Prowler Versions Save
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
3.16.3
3 weeks agoWhat's Changed
Fixes
- fix(trufflehog): fix GitHub action of TruffleHog by @sergargar in https://github.com/prowler-cloud/prowler/pull/3774
Chores
- chore(release): 3.16.2 by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3771
- chore(CODEOWNERS): Add prowler-dev for v3 by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3776
- chore(deps): bump botocore from 1.34.77 to 1.34.84 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3784
- chore(deps): bump trufflesecurity/trufflehog from 3.72.0 to 3.73.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3787
- chore(deps-dev): bump black from 24.3.0 to 24.4.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3781
- chore(deps): bump azure-identity from 1.15.0 to 1.16.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3785
- chore(deps): bump boto3 from 1.34.77 to 1.34.84 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3790
- chore(deps-dev): bump mkdocs-material from 9.5.17 to 9.5.18 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3792
- chore(backport): include latest changes of v4 in v3 by @sergargar in https://github.com/prowler-cloud/prowler/pull/3825 ** chore(rds): improve rds public instance check by @sergargar in https://github.com/prowler-cloud/prowler/pull/3797 ** chore(ec2): improve handling of ENIs by @sergargar in https://github.com/prowler-cloud/prowler/pull/3798 ** docs(developer guide): fix broken link by @mlmerchant in https://github.com/prowler-cloud/prowler/pull/3799 ** fix(network_azure): handle capitalized protocols in security group rules by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3808 ** chore(vpc): improve public subnet logic by @sergargar in https://github.com/prowler-cloud/prowler/pull/3814 ** fix(aws): Include record names for dangling IPs by @rieck-srlabs in https://github.com/prowler-cloud/prowler/pull/3821 ** fix(aws): Corrects privilege escalation vectors by @rieck-srlabs in https://github.com/prowler-cloud/prowler/pull/3823
- chore(backport): include latest changes to version 3 by @sergargar in https://github.com/prowler-cloud/prowler/pull/3846
- chore(deps): bump msgraph-sdk from 1.2.0 to 1.3.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3838
- chore(deps): bump botocore from 1.34.84 to 1.34.89 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3841
- chore(deps): bump azure-mgmt-containerservice from 29.1.0 to 30.0.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3839
- chore(deps): bump google-api-python-client from 2.125.0 to 2.127.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3843
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.2...3.16.3
4.1.0
3 weeks agoThere goes the siren that warns of the air raid There comes the sound of the guns sending flak Out for the scramble we've got to get airborne Got to get up for the coming attack
Here we have Prowler 4.1.0 Aces High π ready to help you improve your Cloud security with this Iron Maiden song.
New features to highlight in this version
ποΈ GCP flags to list, exclude/include Project IDs
- Now the
--project-idsflag allows you to use*, as a prefix or suffix, to include the project ids you want to scan. - The
--list-project-idsallows you to copy and paste values and know the accessible projects to be scanned with the provided crendentials. - The
--excluded-project-idsflag allows you to exclude the projects to be scanned and it also accepts*.
π¨ 13 new fixers (remediations) for AWS
- We have included 13 new fixers for services like Access Analyzer, CloudTrail, GuardDuty, KMS, Security Hub and IAM. You can get all the available fixers with
prowler aws --list-fixersthen go per check to remediate the failed findings byprowler aws --check guardduty_is_enabled --fixer. - Some of those fixers are configurable using the
fixer_config.yamlfile present in theprowler/configfolder. You can read more about the fixer and how to configure it here
π New fields for the OCSF Detection Finding
- We have included the
check_id,complianceand all the Prowler check's metadata within the OCSF Detection Finding that Prowler generates in the.ocsf.jsonoutput file. You can read more about this finding format here.
π§ Other issues and bug fixes solved for all the cloud providers
Features
- feat(gcp): improve Google Projects scan customization by @sergargar in https://github.com/prowler-cloud/prowler/pull/3741
Fixes
- fix(actions): Don't need expressions within
ifby @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3733 - fix(aws_lambda): Update obsolete lambda runtimes by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3735
- fix(ulimit): import library only in windows by @sergargar in https://github.com/prowler-cloud/prowler/pull/3738
- fix(download): remove dataframe index from download in dashboard by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3739
- fix(json-ocsf): add check_id field in json-ocsf output by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3740
- fix(json-ocsf): Add missing fields for JSON-OCSF by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3745
- fix(ocsf): Include check_id as metadata.event_code by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3748
- fix(json-ocsf): Remove risk field from unmapped by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3759
- fix(wafv2): Handle WAFNonexistentItemException by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3761
- fix(compliance): Add muted info to compliance outputs by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3751
- fix(mutelist): if all fails are muted do exit 0 by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3754
- fix(ocsf): Add compliance by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3753
- fix(security-hub): MUTED -> WARNING by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3768
- fix(slack): Use global provider object by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3770
- fix(trufflehog): fix GitHub action of TruffleHog by @sergargar in https://github.com/prowler-cloud/prowler/pull/3775
- fix(table-overview): Multiple changes on dashboard table from overview by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3773
- fix(utils): import libraries when needed by @sergargar in https://github.com/prowler-cloud/prowler/pull/3805
- fix(network_azure): handle capitalized protocols in security group rules by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3808
- fix(execute_check): Handle ModuleNotFoundError by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3812
- fix(overview-table): change font in overview table by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3815
- fix(dashboard): fix error in windows for csvreader by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3806
- fix(ocsf): Add resource details to data by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3819
Chores
- chore(version): update Prowler version by @sergargar in https://github.com/prowler-cloud/prowler/pull/3730
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3746
- chore(dashboard): Use Prowler CLI parser by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3722
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3755
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3765
- chore(fixer): improve fixer logic and include more by @sergargar in https://github.com/prowler-cloud/prowler/pull/3750
- chore(rds): improve rds public instance check by @sergargar in https://github.com/prowler-cloud/prowler/pull/3797
- chore(ec2): improve handling of ENIs by @sergargar in https://github.com/prowler-cloud/prowler/pull/3798
- chore(aws): Add CloudTrail Threat Detection tests by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3804
- chore(fixer): add more fixers by @sergargar in https://github.com/prowler-cloud/prowler/pull/3772
- chore(vpc): improve public subnet logic by @sergargar in https://github.com/prowler-cloud/prowler/pull/3814
- chore(codeowners): Add prowler-dev team by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3763
Dependencies
- chore(deps): bump idna from 3.6 to 3.7 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3758
- chore(dependabot): increase PRs limit by @sergargar in https://github.com/prowler-cloud/prowler/pull/3789
- chore(deps): bump boto3 from 1.34.80 to 1.34.84 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3793
- chore(deps-dev): bump mkdocs-material from 9.5.17 to 9.5.18 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3794
- chore(deps): bump azure-identity from 1.15.0 to 1.16.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3795
- chore(deps): bump pandas from 2.2.1 to 2.2.2 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3791
- chore(deps-dev): bump black from 24.3.0 to 24.4.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3777
- chore(deps): bump trufflesecurity/trufflehog from 3.72.0 to 3.73.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3786
- chore(deps): bump boto3 from 1.34.77 to 1.34.80 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3780
- chore(deps): bump botocore from 1.34.80 to 1.34.84 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3779
- chore(deps): bump dash-bootstrap-components from 1.5.0 to 1.6.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3778 chore(deps): bump aiohttp from 3.9.3 to 3.9.4 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3818
Documentation
- docs(dashboard): Indicate how to change port by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3729
- docs(dashboard): format list by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3732
- docs: readme points to docs.prowler.com to learn everything by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3707
- chore(docs): Support toggle light/dark mode by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3744
- docs(outputs): update docs for v4 outputs by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3734
- docs(threat-detection): Add threat-detection docs by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3757
- docs(compliance): Change images for compliance by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3760
- docs(devel-guide): Adding some improves and clarifications to developer guide by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3749
- docs(devel-guide): Add provider section and remove audit_info section by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3756
- docs(unit-testing): Update the unit testing section by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3764
- docs(developer guide): fix broken link by @mlmerchant in https://github.com/prowler-cloud/prowler/pull/3799
- docs(ocsf): Add missing fields to the exampleΒ by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3816
New Contributors
- @mlmerchant made their first contribution in https://github.com/prowler-cloud/prowler/pull/3799
Full Changelog: https://github.com/prowler-cloud/prowler/compare/4.0.1...4.1.0
3.16.2
1 month agoWhat's Changed
Fixes
- fix(aws_lambda): Update obsolete lambda runtimes for v3 by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3736
- fix(wafv2): Handle WAFNonexistentItemException v3 by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3762
Chores
- chore(version): update Prowler v3 version by @sergargar in https://github.com/prowler-cloud/prowler/pull/3731
- chore(backport): v4 -> v3 by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3767
- chore(dispatch): just for v3 by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3712
- fix(actions): Don't need expressions within if by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3733
- chore(regions_update): Changes in regions for AWS services by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3746, https://github.com/prowler-cloud/prowler/pull/3755, https://github.com/prowler-cloud/prowler/pull/3765
- chore(deps): bump idna from 3.6 to 3.7 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3758
- chore(docs): Support toggle light/dark mode by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3744
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.1...3.16.2
3.16.1
1 month agoWhat's Changed
Fixes
- fix(actions): Docker v3-latest by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3692
- fix(actions): use LATEST_TAG by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3702
- fix(compliance): Add new fields to csv output for ENS compliance by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3718
- fix(compliance ENS): fixing ens compliance dashboard by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3673
- fix(docs): solve docs dependencies by @sergargar in https://github.com/prowler-cloud/prowler/pull/3661
- fix(service_name): fix typo in ServiceName field for v3 by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3724
- fix: typo by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3663
Chores
- chore(actions): Run for master and v3 by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3691
- chore(backport): include latest changes in v3 by @sergargar in https://github.com/prowler-cloud/prowler/pull/3728
- chore(readme): update azure count checks by @sergargar in https://github.com/prowler-cloud/prowler/pull/3667
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3656
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3676
- chore: 3.16.0 version by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3704
Docs
- docs(poetry): Add poetry command to install doc dependencies by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3664
- docs(azure): test services in Azure added by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3649
Builds
- build(deps): bump msgraph-sdk from 1.1.0 to 1.2.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3605
- chore(deps): bump google-api-python-client from 2.124.0 to 2.125.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3695
- chore(deps): bump pydantic from 1.10.14 to 1.10.15 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3716
- chore(deps): bump trufflesecurity/trufflehog from 3.71.2 to 3.72.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3694
- chore(deps-dev): bump moto from 5.0.4 to 5.0.5 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3696
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.0...3.16.1
4.0.1
1 month agoWhat's Changed
Fixes
- fix(actions): use LATEST_TAG for v4 by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3703
- fix(args): Handle default argument by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3674
- fix(compliance): add field ModoEjecucion in csv output for ENS by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3719
- fix(dashboard): add correct label for each dropdown by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3700
- fix(dashboard): Add multiple dashboard fixes by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3714
- fix(dockerfile): add missing path to build by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3680
- fix(ens): add dependencias field ENS rd2022 compliance by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3701
- fix(gcp): add project id to outputs by @sergargar in https://github.com/prowler-cloud/prowler/pull/3711
- fix(k8s): improve kubernetes deployment by @sergargar in https://github.com/prowler-cloud/prowler/pull/3713
- fix(k8s): sanitize context syntax only for output file names by @sergargar in https://github.com/prowler-cloud/prowler/pull/3689
- fix(service_name): fix typo in ServiceName field by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3723
Chores
- chore(action): update python version to 3.12 in GH action by @sergargar in https://github.com/prowler-cloud/prowler/pull/3705
- chore(actions): Run for master and v3 by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3685
- chore(Azure): Optimize Entra service to use async funcs by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3706
- chore(dependabot): Add v3 label by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3698
- chore(dependabot): Run also for v3 branch by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3683
- chore(dispatch): just for v3 by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3712
- chore(Dockerfile): remove deprecated dash dependencies by @sergargar in https://github.com/prowler-cloud/prowler/pull/3708
- chore(Dockerfile): update Python version to 3.12 by @sergargar in https://github.com/prowler-cloud/prowler/pull/3699
- chore(docs): update CloudShell scripts by @sergargar in https://github.com/prowler-cloud/prowler/pull/3687
- chore(merge): include latest changes of v3 by @sergargar in https://github.com/prowler-cloud/prowler/pull/3686
- chore(mutelist): remove space within mutelist name by @sergargar in https://github.com/prowler-cloud/prowler/pull/3690
- chore(regions): Add backport-v3 label by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3684
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3693
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3727
Documentation
- docs(dashboard): improve dashboard documentation by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3688
- docs(images): fix images link in documentation by @sergargar in https://github.com/prowler-cloud/prowler/pull/3709
- docs(mutelist): remove MUTED and explain new fields by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3726
Dependencies
- build(deps): Update boto3 to version 1.34.77 by @sergargar in https://github.com/prowler-cloud/prowler/pull/3669
- chore(deps): bump botocore from 1.34.77 to 1.34.80 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3715
- chore(deps): bump google-api-python-client from 2.124.0 to 2.125.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3678
- chore(deps): bump kubernetes from 28.1.0 to 29.0.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3679
- chore(deps): bump trufflesecurity/trufflehog from 3.71.2 to 3.72.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3677
- chore(deps-dev): bump moto from 5.0.4 to 5.0.5 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3681
Full Changelog: https://github.com/prowler-cloud/prowler/compare/4.0.0...4.0.1
4.0.0
1 month agoYou'll take my life, but I'll take yours too You'll fire your musket, but I'll run you through So when you're waiting for the next attack You'd better stand, there's no turning back
When I started Prowler almost eight years ago, I thought about calling it The Trooper (thetrooper as in the command line sounds good but I thought prowler was even better). I can say today, with no doubt that this version 4.0 of Prowler, The Trooper, is by far the software that I always wanted to release. Now, as a company, with a whole team dedicated to Prowler (Open Source and SaaS), this is even more exciting. With standard support for AWS, Azure, GCP and also Kubernetes, with all new features, this is the beginning of a new era where Open Cloud Security makes an step forward and we say: hey WE ARE HERE FOR REAL and when you're waiting for the next attack, you'd better stand, there's no turning back
Enjoy Prowler - The Trooooooooper! π€π½π₯ song!
Breaking Changes
- Allowlist now is called Mutelist
- Deprecate the AWS flag
--sts-endpoint-regionsince we use AWS STS regional tokens. - The
--quietoption has been deprecated, now use the--statusflag to select the finding's status you want to get fromPASS,FAILorMANUAL. - To send only FAILS to AWS Security Hub, now use either
--send-sh-only-failsor--security-hub --status FAIL - All
INFOfinding's status has changedMANUAL.
We have deprecated some of our outputs formats:
- The HTML is replaced for the new Prowler Dashboard (
prowler dashboard) - The JSON is replaced for the JSON OCSF v1.1.0
New features to highlight in this version
Dashboard
- Prowler has local dashboard to play with gathered data easier. Run
prowler dashboardand enjoy overview data and compliance.
ποΈ New Kubernetes provider
- Prowler has a new Kubernetes provider to improve the security posture of your clusters! Try it now with
prowler kubernetes --kubeconfig-file <kube.yaml> - CIS Benchmark 1.8 for K8s is included.
π Compliance
- All compliance frameworks are executed by default and stored in a new location:
output/compliance
AWS
- The AWS provider execution by default does not scan unused services, you can enable it with
--scan-unused-services. - 2 new checks to detect possible threads, try it now with
prowler aws --category threat-detectionfor Enumeration and Privilege Escalation type of activities.
πΊοΈ Azure
- All Azure findings includes the location!
- CIS Benchmark for Azure 2.0 and 2.1 is included.
π Mutelist
- The renamed mutelist feature is available for all the providers.
- In AWS a default allowlist is included in the execution.
π Outputs
- Prowler now the outputs in a common format for all the providers.
- The only JSON output now follows the OCSF Schema v1.1.0
π» Providers
- We have unified the way of including new providers for easier development and to add new ones.
π¨ Fixer
- We have included a new argument
--fixto allow you to remediate findings. You can list all the available fixers withprowler aws --list-fixers
Features
- feat(mute list): change allowlist to mute list by @sergargar in https://github.com/prowler-cloud/prowler/pull/3039
- feat(CloudProvider): introduce global provider Azure&GCP by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3069
- feat(compliance): execute all compliance by default by @sergargar in https://github.com/prowler-cloud/prowler/pull/3003
- feat(kubernetes): add Kubernetes provider by @sergargar in https://github.com/prowler-cloud/prowler/pull/3226
- feat(status): add --status flag by @sergargar in https://github.com/prowler-cloud/prowler/pull/3238
- feat(AwsProvider): include new structure for AWS provider by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3252
- feat(kubernetes): add etcd, controllermanager and rbac services by @sergargar in https://github.com/prowler-cloud/prowler/pull/3261
- feat(apiserver): new 9 Kubernetes ApiServer checks by @sergargar in https://github.com/prowler-cloud/prowler/pull/3288
- feat(apiserver): new 10 Kubernetes ApiServer checks by @sergargar in https://github.com/prowler-cloud/prowler/pull/3289
- feat(apiserver): new 10 Kubernetes ApiServer checks by @sergargar in https://github.com/prowler-cloud/prowler/pull/3290
- feat(controllermanager): add checks for Kubernetes Controller Manager by @sergargar in https://github.com/prowler-cloud/prowler/pull/3291
- feat(etcd): add checks for Kubernetes etcd by @sergargar in https://github.com/prowler-cloud/prowler/pull/3294
- feat(kubelet): add 10 checks of Kubernetes Kubelet service by @sergargar in https://github.com/prowler-cloud/prowler/pull/3302
- feat(rbac): add 9 checks of Kubernetes RBAC service by @sergargar in https://github.com/prowler-cloud/prowler/pull/3314
- feat(core): add 13 checks of Kubernetes Core service by @sergargar in https://github.com/prowler-cloud/prowler/pull/3315
- feat(kubelet): add 6 checks of Kubelet configuration files on the worker nodes by @sergargar in https://github.com/prowler-cloud/prowler/pull/3335
- feat(namespace): add
--namespacesargument and solve bugs by @sergargar in https://github.com/prowler-cloud/prowler/pull/3431 - feat(mutelist): add Mute List for all providers by @sergargar in https://github.com/prowler-cloud/prowler/pull/3548
- feat(azure): locations added to Azure findings by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3596
- feat(compliance): Add CIS 1.8 framework for Kubernetes by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3600
- feat(cloudtrail): add threat detection checks for AWS (enum and priv escalation) by @sergargar in https://github.com/prowler-cloud/prowler/pull/3602
- feat(fixer): add Prowler Fixer feature! by @sergargar in https://github.com/prowler-cloud/prowler/pull/3634
- feat(dashboards): add new Prowler dashboards by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3575
Documentation
- docs(kubernetes): add Kubernetes documentation by @sergargar in https://github.com/prowler-cloud/prowler/pull/3482
- chore(readme): update k8s cis by @sergargar in https://github.com/prowler-cloud/prowler/pull/3640
Fixes
- fix(gcp): fix error in generating compliance by @sergargar in https://github.com/prowler-cloud/prowler/pull/3201
- fix(kubernetes): improve in-cluster execution by @sergargar in https://github.com/prowler-cloud/prowler/pull/3397
- fix(shodan): Make it available for all the providers by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3500
- fix(azure): use subscriptions in get_locations by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3541
- fix(compliance): fix csv output for framework Mitre Attack by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3574
- fix(quickinventory): Adapt for the new AWS provider class by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3569
- fix(mapping): handle None attributes in data by @sergargar in https://github.com/prowler-cloud/prowler/pull/3588
- fix(securityhub): Add validation and handle errors by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3590
- fix(providers): import modules also from outside of directory by @sergargar in https://github.com/prowler-cloud/prowler/pull/3595
Chores
- chore(sts-endpoint): deprecate
--sts-endpoint-regionby @sergargar in https://github.com/prowler-cloud/prowler/pull/3046 - chore(manual status): change INFO to MANUAL status by @sergargar in https://github.com/prowler-cloud/prowler/pull/3254
- chore(tests): add kubernetes provider tests by @sergargar in https://github.com/prowler-cloud/prowler/pull/3265
- chore(aws): Remove old provider by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3468
- chore(kubernetes): add strong ciphers config vars by @sergargar in https://github.com/prowler-cloud/prowler/pull/3470
- chore(kubernetes): enhance checks metadata by @sergargar in https://github.com/prowler-cloud/prowler/pull/3469
- chore(azure): working version executing checks by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3472
- chore(gcp): working version executing checks by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3474
- chore(kubernetes): Working provider by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3475
- chore(aws): Simplify provider by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3481
- chore(aws): Working outputs by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3488
- chore(k8s): Working outputs by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3489
- chore(gcp): working outputs by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3490
- chore(azure): working outputs by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3491
- chore(providers): Store output options and mutelist by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3497
- chore(kubernetes): add outputs fields by @sergargar in https://github.com/prowler-cloud/prowler/pull/3499
- chore(config): Store in provider by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3498
- chore(html): deprecate output by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3501
- chore(compliance): solve compliance issues by @sergargar in https://github.com/prowler-cloud/prowler/pull/3507
- chore(csv): Common output for all the providers by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3513
- chore(json): deprecate native json by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3514
- chore(aws): Replace audit_info for provider by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3521
- chore(ocsf): add OCSF 1.1 and organize code by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3517
- chore(mutelist): enforce for all providers by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3554
- chore(audit_info): Replace for provider and add tests by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3542
- chore(main): remove getattr for mutelist by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3564
- chore(slack): fix integration with provider by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3565
- chore(unused services): scan unused services by default and add flag by @sergargar in https://github.com/prowler-cloud/prowler/pull/3556
- chore(muted): handle new Muted status by @sergargar in https://github.com/prowler-cloud/prowler/pull/3570
- chore(report): improve shown report in UI by @sergargar in https://github.com/prowler-cloud/prowler/pull/3587
- chore(args): sanitize arguments by @sergargar in https://github.com/prowler-cloud/prowler/pull/3611
- chore(ulimit): handle low ulimit value on shell session for POSIX if max open files is below 4096 by @sergargar in https://github.com/prowler-cloud/prowler/pull/3601
- chore(categories): Add threat detection checks in the loader by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3622
- chore(slogan): update Prowler slogan by @sergargar in https://github.com/prowler-cloud/prowler/pull/3619
- chore(args): add plural severity argument by @sergargar in https://github.com/prowler-cloud/prowler/pull/3636
- chore(compliance): only execute all compliances in normal execution by @sergargar in https://github.com/prowler-cloud/prowler/pull/3635
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.0...4.0.0
3.16.0
1 month agoTurn the spotlights on the people Switch the dial and eat the worm Take your chances, kill the engine Drop your bombs and let it burn
Enjoy the last release of Prowler v3 π€π½π₯ with this Iron Maiden song!
New features to highlight in this version
πͺπΌ 17 New Azure checks
- Prowler is improving its Azure coverage by including 17 new checks that appears in the CIS Benchmark v2.0.0 and v2.1.0.
See all the new available checks with
prowler azure --list-checks
π Azure CIS v2.0 and v2.1 coverage
- Prowler includes coverage for two new compliance frameworks for Azure CIS, v2.0.0 and v2.1.0. You can execute these new frameworks with
prowler azure --compliance cis_2.1_azure
π§ More fixes and updates for all the providers
Features
- feat(azure): New check related with diagnostics settings in subscriptions by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3539
- feat(azure): New check related with logging in Azure Key Vault by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3496
- feat(azure):App check related with http logs by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3568
- feat(entra): New 11 checks related with Microsoft Entra ID by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3585
- feat(azure): New check related with trusted launch in vm by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3616
- feat(azure) New Microsoft Entra ID checks by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3610
- feat(entra): Manage 403 error for getting user authentication methods by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3624
- feat(azure): Check related with roles and vm access with mfa by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3638
- feat(compliance): Add new CIS 2.0 / 2.1 compliance framework for Azure by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3626
Fixes
- fix(metadata): change ResourceType Type for AWS Inline Policy Check by @gabrielsoltz in https://github.com/prowler-cloud/prowler/pull/3599
- fix(sts): handle China STS regions by @sergargar in https://github.com/prowler-cloud/prowler/pull/3613
- fix(azure): fixed check
vm_ensure_using_managed_disksmetadata by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3617 - fix(aws): break loop after FAIL in SQS and SNS checks by @kagahd in https://github.com/prowler-cloud/prowler/pull/3618
- fix(azure): normalize tenant domain set in checks by @sergargar in https://github.com/prowler-cloud/prowler/pull/3641
- fix(cis_2.0_azure): add remaining requirement with id 1.25 by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3646
- fix(azure): add DefaultValue to Azure CIS compliance by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3652
Documentation
- docs: Update number of Azure checks by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3639
- docs(azure): Add new permissions necessary from Microsoft Entra ID by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3648
Chores
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3598, https://github.com/prowler-cloud/prowler/pull/3609, https://github.com/prowler-cloud/prowler/pull/3615, https://github.com/prowler-cloud/prowler/pull/3621, https://github.com/prowler-cloud/prowler/pull/3637, https://github.com/prowler-cloud/prowler/pull/3647
- chore(version): update Prowler version by @sergargar in https://github.com/prowler-cloud/prowler/pull/3614
- chore(apigateway): Handle NotFoundException by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3623
- chore(action): Prepare containers release for v4 by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3597
- chore(entra): Moving constants from checks and services to config file by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3645
- chore(azure): Fix AKS and App tests to new format by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3651
Dependencies
- build(deps): bump trufflesecurity/trufflehog from 3.70.2 to 3.71.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3603
- build(deps): bump crazy-max/ghaction-import-gpg from 4 to 6 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3604
- build(deps-dev): bump mkdocs-material from 9.5.14 to 9.5.15 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3606
- build(deps-dev): bump pytest-cov from 4.1.0 to 5.0.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3607
- build(deps): bump google-api-python-client from 2.122.0 to 2.123.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3608
- build(deps): bump tj-actions/changed-files from 43 to 44 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3627
- build(deps): bump trufflesecurity/trufflehog from 3.71.0 to 3.71.2 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3628
- build(deps): bump google-api-python-client from 2.123.0 to 2.124.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3630
- build(deps-dev): bump mkdocs-material from 9.5.15 to 9.5.17 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3633
- build(deps-dev): bump safety from 3.0.1 to 3.1.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3632
- build(deps-dev): bump moto from 5.0.3 to 5.0.4 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3629
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.15.3...3.16.0
3.15.3
1 month agoChores
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3581
- chore(actions): Set branch based on version by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3580
- chore(gcp): remove unnecessary default project id by @sergargar in https://github.com/prowler-cloud/prowler/pull/3586
- chore(release): update Prowler Version to 3.15.2. by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3591
Fixes
- fix(compliance): fix csv output for framework Mitre Attack v3 by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3584
- fix(json-asff): Remediation.Recommendation.Text < 512 chars by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3589
- fix(apigatewayv2): handle empty names by @sergargar in https://github.com/prowler-cloud/prowler/pull/3592
- fix(securityhub): Remove region from exception match by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3593
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.15.2...3.15.3
3.15.2
1 month agoFixes
- fix(actions): Remove indent by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3577
- fix(cloudtrail): use dictionary instead of list by @sergargar in https://github.com/prowler-cloud/prowler/pull/3579
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.15.1...3.15.2
3.15.1
1 month agoFixes
- fix(action): Release on whatever branch by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3576
- fix(iam): handle KeyError in service_last_accessed by @sergargar in https://github.com/prowler-cloud/prowler/pull/3555
Chores
- chore(compliance): rename AWS FTR compliance by @sergargar in https://github.com/prowler-cloud/prowler/pull/3550
- chore(readme): update number of Prowler checks by @sergargar in https://github.com/prowler-cloud/prowler/pull/3544
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3547
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3552
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3566
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3571
- chore(release): update Prowler Version to 3.15.0 by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3543
Dependencies
- build(deps): bump azure-mgmt-compute from 30.5.0 to 30.6.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3559
- build(deps): bump tj-actions/changed-files from 42 to 43 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3560
- build(deps): bump trufflesecurity/trufflehog from 3.69.0 to 3.70.2 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3561
- build(deps-dev): bump black from 24.2.0 to 24.3.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3563
- build(deps-dev): bump coverage from 7.4.3 to 7.4.4 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3558
- build(deps-dev): bump mkdocs-material from 9.5.12 to 9.5.14 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3562
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.15.0...3.15.1