi-release): solve GH action for release by sergargar in https://github.com/prowler-cloud/prowler/pull/2624
* fix(s3): `__get_object_lock_configuration__` warning logs by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2608
* fix(security): certifi issue by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2623
* fix(ssm_incidents): Handle empty name by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2591

Dependencies
* build(deps): bump azure-storage-blob from 12.16.0 to 12.17.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2596
* build(deps): bump google-api-python-client from 2.93.0 to 2.94.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2614
* build(deps): bump mkdocs-material from 9.1.18 to 9.1.19 by dependabot in https://github.com/prowler-cloud/prowler/pull/2615
* build(deps): bump pydantic from 1.10.11 to 1.10.12 by dependabot in https://github.com/prowler-cloud/prowler/pull/2613
* build(deps-dev): bump moto from 4.1.12 to 4.1.13 by dependabot in https://github.com/prowler-cloud/prowler/pull/2598

Chores
* chore(ec2): add SG name to resource_details by sergargar in https://github.com/prowler-cloud/prowler/pull/2495
* chore(metadata): Typos by gabriel-pragin-clearscale in https://github.com/prowler-cloud/prowler/pull/2594
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2606

Tests
* test(aws_provider): Role and User MFA by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2486

Documentation
* docs(boto3-configuration): format list by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2609
* docs(README): typos in README.md by kagahd in https://github.com/prowler-cloud/prowler/pull/2579


New Contributors
* gabriel-pragin-clearscale made their first contribution in https://github.com/prowler-cloud/prowler/pull/2594

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.7.1...3.7.2

3.7.1

Not secure
Fixes
* fix(iam): Handle NoSuchEntityException when calling list_attached_role_policies by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2571
* fix(allowlist): handle wildcard in account field by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2577
* fix(cond parser): add policy condition parser & apply in SQS public check by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2575

Dependencies
* build(deps-dev): bump pytest-randomly from 3.12.0 to 3.13.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2567
* build(deps): bump boto3 from 1.26.161 to 1.26.165 by dependabot in https://github.com/prowler-cloud/prowler/pull/2566
* build(deps): bump pydantic from 1.10.9 to 1.10.11 by dependabot in https://github.com/prowler-cloud/prowler/pull/2568
* build(deps-dev): bump openapi-spec-validator from 0.5.7 to 0.6.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2569
* build(deps): bump google-api-python-client from 2.91.0 to 2.92.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2570

Chores
* chore(compliance): CIS Benchmark 2.0 for AWS by toniblyx in https://github.com/prowler-cloud/prowler/pull/2562
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2560, https://github.com/prowler-cloud/prowler/pull/2561, https://github.com/prowler-cloud/prowler/pull/2572, https://github.com/prowler-cloud/prowler/pull/2574

Tests
* test(outputs): Remove debug by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2559

Documentation
* docs: Update Compliance in README by toniblyx in https://github.com/prowler-cloud/prowler/pull/2563


**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.7.0...3.7.1

3.7.0

Not secure
_Trapped in the web, but I cut the threads
Show you the gates of tomorrow
Trapped in the web, no mercy is shed
Show you the gates of tomorrow
Trapped in the web, slaves to the dead
Show you the gates of tomorrow
Trapped in the web, but I cut the threads
Show you the gates of tomorrow_

As the [song](https://www.youtube.com/watch?v=tAY2woGdN8M) says, this version of Prowler is opening gates of tomorrow! More compliance frameworks like [MITRE ATT&CK®](https://attack.mitre.org/), [ISO27001 (2013)](https://aws.amazon.com/es/compliance/iso-27001-faqs/), [AWS Well-Architected Framework Reliability pillar](https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/welcome.html) (in addition to the existing Security pillar), better support for the Allowlist feature, with all 73 checks for GCP covering [CIS Benchmark 2.0 for Google Cloud](https://www.cisecurity.org/benchmark/google_cloud_computing_platform)! Take this one and start closing doors to the bad guys!

New features to highlight in this version:

🥳 **GCP CIS v2.0.0 benchmark coverage!**

- Prowler now supports CIS v2.0.0 benchmark for Google Cloud Platform! There were added 73 checks of GCP to fully cover the CIS framework, you can execute it with the following flag to get all CSV standard and compliance, HTML, JSON and JSON OCSF reports:


prowler gcp --compliance cis_2.0_gcp


📝 **New AWS compliance frameworks available**
- Prowler now supports MITRE ATT&CK for AWS, ISO27001 (2013) for AWS and AWS Well-Architected Framework Reliability Pillar v0.1. Also, the Spanish ENS RD2022 Compliance Framework has been updated.

<img width="901" alt="imagen" src="https://github.com/prowler-cloud/prowler/assets/3985464/3e13f22c-9df4-42e7-8e8b-af2acba4b4a0">

- You can run the new compliance frameworks with the following command:

prowler aws --compliance mitre_attack_aws
prowler aws --compliance iso27001_2013_aws
prowler aws --compliance aws_well_architected_framework_reliability_pillar_aws
prowler aws --compliance ens_rd2022_aws


⚙️ **Allowlist supports exceptions**:
- For each check you can except Accounts, Regions, Resources and/or Tags, see more in https://docs.prowler.cloud/en/latest/tutorials/allowlist/. Thanks zfLQ2qx2 for the feedback!

Allowlist:
Accounts:
"*":
Checks:
"ecs_task_definitions_no_environment_secrets":
Regions:
- "*"
Resources:
- "*"
Exceptions:
Accounts:
- "0123456789012"
Regions:
- "eu-west-1"
- "eu-south-2" Will ignore every resource in check ecs_task_definitions_no_environment_secrets except the ones in account 0123456789012 located in eu-south-2 or eu-west-1

"123456789012":
Checks:
"*":
Regions:
- "*"
Resources:
- "*"
Exceptions:
Resources:
- "test"
Tags:
- "environment=prod" Will ignore every resource except in account 123456789012 except the ones containing the string "test" and tag environment=prod


What's Changed
Features
* feat(ENS): complete ENS Compliance Framework mapping by sergargar in https://github.com/prowler-cloud/prowler/pull/2534
* feat(MITRE): add MITRE ATT&CK framework for AWS by sergargar in https://github.com/prowler-cloud/prowler/pull/2537
* feat(allowlist): add exceptions to allowlist by sergargar in https://github.com/prowler-cloud/prowler/pull/2527
* feat(compliance): AWS Well-Architected Framework Reliability Pillar v0.1 by sssalim-aws in https://github.com/prowler-cloud/prowler/pull/2536
* feat(compliance): add ISO27001 compliance framework by pedromarting3 in https://github.com/prowler-cloud/prowler/pull/2517
* feat(lambda service): mapping lambda service to awslambda by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2538
* feat(gcp): add CIS checks by sergargar in https://github.com/prowler-cloud/prowler/pull/2544

Fixes
* fix(apigw): Update metadata for API GW checks by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2512
* fix(bigquery_dataset_public_access): handle status correctly by sergargar in https://github.com/prowler-cloud/prowler/pull/2542
* fix(cloudwatch secrets): fix nonetype error handling by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2543
* fix(compliance): add version to ISO27001 by sergargar in https://github.com/prowler-cloud/prowler/pull/2523
* fix(compliance): remove unnecessary Optional attributes by sergargar in https://github.com/prowler-cloud/prowler/pull/2514
* fix(contrib): migrate `multi-account-securityhub/run-prowler-securityhub.sh` to v3 by sergargar in https://github.com/prowler-cloud/prowler/pull/2503
* fix(gcp): update Prowler SDK info of GCP by sergargar in https://github.com/prowler-cloud/prowler/pull/2515
* fix(iam): add StringLike condition in `iam_role_cross_service_confused_deputy_prevention` by sergargar in https://github.com/prowler-cloud/prowler/pull/2533
* fix(list-checks): handle listing checks when -s by sergargar in https://github.com/prowler-cloud/prowler/pull/2540
* fix(security hub): solve Security Hub format requirements by sergargar in https://github.com/prowler-cloud/prowler/pull/2520
* fix(vpc): handle ephemeral VPC endpoint services by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2501
* fix(reporting docs): fix S3 reporting desc by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2551
* fix(allowlist): reformat allowlist logic by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2555

Chores
* chore(OCSF): improve OCSF logic by sergargar in https://github.com/prowler-cloud/prowler/pull/2502
* chore(ec2): reduce noise in Security Groups checks by sergargar in https://github.com/prowler-cloud/prowler/pull/2525
* chore(region): add `get_default_region` function in AWS Services by sergargar in https://github.com/prowler-cloud/prowler/pull/2524
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2539
* chore(docs): update DynamoDB allowlist example by sergargar in https://github.com/prowler-cloud/prowler/pull/2552
* chore(docs): Update Amazon Linux 2 installation by czantoine in https://github.com/prowler-cloud/prowler/pull/2553

Dependencies
* build(deps): bump boto3 from 1.26.147 to 1.26.156 by dependabot in https://github.com/prowler-cloud/prowler/pull/2511
* build(deps): bump botocore from 1.29.156 to 1.29.161 by dependabot in https://github.com/prowler-cloud/prowler/pull/2528
* build(deps): bump google-api-python-client from 2.89.0 to 2.90.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2531
* build(deps): bump mkdocs-material from 9.1.16 to 9.1.17 by dependabot in https://github.com/prowler-cloud/prowler/pull/2529
* build(deps-dev): bump moto from 4.1.11 to 4.1.12 by dependabot in https://github.com/prowler-cloud/prowler/pull/2530
* build(deps-dev): bump openapi-spec-validator from 0.5.6 to 0.5.7 by dependabot in https://github.com/prowler-cloud/prowler/pull/2507
* build(deps-dev): bump pytest from 7.3.2 to 7.4.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2532

New Contributors
* czantoine made their first contribution in https://github.com/prowler-cloud/prowler/pull/2553

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.6.1...3.7.0

3.6.1

Not secure
Fixes
* fix(rds checks): test if key exists prior checking it by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2489
* fix(security hub): Adds logic to map to valid ASFF statuses by ckdake in https://github.com/prowler-cloud/prowler/pull/2491
* fix(route53): correct Hosted Zone ARN by sergargar in https://github.com/prowler-cloud/prowler/pull/2494
* fix(asff): handle empty Recommendation Url by sergargar in https://github.com/prowler-cloud/prowler/pull/2496

New Contributors
* ckdake made their first contribution in https://github.com/prowler-cloud/prowler/pull/2491

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.6.0...3.6.1

Page 17 of 26

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.