Prowler Versions Save

Then they summoned me over to join in with them At the dance of the dead Into the circle of fire I followed them Into the middle I was led

Dance of Death is an Iron Maiden's song, released on their 2003 album of the same name. The song combines the band's signature heavy metal sound with progressive elements. Lyrically, the song tells a story of a medieval dance of death, a symbolic representation of mortality and the inevitability of death. The lyrics are filled with vivid and dark imagery, and the song features intricate guitar work and powerful vocals from Bruce Dickinson. Enjoy this great song (https://www.youtube.com/watch?v=3659fTXvFts) while reading what's new! 🎸

New features to highlight in this version:

⚙️ New checks for AWS!

• New AWS IAM check iam_role_administratoraccess_policy.
• New AWS WAFv2 check wafv2_webacl_logging_enabled.
• Now the AWS IAM credentials checks (iam_disable_90_days_credentials, iam_disable_45_days_credentials and iam_disable_30_days_credentials) have been changed to two generic checks called iam_user_accesskey_unused and iam_user_console_access_unused. By default, it will fail when they are unused for 45 days, you can configure this value using the max_unused_access_keys_days and max_console_access_days configuration values. Read more at https://docs.prowler.cloud/en/latest/tutorials/configuration_file/

Try them with prowler aws and improve your security posture now! 🔒

🏷️ Security Hub Tagging

• Now Prowler will add AWS Resource Tags to every Security Hub finding and to json-asff outputs!

🧑‍🤝‍🧑 Five new Prowler contributors!

• Many thanks to @CameronTStark, @sbldevnet, @JackStuart, @devopspacellp and @taylerhaviland for including more checks and keep improving Prowler!

What's Changed

Features

• feat(Dockerfile): add curl package to docker image by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2812
• feat(iam): add new check iam_role_administratoraccess_policy by @kagahd in https://github.com/prowler-cloud/prowler/pull/2822
• feat(iam): improve disable credentials checks by @sergargar in https://github.com/prowler-cloud/prowler/pull/2909
• feat(json-asff): adds AWS resource tags in json-asff and SecurityHub findings by @sbldevnet in https://github.com/prowler-cloud/prowler/pull/2786
• feat(unix timestamp): add the --unix-timestamp flag to docs by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2816
• feat(unix timestamp): add unix timestamp to outputs by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2813
• feat(wafv2): Add check wafv2_webacl_logging_enabled by @devopspacellp in https://github.com/prowler-cloud/prowler/pull/2898

Fixes

• fix(acm): add certificate id by @sergargar in https://github.com/prowler-cloud/prowler/pull/2903
• fix(apigw): KeyError name by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2858
• fix(apikeys_..._90_days): fix key creation time with dinamic date by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2798
• fix(autoscaling_find_secrets_ec2_launch_configuration): Fix UnicodeDecodeError by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2870
• fix(aws): Include missing ARNs by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2880
• fix(azure): Typo in SQL check by @JackStuart in https://github.com/prowler-cloud/prowler/pull/2881
• fix(cloudtrail_s3_dataevents_read/write_enabled): Handle S3 ARN by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2844
• fix(cloudwatch): ignore new lines in filters by @sergargar in https://github.com/prowler-cloud/prowler/pull/2912
• fix(custom checks): fix import from s3 by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2901
• fix(dockerfile): Use latest curl by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2897
• fix(Dockerfile): update alpine version by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2925
• fix(ds): GetSnapshotLimits for MicrosoftAD by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2859
• fix(ebs): improve snapshot encryption logic and typos by @taylerhaviland in https://github.com/prowler-cloud/prowler/pull/2836
• fix(ec2 ebs/instance checks): unify checks logic by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2795
• fix(ec2 nacl checks):unify logic by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2799
• fix(ec2 tests): add region and delete search sg checks by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2788
• fix(ec2 tests): add tags and region non sg checks by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2781
• fix(ec2_elastic_ip_unassigned): rename check by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2882
• fix(ec2_instance_..._ssm): mock ssm service and client in all the tests by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2804
• fix(eks_control_plane_endpoint_access_restricted): handle endpoint private access by @Fennerr in https://github.com/prowler-cloud/prowler/pull/2824
• fix(eks_endpoints_not_publicly_accessible): handle endpoint private access by @Fennerr in https://github.com/prowler-cloud/prowler/pull/2825
• fix(elb): add resource ARN to checks by @sergargar in https://github.com/prowler-cloud/prowler/pull/2906
• fix(elbv2): Handle LoadBalancerNotFound by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2860
• fix(findingID): remove duplicate finding IDs by @sergargar in https://github.com/prowler-cloud/prowler/pull/2890
• fix(html): unroll regions set prior concat by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2790
• fix(iam): findings of some checks may have been lost by @kagahd in https://github.com/prowler-cloud/prowler/pull/2847
• fix(iam): Handle NoSuchEntityException in ListRolePolicies by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2857
• fix(iam): Handle NoSuchEntity when calling list_role_policies by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2872
• fix(iam credentials checks): unify logic by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2883
• fix(iam creds checks): add missing tests and fix current ones by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2888
• fix(iam creds tests): dont use search and negative indexes by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2899
• fix(iam_inline_policy_no_administrative_privileges): set resource id as the entity name by @sergargar in https://github.com/prowler-cloud/prowler/pull/2820
• fix(iam_policy_no_administrative_privileges): check does not exist and maps not to check122 by @kagahd in https://github.com/prowler-cloud/prowler/pull/2797
• fix(is_valid_arn): include . into resource name by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2789
• fix(outputs_unix_timestamp): Remove subsecond by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2861
• fix(pipeline): launch linters with file changes by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2911
• fix(policy_condition_parser): add StringEquals aws:SourceArn condition by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2793
• fix(pre-commit): add file filter to python linters by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2818
• fix(remove_custom_checks_module): delete service folder if empty by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2885
• fix(s3_bucket_policy_public_write_access): Handle S3 Policy without Principal by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2871
• fix(securityhub): archive SecurityHub findings in empty regions by @sergargar in https://github.com/prowler-cloud/prowler/pull/2908
• fix(sqs_queues_not_publicly_accessible): Improve status extended by @Fennerr in https://github.com/prowler-cloud/prowler/pull/2848
• fix(storage_ensure_minimum_tls_version_12): misspelling in metadata by @CameronTStark in https://github.com/prowler-cloud/prowler/pull/2835
• fix(testing docs): fix testing docs typos and syntax by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2803
• fix(version): add timeout and check HTTP errors by @sergargar in https://github.com/prowler-cloud/prowler/pull/2886
• fix(vpc): solves CidrBlock KeyError by @sergargar in https://github.com/prowler-cloud/prowler/pull/2817
• fix(vpc_peering_routing_tables_with_least_privilege): check only peering routes by @sergargar in https://github.com/prowler-cloud/prowler/pull/2887
• fix(pull-request.yml): launch linters when source code modified by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2922
• fix(build-lint-push pipeline): pass pipeline when ignored files by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2915

Chores

• chore(regions_update): Changes in regions for AWS services. by @sergargar in https://github.com/prowler-cloud/prowler/pull/2779, https://github.com/prowler-cloud/prowler/pull/2787, https://github.com/prowler-cloud/prowler/pull/2791, https://github.com/prowler-cloud/prowler/pull/2794, https://github.com/prowler-cloud/prowler/pull/2801, https://github.com/prowler-cloud/prowler/pull/2802, https://github.com/prowler-cloud/prowler/pull/2814, https://github.com/prowler-cloud/prowler/pull/2819, https://github.com/prowler-cloud/prowler/pull/2821, https://github.com/prowler-cloud/prowler/pull/2833, https://github.com/prowler-cloud/prowler/pull/2842, https://github.com/prowler-cloud/prowler/pull/2845, https://github.com/prowler-cloud/prowler/pull/2846, https://github.com/prowler-cloud/prowler/pull/2852, https://github.com/prowler-cloud/prowler/pull/2853, https://github.com/prowler-cloud/prowler/pull/2863, https://github.com/prowler-cloud/prowler/pull/2869, https://github.com/prowler-cloud/prowler/pull/2873, https://github.com/prowler-cloud/prowler/pull/2875, https://github.com/prowler-cloud/prowler/pull/2879, https://github.com/prowler-cloud/prowler/pull/2902, https://github.com/prowler-cloud/prowler/pull/2905, https://github.com/prowler-cloud/prowler/pull/2907 and https://github.com/prowler-cloud/prowler/pull/2923
• chore(iam): add IAM privilege escalation cases by @sergargar in https://github.com/prowler-cloud/prowler/pull/2921
• docs(aws): Move regions and profiles to AWS by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2874
• docs(developer-guide): fix typos by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2878
• docs(misc): add option -z by @sergargar in https://github.com/prowler-cloud/prowler/pull/2914
• docs(pull-request): Include check list to create/review PR by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2913
• refactor(security_hub): Send findings in batches by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2868
• test(utils): Include missing tests by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2884
• test(ec2_instance_managed_by_ssm): missing tests by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2800
• test(vpc_peering_routing_tables_with_least_privilege): add test by @sergargar in https://github.com/prowler-cloud/prowler/pull/2889

Dependencies

• build(deps): bump azure-storage-blob from 12.18.1 to 12.18.2 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2916
• build(deps): bump cryptography from 41.0.3 to 41.0.4 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2856
• build(deps): bump google-api-python-client from 2.101.0 to 2.102.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2918
• build(deps): bump google-auth-httplib2 from 0.1.0 to 0.1.1 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2826
• build(deps): bump mkdocs-material from 9.4.3 to 9.4.4 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2917
• build(deps): bump mkdocs from 1.5.2 to 1.5.3 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2849
• build(deps): bump pydantic from 1.10.12 to 1.10.13 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2891
• build(deps): bump slack-sdk from 3.22.0 to 3.23.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2919
• build(deps): bump urllib3 from 1.26.15 to 1.26.17 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2896
• build(deps-dev): bump coverage from 7.3.1 to 7.3.2 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2895
• build(deps-dev): bump gitpython from 3.1.35 to 3.1.37 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2924
• build(deps-dev): bump moto from 4.2.4 to 4.2.5 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2892
• build(deps-dev): bump pylint from 3.0.0 to 3.0.1 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2920
• build(deps-dev): bump pytest from 7.4.1 to 7.4.2 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2827
• build(deps-dev): bump vulture from 2.8 to 2.9.1 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2785

New Contributors

• @CameronTStark made their first contribution in https://github.com/prowler-cloud/prowler/pull/2835
• @taylerhaviland made their first contribution in https://github.com/prowler-cloud/prowler/pull/2836
• @JackStuart made their first contribution in https://github.com/prowler-cloud/prowler/pull/2881
• @sbldevnet made their first contribution in https://github.com/prowler-cloud/prowler/pull/2786
• @devopspacellp made their first contribution in https://github.com/prowler-cloud/prowler/pull/2898

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.9.0...3.10.0

As a young boy chasing dragons With your wooden sword so mighty You're St. George or you're David and you always killed the beast Times change very quickly and you had to grow up early A house in smoking ruins and the bodies at your feet

Sometimes chasing dragons and some times walking on the edge of the blade. This Iron Maiden's song Flash of the Blade tells a good history about what comes on the table these days. Enjoy this great song written by Bruce Dickinson back in 1984 (https://www.youtube.com/watch?v=Qx0s8OqgBIw) while reading what's new!

New features to highlight in this version:

⚙️ New checks for AWS!

• New AWS Athena service with two new checks athena_workgroup_encryption and athena_workgroup_enforce_configuration.
• New AWS S3 check s3_bucket_kms_encryption.
• New AWS EC2 check ec2_instance_detailed_monitoring_enabled.
• New AWS IAM check iam_inline_policy_no_administrative_privileges with a new feature in the IAM service which now is capable of retrieving the inline policies for the Users, Roles and Groups.
• Now in the AWS ECR ecr_repositories_scan_vulnerabilities_in_latest_image you can configure the minimum severity for this check to raise a FAIL finding using the ecr_repository_vulnerability_minimum_severity configuration value. Read more at https://docs.prowler.cloud/en/latest/tutorials/configuration_file/

Try them with prowler aws and improve your security posture now! 🔒

🖌️ New CLI flag

• List all the checks in JSON format, ready to be consumed by the --checks-file flag. Try it with prowler aws --list-checks-json.

📖 Developer Guide

• We keep improving the Prowler documentation, specially the Developer Guide to help our contributors. Check it in the following link https://docs.prowler.cloud/en/latest/developer-guide/introduction/.

🧑‍🤝‍🧑 Two new Prowler contributors!

• Many thanks to @vysakh-devopspace and @gerardocampo for including more checks and keep improving Prowler!

What's Changed

Features

• feat(s3): Add S3 KMS encryption check by @singergs in https://github.com/prowler-cloud/prowler/pull/2757
• feat(ec2): New check ec2_instance_detailed_monitoring_enabled by @vysakh-devopspace in https://github.com/prowler-cloud/prowler/pull/2735
• feat(checks): dump all checks as a json file by @jchrisfarris in https://github.com/prowler-cloud/prowler/pull/2683
• feat(ecr_repositories_scan_vulnerabilities_in_latest_image): Minimum severity is configurable by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2736
• feat(iam): Check inline policies in IAM Users, Groups & Roles for admin priv's by @gerardocampo in https://github.com/prowler-cloud/prowler/pull/2750
• feat(compliance): Update AWS compliance frameworks after PR 2750 by @gerardocampo in https://github.com/prowler-cloud/prowler/pull/2771
• feat(athena): New AWS Athena service + 2 workgroup checks by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2696

Fixes

• fix(azure): Status extended ends with a dot by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2725
• fix(is_account_only_allowed_in_condition): Context name on conditions are case-insensitive by @christiandavilakoobin in https://github.com/prowler-cloud/prowler/pull/2726
• fix(gcp): Status extended ends with a dot by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2734
• fix(get_checks_from_input_arn): fix function and add tests by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2749
• fix(get_checks_from_input_arn): fix logic and add tests by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2764
• fix(get_regions_from_audit_resources): fix logic and add tests by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2766
• fix(nacls): Tests by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2760
• fix(iam_policy_allows_privilege_escalation): Handle admin permission so * by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2763
• fix(checks_to_execute): --checks and --resource_arn working together by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2743
• fix(ec2_securitygroup_default_restrict_traffic): fix check only allow empty rules by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2777

Chores

• chore(regions_update): Changes in regions for AWS services. by @sergargar in https://github.com/prowler-cloud/prowler/pull/2733, https://github.com/prowler-cloud/prowler/pull/2737, https://github.com/prowler-cloud/prowler/pull/2741, https://github.com/prowler-cloud/prowler/pull/2744, https://github.com/prowler-cloud/prowler/pull/2748, https://github.com/prowler-cloud/prowler/pull/2759, https://github.com/prowler-cloud/prowler/pull/2767 and https://github.com/prowler-cloud/prowler/pull/2773, https://github.com/prowler-cloud/prowler/pull/2776
• chore(parser): Move provider logic to their folder by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2746
• chore(s3): Move lib to the AWS provider and include tests by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2664

Security

• fix(security): GitPython issue by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2720

Documentation

• docs(style): Add more details by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2724
• docs(testing): Mocking the service and the service client at the service client level by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2747
• docs(audit_config): How to use it by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2739
• docs: explain output formats by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2774
• docs: Include new config ecr_repository_vulnerability_minimum_severity by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2775

Dependencies

• build(deps-dev): bump vulture from 2.7 to 2.8 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2727
• build(deps): bump mkdocs-material from 9.1.20 to 9.1.21 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2728
• build(deps): bump google-api-python-client from 2.95.0 to 2.96.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2729
• build(deps-dev): bump coverage from 7.2.7 to 7.3.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2730
• build(deps): bump azure-identity from 1.13.0 to 1.14.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2731
• build(deps): bump mkdocs-material from 9.1.21 to 9.2.1 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2752
• build(deps): bump google-api-python-client from 2.96.0 to 2.97.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2753
• build(deps-dev): bump pytest-randomly from 3.13.0 to 3.15.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2755
• build(deps): bump azure-mgmt-storage from 21.0.0 to 21.1.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2756
• build(deps): bump shodan from 1.29.1 to 1.30.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2754

Tests

• test(python): Test with 3.9, 3.10, 3.11 by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2718
• test(coverage): Add Codecov by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2719
• test(s3): Mock S3Control when used by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2722
• fix(test-vpc): use the right import paths by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2732
• tests(check_security_group) by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2740
• chore(tests): Replace sure with standard assert by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2738
• test(vpc_endpoint_services_allowed_principals_trust_boundaries) by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2768
• fix(test): Update moto to 4.1.15 and update tests by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2769

New Contributors

• @vysakh-devopspace made their first contribution in https://github.com/prowler-cloud/prowler/pull/2735
• @gerardocampo made their first contribution in https://github.com/prowler-cloud/prowler/pull/2750

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.8.2...3.9.0

Fixes

• fix(shub): handle default output filename error by @sergargar in https://github.com/prowler-cloud/prowler/pull/2709
• fix(s3_bucket_policy_public_write_access): look at account and bucket-level public access block settings by @jchrisfarris in https://github.com/prowler-cloud/prowler/pull/2715

Chores

• chore(release): update Prowler Version to 3.8.1 by @sergargar in https://github.com/prowler-cloud/prowler/pull/2706
• docs(developer-guide): Update checks, services and include testing by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2705
• chore(aws): Improve tests and status from accessanalyzer to cloudwatch by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2711
• chore(aws): 2nd round - Improve tests and include dot in status extended by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2714
• chore(regions_update): Changes in regions for AWS services. by @sergargar in https://github.com/prowler-cloud/prowler/pull/2712 and https://github.com/prowler-cloud/prowler/pull/2717

Documentation

• docs(dev-guide): Fix a list and include some details to use the report by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2710

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.8.1...3.8.2

Fixes

• fix(cloudfront): fix ViewerProtocolPolicy and GeoRestrictionType by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2701
• fix(config): Pass a configuration file using --config-file config.yaml by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2679
• fix(ec2-securitygroups): Handle IPv6 public by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2690
• fix(Enum): handle Enum classes correctly by @sergargar in https://github.com/prowler-cloud/prowler/pull/2702
• fix(ds): Restore enums without optional by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2704
• fix(iam): password policy expiration by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2694
• fix(iam-dynamodb): Handle errors by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2680
• fix(iam_role_cross_service_confused_deputy_prevention): add ResourceAccount and PrincipalAccount conditions by @sergargar in https://github.com/prowler-cloud/prowler/pull/2689
• fix(organizations): request Organization Info after assume_role occurs by @jchrisfarris in https://github.com/prowler-cloud/prowler/pull/2682
• fix(security hub): include custom output filename in resolve_security_hub_previous_findings by @sergargar in https://github.com/prowler-cloud/prowler/pull/2687
• fix(sns): allow default SNS policy with SourceOwner by @christiandavilakoobin in https://github.com/prowler-cloud/prowler/pull/2698
• fix(typo): spelling typo in organizations_scp_check_deny_regions by @sergargar in https://github.com/prowler-cloud/prowler/pull/2691

Dependencies

• build(deps): bump mkdocs from 1.4.3 to 1.5.2 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2684
• build(deps-dev): bump pylint from 2.17.4 to 2.17.5 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2685

Documentation

• docs(aws-orgs): Update syntax by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2703
• docs(organizations): fix script and improve titles by @sergargar in https://github.com/prowler-cloud/prowler/pull/2693

Chores

• chore(azure): Improve AzureService class with set_clients by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2676
• chore(print): prettify prints of listings and logs by @sergargar in https://github.com/prowler-cloud/prowler/pull/2699
• chore(regions_update): Changes in regions for AWS services. by @sergargar in https://github.com/prowler-cloud/prowler/pull/2677, https://github.com/prowler-cloud/prowler/pull/2688, https://github.com/prowler-cloud/prowler/pull/2692 and https://github.com/prowler-cloud/prowler/pull/2700
• chore(service): service class type hints by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2695

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.8.0...3.8.1

A war in heaven in God's rage He put me in this burning cage Holy fury locks me in Imprisoned by my deadly sin Every hour the shadow king Wonders what his clock will bring I've lived and loved and that's for sure My fatal quest forever more

2 weeks before this release, most of the Prowler full time team were watching Iron Maiden live, probably the best day of the year for us being together. This song Days of Future Past was the fourth they played in that show, we invite you to play it while reading what is new in this version that we have just crafted for you all right before BlackHat, DEFCON and BSides Vegas. Remember we will be at Black Hat Arsenal on Wednesday!

Special thanks for contributions on this release to @jchrisfarris, @edurra and @gabriel-pragin-clearscale, your code and feedback is very helpful to improve Prowler. THANK YOU!

New features to highlight in this version:

🥳 GCP scans are now x10 faster!

• We have improved the way Prowler scans GCP regions, locations and zones so now it is on average 10 times faster than before. Try it with prowler gcp --compliance cis_2.0_gcp if you dare!

📝 New Azure service supported sqlserver and 3 new checks available

• sqlserver_auditing_enabled, sqlserver_azuread_administrator_enabled and sqlserver_unrestricted_inbound_access.
• We have added new service to the Azure provider for sqlserver with 3 checks. Try them with prowler azure --service sqlserver and let us know!

⚙️ New checks for AWS!:

• Two new checks for AWS for S3:s3_bucket_public_list_acl and s3_bucket_public_write_acl. Try them with prowler aws --service s3 and improve your security posture now!

What's Changed

Features

• feat(aws): New AWSService class as parent by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2638
• feat(azure): add Azure SQL Server service and 3 checks by @edurra in https://github.com/prowler-cloud/prowler/pull/2665
• feat(azure): New parent class by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2642
• feat(gcp): Add internet-exposed and encryption categories by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2663
• feat(gcp): Improve gcp performance by @sergargar in https://github.com/prowler-cloud/prowler/pull/2662
• feat(gcp): Parent class by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2641
• feat(s3): Add checks for publicly listable Buckets or writable buckets by ACL by @jchrisfarris in https://github.com/prowler-cloud/prowler/pull/2628

Fixes

• fix(cloudtrail): Set status to INFO when trail is outside the audited account by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2643
• fix(cryptography): Update to 41.0.3 by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2661
• fix(docs): Azure auth and Slack integration by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2659
• fix(ec2_instance_secrets_user_data): Include line numbers in status by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2639
• fix(iam_policy_allows_privilege_escalation): Handle permissions in groups by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2655
• fix(outputs): Not use reserved keyword list as variable by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2657
• fix(s3_bucket_level_public_access_block): check s3 public access block at account level by @sergargar in https://github.com/prowler-cloud/prowler/pull/2653
• fix(sns): handle topic policy conditions by @sergargar in https://github.com/prowler-cloud/prowler/pull/2660
• fix(test_only_aws_service_linked_roles): Flaky test by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2666
• fix(vpc_endpoint_connections_trust_boundaries): Handle AWS Account ID as Principal by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2611

Tests

• test(ec2): security groups by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2627
• fix(test): mock VPC client by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2640
• test(azure): Defender service by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2669
• test(azure): IAM service by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2670
• test(azure): SQL Server Service by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2671
• test(azure): Storage Service by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2672

Chores

• chore(metadata): Typos by @gabriel-pragin-clearscale in https://github.com/prowler-cloud/prowler/pull/2629 and https://github.com/prowler-cloud/prowler/pull/2646
• chore(regions_update): Changes in regions for AWS services. by @sergargar in https://github.com/prowler-cloud/prowler/pull/2630, https://github.com/prowler-cloud/prowler/pull/2634, https://github.com/prowler-cloud/prowler/pull/2637, https://github.com/prowler-cloud/prowler/pull/2654 and https://github.com/prowler-cloud/prowler/pull/2658
• chore(security-hub): Explain Unique ID by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2631
• refactor(vpc_endpoint_connections_trust_boundaries) by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2667
• chore(readme): update providers summary table by @sergargar in https://github.com/prowler-cloud/prowler/pull/2673

Dependencies

• build(deps): bump azure-mgmt-authorization from 3.0.0 to 4.0.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2652
• build(deps): bump google-api-python-client from 2.94.0 to 2.95.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2649
• build(deps): bump mkdocs-material from 9.1.19 to 9.1.20 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2648
• build(deps-dev): bump flake8 from 6.0.0 to 6.1.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2651
• build(deps-dev): bump moto from 4.1.13 to 4.1.14 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2650

New Contributors

• @jchrisfarris made their first contribution in https://github.com/prowler-cloud/prowler/pull/2628
• @edurra made their first contribution in https://github.com/prowler-cloud/prowler/pull/2665

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.7.2...3.8.0

Fixes

• fix(allowlist): single account checks handling by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2585
• fix(assume_role): Set the AWS STS endpoint region by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2587
• fix(compute): solve key errors in compute service by @sergargar in https://github.com/prowler-cloud/prowler/pull/2610
• fix(ec2_ami_public): correct check metadata and logic by @sergargar in https://github.com/prowler-cloud/prowler/pull/2618
• fix(ecs_task_def_secrets): Improve description to explain findings by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2621
• fix(guardduty): handle disabled detectors in guardduty_is_enabled by @sergargar in https://github.com/prowler-cloud/prowler/pull/2616
• fix(opensearch): log exception as WARNING by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2581
• fix(pypi-release): solve GH action for release by @sergargar in https://github.com/prowler-cloud/prowler/pull/2624
• fix(s3): __get_object_lock_configuration__ warning logs by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2608
• fix(security): certifi issue by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2623
• fix(ssm_incidents): Handle empty name by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2591

Dependencies

• build(deps): bump azure-storage-blob from 12.16.0 to 12.17.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2596
• build(deps): bump google-api-python-client from 2.93.0 to 2.94.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2614
• build(deps): bump mkdocs-material from 9.1.18 to 9.1.19 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2615
• build(deps): bump pydantic from 1.10.11 to 1.10.12 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2613
• build(deps-dev): bump moto from 4.1.12 to 4.1.13 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2598

Chores

• chore(ec2): add SG name to resource_details by @sergargar in https://github.com/prowler-cloud/prowler/pull/2495
• chore(metadata): Typos by @gabriel-pragin-clearscale in https://github.com/prowler-cloud/prowler/pull/2594
• chore(regions_update): Changes in regions for AWS services. by @sergargar in https://github.com/prowler-cloud/prowler/pull/2606

Tests

• test(aws_provider): Role and User MFA by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2486

Documentation

• docs(boto3-configuration): format list by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2609
• docs(README): typos in README.md by @kagahd in https://github.com/prowler-cloud/prowler/pull/2579

New Contributors

• @gabriel-pragin-clearscale made their first contribution in https://github.com/prowler-cloud/prowler/pull/2594

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.7.1...3.7.2

Fixes

• fix(iam): Handle NoSuchEntityException when calling list_attached_role_policies by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2571
• fix(allowlist): handle wildcard in account field by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2577
• fix(cond parser): add policy condition parser & apply in SQS public check by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2575

Dependencies

• build(deps-dev): bump pytest-randomly from 3.12.0 to 3.13.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2567
• build(deps): bump boto3 from 1.26.161 to 1.26.165 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2566
• build(deps): bump pydantic from 1.10.9 to 1.10.11 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2568
• build(deps-dev): bump openapi-spec-validator from 0.5.7 to 0.6.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2569
• build(deps): bump google-api-python-client from 2.91.0 to 2.92.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2570

Chores

• chore(compliance): CIS Benchmark 2.0 for AWS by @toniblyx in https://github.com/prowler-cloud/prowler/pull/2562
• chore(regions_update): Changes in regions for AWS services. by @sergargar in https://github.com/prowler-cloud/prowler/pull/2560, https://github.com/prowler-cloud/prowler/pull/2561, https://github.com/prowler-cloud/prowler/pull/2572, https://github.com/prowler-cloud/prowler/pull/2574

Tests

• test(outputs): Remove debug by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2559

Documentation

• docs: Update Compliance in README by @toniblyx in https://github.com/prowler-cloud/prowler/pull/2563

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.7.0...3.7.1

Trapped in the web, but I cut the threads Show you the gates of tomorrow Trapped in the web, no mercy is shed Show you the gates of tomorrow Trapped in the web, slaves to the dead Show you the gates of tomorrow Trapped in the web, but I cut the threads Show you the gates of tomorrow

As the song says, this version of Prowler is opening gates of tomorrow! More compliance frameworks like MITRE ATT&CK®, ISO27001 (2013), AWS Well-Architected Framework Reliability pillar (in addition to the existing Security pillar), better support for the Allowlist feature, with all 73 checks for GCP covering CIS Benchmark 2.0 for Google Cloud! Take this one and start closing doors to the bad guys!

New features to highlight in this version:

🥳 GCP CIS v2.0.0 benchmark coverage!

• Prowler now supports CIS v2.0.0 benchmark for Google Cloud Platform! There were added 73 checks of GCP to fully cover the CIS framework, you can execute it with the following flag to get all CSV standard and compliance, HTML, JSON and JSON OCSF reports:

prowler gcp --compliance cis_2.0_gcp

📝 New AWS compliance frameworks available

• Prowler now supports MITRE ATT&CK for AWS, ISO27001 (2013) for AWS and AWS Well-Architected Framework Reliability Pillar v0.1. Also, the Spanish ENS RD2022 Compliance Framework has been updated.

• You can run the new compliance frameworks with the following command:

prowler aws --compliance mitre_attack_aws
prowler aws --compliance iso27001_2013_aws
prowler aws --compliance aws_well_architected_framework_reliability_pillar_aws
prowler aws --compliance ens_rd2022_aws

⚙️ Allowlist supports exceptions:

• For each check you can except Accounts, Regions, Resources and/or Tags, see more in https://docs.prowler.cloud/en/latest/tutorials/allowlist/. Thanks @zfLQ2qx2 for the feedback!

Allowlist:
  Accounts:
    "*":
      Checks:
        "ecs_task_definitions_no_environment_secrets":
          Regions:
            - "*"
          Resources:
            - "*"
          Exceptions:
            Accounts:
              - "0123456789012"
            Regions:
              - "eu-west-1"
              - "eu-south-2"        # Will ignore every resource in check ecs_task_definitions_no_environment_secrets except the ones in account 0123456789012 located in eu-south-2 or eu-west-1

    "123456789012":
      Checks:
        "*":
          Regions:
            - "*"
          Resources:
            - "*"
          Exceptions:
            Resources:
              - "test"
            Tags:
              - "environment=prod"   # Will ignore every resource except in account 123456789012 except the ones containing the string "test" and tag environment=prod

What's Changed

Features

• feat(ENS): complete ENS Compliance Framework mapping by @sergargar in https://github.com/prowler-cloud/prowler/pull/2534
• feat(MITRE): add MITRE ATT&CK framework for AWS by @sergargar in https://github.com/prowler-cloud/prowler/pull/2537
• feat(allowlist): add exceptions to allowlist by @sergargar in https://github.com/prowler-cloud/prowler/pull/2527
• feat(compliance): AWS Well-Architected Framework Reliability Pillar v0.1 by @sssalim-aws in https://github.com/prowler-cloud/prowler/pull/2536
• feat(compliance): add ISO27001 compliance framework by @pedromarting3 in https://github.com/prowler-cloud/prowler/pull/2517
• feat(lambda service): mapping lambda service to awslambda by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2538
• feat(gcp): add CIS checks by @sergargar in https://github.com/prowler-cloud/prowler/pull/2544

Fixes

• fix(apigw): Update metadata for API GW checks by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2512
• fix(bigquery_dataset_public_access): handle status correctly by @sergargar in https://github.com/prowler-cloud/prowler/pull/2542
• fix(cloudwatch secrets): fix nonetype error handling by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2543
• fix(compliance): add version to ISO27001 by @sergargar in https://github.com/prowler-cloud/prowler/pull/2523
• fix(compliance): remove unnecessary Optional attributes by @sergargar in https://github.com/prowler-cloud/prowler/pull/2514
• fix(contrib): migrate multi-account-securityhub/run-prowler-securityhub.sh to v3 by @sergargar in https://github.com/prowler-cloud/prowler/pull/2503
• fix(gcp): update Prowler SDK info of GCP by @sergargar in https://github.com/prowler-cloud/prowler/pull/2515
• fix(iam): add StringLike condition in iam_role_cross_service_confused_deputy_prevention by @sergargar in https://github.com/prowler-cloud/prowler/pull/2533
• fix(list-checks): handle listing checks when -s by @sergargar in https://github.com/prowler-cloud/prowler/pull/2540
• fix(security hub): solve Security Hub format requirements by @sergargar in https://github.com/prowler-cloud/prowler/pull/2520
• fix(vpc): handle ephemeral VPC endpoint services by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2501
• fix(reporting docs): fix S3 reporting desc by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2551
• fix(allowlist): reformat allowlist logic by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2555

Chores

• chore(OCSF): improve OCSF logic by @sergargar in https://github.com/prowler-cloud/prowler/pull/2502
• chore(ec2): reduce noise in Security Groups checks by @sergargar in https://github.com/prowler-cloud/prowler/pull/2525
• chore(region): add get_default_region function in AWS Services by @sergargar in https://github.com/prowler-cloud/prowler/pull/2524
• chore(regions_update): Changes in regions for AWS services. by @sergargar in https://github.com/prowler-cloud/prowler/pull/2539
• chore(docs): update DynamoDB allowlist example by @sergargar in https://github.com/prowler-cloud/prowler/pull/2552
• chore(docs): Update Amazon Linux 2 installation by @czantoine in https://github.com/prowler-cloud/prowler/pull/2553

Dependencies

• build(deps): bump boto3 from 1.26.147 to 1.26.156 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2511
• build(deps): bump botocore from 1.29.156 to 1.29.161 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2528
• build(deps): bump google-api-python-client from 2.89.0 to 2.90.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2531
• build(deps): bump mkdocs-material from 9.1.16 to 9.1.17 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2529
• build(deps-dev): bump moto from 4.1.11 to 4.1.12 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2530
• build(deps-dev): bump openapi-spec-validator from 0.5.6 to 0.5.7 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2507
• build(deps-dev): bump pytest from 7.3.2 to 7.4.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2532

New Contributors

• @czantoine made their first contribution in https://github.com/prowler-cloud/prowler/pull/2553

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.6.1...3.7.0

Fixes

• fix(rds checks): test if key exists prior checking it by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2489
• fix(security hub): Adds logic to map to valid ASFF statuses by @ckdake in https://github.com/prowler-cloud/prowler/pull/2491
• fix(route53): correct Hosted Zone ARN by @sergargar in https://github.com/prowler-cloud/prowler/pull/2494
• fix(asff): handle empty Recommendation Url by @sergargar in https://github.com/prowler-cloud/prowler/pull/2496

New Contributors

• @ckdake made their first contribution in https://github.com/prowler-cloud/prowler/pull/2491

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.6.0...3.6.1

Die With Your Boots On is a song of Iron Maiden's album Piece of mind, it is self explanatory, we like the vibe of that song in their lives, watch it here. Basically, this is what we do here, we go all in or nothing! 💪🏼 We are bringing the best we have in this code of Prowler 3.6.0: some new checks, improved GCP support, new features, more fixes making it a better piece of software and more helpful for your daily job 😄 Remember to run pip install prowler --upgrade and rock on! 🤘

New features to highlight in this version:

🥳 GCP Multi-Project support:

• Prowler now supports GCP Multi-Project scans! By default Prowler will scan all the GCP Projects that is allowed to scan, if you want to scan a single project or various specific projects you can use the following flag:

prowler gcp --project-ids <Project ID 1> <Project ID 2> ... <Project ID N>

✅ 16 new checks for GCP (Thanks to @jit-contrib ! 💪🏼 ):

• New services ApiKeys, DNS and Dataproc are covered and additional checks for Compute and IAM services.
• See all checks with prowler gcp --list-checks

📝 OCSF Integration (Hello Amazon Security Lake!):

• OCSF JSON was added as a default output for AWS, Azure and GCP. It was based on the OCSF Schema's Security Finding v1.0.0-rc.3.

📊 AWS Well Architected Framework:

• The Security Pillar of the AWS Well-Architected Framework is now supported by Prowler, you can run it with the following command:

prowler aws --compliance aws_well_architected_framework_security_pillar_aws

⚙️ MFA supported in AWS:

• If your IAM entity enforces MFA for AWS Calls you can use --mfa and Prowler will ask you to input the following values to get a new session:

prowler aws --mfa
Enter ARN of MFA: arn:aws:iam::012345678910:mfa/xxxxxx
Enter MFA code: XXXXXX

What's Changed

Features

• feat(checks-gcp): Include 4 new checks covering GCP CIS by @jit-contrib in https://github.com/prowler-cloud/prowler/pull/2376
• feat(gcp): add 12 new checks for CIS Framework by @jit-contrib in https://github.com/prowler-cloud/prowler/pull/2426
• feat(gcp): add --project-ids flag and scan all projects by default by @sergargar in https://github.com/prowler-cloud/prowler/pull/2393
• feat(mfa): Add MFA flag if it is required by AWS IAM Entity by @senyberg in https://github.com/prowler-cloud/prowler/pull/2478
• feat(new_security_framework): AWS Well Architected Framework security pillar by @pedromarting3 in https://github.com/prowler-cloud/prowler/pull/2382
• feat(ocsf): add OCSF format as JSON output for AWS, Azure and GCP. Hello Amazon Security Lake! by @sergargar in https://github.com/prowler-cloud/prowler/pull/2429
• feat(vpc): add check vpc_subnet_no_public_ip_by_default by @senyberg in https://github.com/prowler-cloud/prowler/pull/2472
• feat(wellarchitected): add WellArchitected service and check by @sergargar in https://github.com/prowler-cloud/prowler/pull/2461

Fixes

• fix(arn validator): include : in regex by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2471
• fix(aws): Add missing resources ARN by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2453
• fix(azure): fix empty subscriptions case by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2455
• fix(backup): Handle last_execution_date when None by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2454
• fix(browser auth): fix browser auth in Azure to include tenant id by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2415
• fix(cloudfront): Bad https_enabled check comparison by @christiandavilakoobin in https://github.com/prowler-cloud/prowler/pull/2430
• fix(codebuild): handle FAIL in codebuild_project_user_controlled_buildspec by @sergargar in https://github.com/prowler-cloud/prowler/pull/2410
• fix(dataevents checks): add trails home region by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2484
• fix(ec2): handle false positive in ec2_securitygroup_allow_ingress_from_internet_to_any_port by @sergargar in https://github.com/prowler-cloud/prowler/pull/2449
• fix(ecr): handle LifecyclePolicyNotFoundException by @sergargar in https://github.com/prowler-cloud/prowler/pull/2411
• fix(efs): Include resource ARN and handle from input by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2452
• fix(inventory): handle exception for every call by @sergargar in https://github.com/prowler-cloud/prowler/pull/2457
• fix(kms): check only KMS CMK tags by @sergargar in https://github.com/prowler-cloud/prowler/pull/2468
• fix(README): add references to tenant-id when browser auth by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2439
• fix(services): Handle AWS service errors by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2440
• fix(services): verify Route53 records and handle TrustedAdvisor error by @sergargar in https://github.com/prowler-cloud/prowler/pull/2448
• fix(typo): typo in README.md by @sergargar in https://github.com/prowler-cloud/prowler/pull/2406
• fix(typo) typo in README.md by @toniblyx in https://github.com/prowler-cloud/prowler/pull/2407

Chores

• chore(arn): add missing ARNs to AWS Services by @sergargar in https://github.com/prowler-cloud/prowler/pull/2476
• chore(arn): include ARN of AWS accounts by @sergargar in https://github.com/prowler-cloud/prowler/pull/2477
• chore(boto3): update boto3 config by @sergargar in https://github.com/prowler-cloud/prowler/pull/2459
• chore(compliance): Update Description in aws_well_architected_framework_security_pillar_aws.json by @sssalim-aws in https://github.com/prowler-cloud/prowler/pull/2432
• chore(docs): add summary table to README.md by @toniblyx in https://github.com/prowler-cloud/prowler/pull/2402
• chore(docs): Create CONTRIBUTING.md by @toniblyx in https://github.com/prowler-cloud/prowler/pull/2416
• chore(docs): improve allowlist suggestion by @sergargar in https://github.com/prowler-cloud/prowler/pull/2466
• chore(docs): improve custom checks docs by @sergargar in https://github.com/prowler-cloud/prowler/pull/2428
• chore(logo): Add Prowler logo in SVG format & Propose to Prowler icon design by @dsict in https://github.com/prowler-cloud/prowler/pull/2423
• chore(quick inventory): add warning message by @sergargar in https://github.com/prowler-cloud/prowler/pull/2460
• chore(regions_update): Changes in regions for AWS services. by @sergargar in https://github.com/prowler-cloud/prowler/pull/2474
• chore(vpc): add mapPublicIpOnLaunch attribute to VPC subnets by @senyberg in https://github.com/prowler-cloud/prowler/pull/2470

Dependencies

• build(deps): bump alive-progress from 3.1.1 to 3.1.4 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2446
• build(deps): bump boto3 from 1.26.142 to 1.26.147 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2480
• build(deps): bump botocore from 1.29.147 to 1.29.152 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2482
• build(deps): bump cryptography from 40.0.2 to 41.0.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2436
• build(deps): bump google-api-python-client from 2.86.0 to 2.88.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2483
• build(deps): bump mkdocs-material from 9.1.12 to 9.1.15 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2420
• build(deps): bump pydantic from 1.10.8 to 1.10.9 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2481
• build(deps-dev): bump coverage from 7.2.5 to 7.2.7 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2422
• build(deps-dev): bump docker from 6.1.2 to 6.1.3 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2445
• build(deps-dev): bump moto from 4.1.10 to 4.1.11 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2443
• build(deps-dev): bump pytest-xdist from 3.3.0 to 3.3.1 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2421
• build(deps-dev): bump pytest from 7.3.1 to 7.3.2 by @dependabot in https://github.com/prowler-cloud/prowler/pull/2479

New Contributors

• @jit-contrib made their first contribution in https://github.com/prowler-cloud/prowler/pull/2376
• @dsict made their first contribution in https://github.com/prowler-cloud/prowler/pull/2423
• @sssalim-aws made their first contribution in https://github.com/prowler-cloud/prowler/pull/2432
• @christiandavilakoobin made their first contribution in https://github.com/prowler-cloud/prowler/pull/2430
• @senyberg made their first contribution in https://github.com/prowler-cloud/prowler/pull/2470

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.5.3...3.6.0