Prowler 3.15.2 - Children of the Damned

Fixes

• fix(actions): Remove indent by @jfagoagas in #3577
• fix(cloudtrail): use dictionary instead of list by @sergargar in #3579

Full Changelog: 3.15.1...3.15.2

Prowler 3.15.1 - Children of the Damned

Fixes

• fix(action): Release on whatever branch by @jfagoagas in #3576
• fix(iam): handle KeyError in service_last_accessed by @sergargar in #3555

Chores

• chore(compliance): rename AWS FTR compliance by @sergargar in #3550
• chore(readme): update number of Prowler checks by @sergargar in #3544
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3547
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3552
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3566
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3571
• chore(release): update Prowler Version to 3.15.0 by @n4ch04 in #3543

Dependencies

• build(deps): bump azure-mgmt-compute from 30.5.0 to 30.6.0 by @dependabot in #3559
• build(deps): bump tj-actions/changed-files from 42 to 43 by @dependabot in #3560
• build(deps): bump trufflesecurity/trufflehog from 3.69.0 to 3.70.2 by @dependabot in #3561
• build(deps-dev): bump black from 24.2.0 to 24.3.0 by @dependabot in #3563
• build(deps-dev): bump coverage from 7.4.3 to 7.4.4 by @dependabot in #3558
• build(deps-dev): bump mkdocs-material from 9.5.12 to 9.5.14 by @dependabot in #3562

Full Changelog: 3.15.0...3.15.1

Prowler 3.15.0 - Children of the Damned

You’re children of the damned
Your backs against the wall
You turn into the light
You’re burning in the night

Beware the cloud security issues that paralyze! As per Bruce Dickinson comments at the BBC, this Iron Maiden song part of The Number of the Beast album was inspired by by Black Sabbath’s “Children of the Sea”. In any case, let’s put all those cloud security misconfigurations against the wall now!

Enjoy it! 🤘🏽🔥

New features to highlight in this version:

💪🏼 40 New Azure checks

• Prowler is improving its Azure coverage by including 40 new checks that appears in the CIS Benchmark v2.1.0.
  (Thanks @Hugo966, @pedrooot and @puchy22 for their contributions and performance!)

See all the new available checks with prowler azure -l

🔒 Shodan.io support for Azure and GCP

• Now, Prowler lets you also check if any public IPs in Azure or GCP are exposed in Shodan.
  Try it with prowler gcp -c compute_public_address_shodan --shodan <API_KEY> and prowler azure -c network_public_ip_shodan --shodan <API_KEY>

The Shodan API Key can also be set in the config.yaml file instead of using the --shodan flag.

✅ Added Kubernetes Coverage in Cloud Providers

• New checks that cover Kubernetes managed services in AWS (EKS), Azure (AKS) and in GCP (GKE/GCR) are now available in Prowler. Try them with prowler aws/azure/gcp --services eks/aks/gke

📝 New AWS FTR Compliance

• AWS FTR helps you identify AWS Well-Architected best practices specific to your software or solution.
  You can execute the new AWS Foundational Technical Review Compliance Framework with prowler aws --compliance foundational_technical_review_aws

Features

• feat(aws): add 2 new Amazon EKS checks from CIS by @sergargar in #3439
• feat(aws): Get organizations metadata if delegated admin by @jfagoagas in #3435
• feat(azure): add new check related with cmk by @Hugo966 in #3466
• feat(azure): add new check related with Public IPs in Shodan.io by @pedrooot in #3433
• feat(azure): Azure new checks related with AKS by @puchy22 in #3476
• feat(azure): Azure new checks related with App Service by @puchy22 in #3432
• feat(azure): Azure new check policy_ensure_asc_enforcement_enabled by @puchy22 in #3452
• feat(azure): Checks related to Azure Keyvault by @pedrooot in #3430
• feat(Azure): Entra service with two checks by @puchy22 in #3510
• feat(azure): New azure monitor check monitor_ensure_diagnostic_setting_appropriate by @Hugo966 in #3421
• feat(azure): new monitoring check ensuring storage account with logs private by @Hugo966 in #3453
• feat(azure): New check related with network flow logs by @Hugo966 in #3535
• feat(azure): 10 new checks related with alerts in monitoring by @Hugo966 in #3516
• feat(compliance): Add new compliance foundational_technical_review_aws by @pedrooot in #3511
• feat(gcp): add 3 new checks for GKE CIS by @sergargar in #3440
• feat(gcp): add Shodan check for GCP External Addresses by @sergargar in #3486

Fixes

• fix(checks_loader): Handle exceptions and always load checks by @jfagoagas in #3479
• fix(check_loader): Add validation in 'Categories' field from metadata by @pedrooot in #3480
• fix(cloudwatch): correct recommendation text by @sergargar in #3538
• fix(compliance): add default severity to Manual Mocked Metadata by @sergargar in #3484
• fix(compliance): set correct CSV Compliance model for CIS by @sergargar in #3503
• fix(compliance): set Generic Compliance as last model by @sergargar in #3487
• fix(compliance): set the provider dynamically in Manual checks by @sergargar in #3502
• fix(docs): Add docs group to install by @jfagoagas in #3436
• fix(docs): Fix some typos in requirements page by @pedrooot in #3504
• fix(docs): Fix typo and change info about mocking by @pedrooot in #3438
• fix(docs): readthedocs install by @jfagoagas in #3437
• fix(ecr): check if ECR Repository Policies does not exist by @sergargar in #3451
• fix(error_handling): delete unnecessary error in logger.error by @pedrooot in #3454
• fix(gcp): handle KeyError in Compute service by @sergargar in #3471
• fix(gcp): remove Default Project ID requirement by @sergargar in #3459
• fix(glue): Add mocked ARN by @jfagoagas in #3515
• fix(iam): ignore Root User in iam_user_mfa_enabled_console_access by @sergargar in #3537
• fix(LICENSE): update LICENSE copyright by @sergargar in #3508
• fix(security_hub): Handle user facing errors by @jfagoagas in #3456

Chores

• chore(action): Link docs in PR by @jfagoagas in #3448
• chore(allowlist): add AFT IAM roles to allowlist by @sergargar in #3460
• chore(arn): improve resource ARNs in checks by @sergargar in #3388
• chore(azure): Manage new errors in the Defender service by @puchy22 in #3534
• chore(docs): improve documentation for Azure debugging by @pedrooot in #3411
• chore(docs): Prettify notes and add dates by @jfagoagas in #3434
• chore(fixme): Add fixme for credentials refresh by @jfagoagas in #3485
• chore(gcp): set GCP account in output file name by @sergargar in #3461
• chore(README): update checks summary table by @sergargar in #3483
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3429
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3457
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3465
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3473
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3505
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3509
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3518
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3520
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3528
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3533
• chore(release): update Prowler Version to 3.14.0 by @n4ch04 in #3422
• chore: update feature request label by @jfagoagas in #3464
• docs(compliance): Add newline to format list by @jfagoagas in #3455
• docs: New overview page by @toniblyx in #3427
• docs: Update documentation links by @jfagoagas in #3424
• docs: Update README.md with bigger Slack link by @toniblyx in #3425

Dependencies

• build(deps): bump azure-keyvault-keys from 4.8.0 to 4.9.0 by @dependabot in #3443
• build(deps): bump azure-storage-blob from 12.19.0 to 12.19.1 by @dependabot in #3527
• build(deps): bump cryptography from 42.0.2 to 42.0.4 by @dependabot in #3428
• build(deps): bump google-api-python-client from 2.120.0 to 2.122.0 by @dependabot in #3531
• build(deps): bump slack-sdk from 3.27.0 to 3.27.1 by @dependabot in #3494
• build(deps): bump trufflesecurity/trufflehog from 3.68.4 to 3.69.0 by @dependabot in #3522
• build(deps-dev): bump...

Prowler 3.14.0 - Paschendale

Home, far away
From the war, a chance to live again
Home, far away
But the war, no chance to live again

Iron Maiden's Paschendale.

Prowler 3.14 is here! Like the PI number, this version will drive you through the magic of fixing security issues in your cloud infrastructure, more Azure checks for your joy and amusement. Enjoy it! 🤘🏽🔥

New features to highlight in this version:

💪🏼 25 New Azure checks

• Prowler is improving its Azure coverage by including 25 more new checks that appears in the CIS Benchmark v2.0.0.
  (Thanks again @pedrooot and @puchy22 for their contributions, way to go!)

See all the new available checks with prowler azure -l

Features

• feat(azure): Add new checks related to Network service by @pedrooot in #3402
• feat(azure): Add new checks related to PostgreSQL service by @pedrooot in #3409
• feat(azure): Add new checks related App Insights service by @puchy22 in #3395
• feat(azure): Add new checks related MySQL service by @puchy22 in #3385
• feat(azure): Add new checks related to CosmosDB by @pedrooot in #3386
• feat(azure): Add new checks related VMs service. by @puchy22 in #3408

Fixes

• fix(azure): Typo in appinsights service by @puchy22 in #3407
• fix(backup): handle if last_attempted_execution_date is None by @sergargar in #3394
• fix(inspector2): Report must have status field by @jfagoagas in #3419
• fix(labeler): Add right path for testing by @jfagoagas in #3405
• fix(labeler): Work on forks too by @jfagoagas in #3410
• fix(storage): update metadata with CIS 2.0 in storage_default_network_access_rule_is_denied by @Hugo966 in #3387

Chores

• chore(list): list compliance and categories sorted by @sergargar in #3381
• chore(pull-request): Add automatic labeler by @jfagoagas in #3398
• chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3384, #3401 and #3406
• chore(release): update Prowler Version to 3.13.0 by @sergargar in #3380
• test(aws): Add default Boto3 credentials by @jfagoagas in #3404

Dependencies

• build(deps): bump google-api-python-client from 2.116.0 to 2.117.0 by @dependabot in #3391
• build(deps): bump google-api-python-client from 2.117.0 to 2.118.0 by @dependabot in #3417
• build(deps): bump mkdocs-material from 9.5.6 to 9.5.9 by @dependabot in #3392
• build(deps): bump mkdocs-material from 9.5.9 to 9.5.10 by @dependabot in #3416
• build(deps): bump slack-sdk from 3.26.2 to 3.27.0 by @dependabot in #3415
• build(deps): bump trufflesecurity/trufflehog from 3.67.2 to 3.67.5 by @dependabot in #3393
• build(deps): bump trufflesecurity/trufflehog from 3.67.5 to 3.67.6 by @dependabot in #3412
• build(deps-dev): bump bandit from 1.7.6 to 1.7.7 by @dependabot in #3390
• build(deps-dev): bump black from 24.1.1 to 24.2.0 by @dependabot in #3389
• build(deps-dev): bump moto from 5.0.1 to 5.0.2 by @dependabot in #3413
• build(deps-dev): bump pytest from 8.0.0 to 8.0.1 by @dependabot in #3414

New Contributors

• @Hugo966 made their first contribution in #3387

Full Changelog: 3.13.0...3.14.0

Prowler 3.13.1 - El Dorado [YANKED]

Fixes

• fix(backup): handle if last_attempted_execution_date is None by @sergargar in #3394
• fix(inspector2): Report must have status field by @jfagoagas in #3419

Full Changelog: 3.13.0...3.13.1

Prowler 3.13.0 - El Dorado

El Dorado, come and play
El Dorado, step this way
Take a ticket for the ride
El Dorado streets of gold
See my ship is oversold
You got one last chance to try

Iron Maiden's El Dorado song is part of the Final Frontier album, and it won a Grammy Award as the best metal song, not bad uh? This song talks about economic situation back in 2010. In the current situation of companies all over the place laying off people, I wanted to give virtual hugs to all that people from the Prowler Team and remember, Open Source is always rewarding for you to learn and for others!

Prowler 3.13 is probably the latest of the 3 series (v4 looks promising!). As you can see, we are working hard on Azure and many other features.

Enjoy it! 🤘🏽🔥

New features to highlight in this version:

💪🏼 21 New Azure checks

• Prowler is improving its Azure coverage by including 21 new checks that appears in the CIS Benchmark v2.0.0.
  (Thanks @pedrooot and @puchy22 for their contributions and performance!)

See all the new available checks with prowler azure -l

✅ New CIS AWS Foundations Benchmark v3.0.0 Compliance

• On Jan 31st, CIS released the new v3.0.0 for Amazon Web Services Foundations and it is now available on Prowler. You can execute the new CIS version with with prowler aws --compliance cis_3.0_aws

📊 New AWS Account Security Onboarding Compliance

• It is based on the post from Artem Marusov, you can execute this checklist when onboarding new AWS Accounts to existing AWS Organization with prowler aws --compliance aws_account_security_onboarding_aws

🥳 Python 3.12 is now supported!

• Now you can execute Prowler using Python 3.12. Install Prowler with pip install prowler and that's all!

📝 Custom Output File in Quick Inventory

• Support for the already existing options -F (output file) when using the quick inventory feature (-i) on AWS. You can test it with prowler aws -i -F custom-output-file.csv

Features

• feat(azure): Add 4 new checks related to SQLServer and Vulnerability Assessment by @pedrooot in #3372
• feat(azure): Add check defender_auto_provisioning_log_analytics_agent_vms_on by @puchy22 in #3322
• feat(azure): Add check defender_ensure_system_updates_are_applied and defender_auto_provisioning_vulnerabilty_assessments_machines_on by @puchy22 in #3327
• feat(azure): Add new Azure check "iam_custom_role_permits_administering_resource_locks" by @pedrooot in #3317
• feat(azure): Add new check storage_ensure_private_endpoints_in_storage_accounts by @pedrooot in #3326
• feat(azure): Add new check storage_key_rotation_90_days by @pedrooot in #3323
• feat(azure): Defender checks related to defender settings by @puchy22 in #3347
• feat(azure): Defender checks related to security contacts and notifications by @puchy22 in #3344
• feat(azure): Defender check defender_ensure_iot_hub_defender_is_on by @puchy22 in #3367
• feat(azure): New Azure SQLServer related check sqlserver_auditing_retention_90_days by @pedrooot in #3345
• feat(azure): New check related to vulnerability assessment sqlserver_vulnerability_assessment_enabled by @pedrooot in #3349
• feat(azure): New check storage_ensure_soft_delete_is_enabled by @pedrooot in #3334
• feat(azure): SQLServer checks related to TDE encryption by @pedrooot in #3343
• feat(compliance): account security onboarding compliance framework by @pedrooot in #3286
• feat(defender): New Terraform URL for metadata checks by @puchy22 in #3374
• feat(python): support Python 3.12 by @sergargar in #3371
• feat(quick-inventory): custom output file in quick inventory by @Mohsen51 in #3306
• feat(cis): add new CIS AWS v3.0.0 by @sergargar in #3379

Fixes

• fix(acm): adding more details on remaining expiration days by @estemendoza in #3293
• fix(azure): Fix check sqlserver_auditing_retention_90_days by @pedrooot in #3365
• fix(BadRequest): add BadRequest exception to WellArchitected by @sergargar in #3300
• fix(defender): Manage 404 exception for "default" security contacts by @puchy22 in #3373
• fix(GuardDuty): fix class name by @puchy22 in #3337
• fix(NoSuchEntity): add NoSuchEntity exception to IAM by @sergargar in #3299
• fix(organizations): Handle non existent policy by @jfagoagas in #3319
• fix(rds): verify SGs in rds_instance_no_public_access by @sergargar in #3341
• fix(s3): add s3:Get* case to s3_bucket_policy_public_write_access by @sergargar in #3364
• fix(storage) Manage None type manage for key_expiration_period_in_days by @puchy22 in #3351
• fix(azure): Change class names from azure services and fix typing error by @pedrooot in #3350
• fix(allowlist): Handle tags and resources by @jfagoagas in #3376
• fix(cis): update CIS AWS v2.0 Section 2.1 refs by @strawp in #3375
• fix(alias): allow multiple check aliases by @sergargar in #3378

Chores

• chore(actions): Add AWS tag to the update regions bot by @jfagoagas in #3321
• chore(azure): Remove all unnecessary init methods in @DataClass by @pedrooot in #3324
• chore(compliance): make SocType attribute general by @sergargar in #3287
• chore(dependabot): Run for GHA by @jfagoagas in #3274
• chore(docs): update CODE_OF_CONDUCT.md by @toniblyx in #3352
• chore(docs): update documentation by @sergargar in #3297
• chore(docs): Update README.md by @toniblyx in #3353
• chore(inspector): refactor inspector2_findings_exist check into two by @sergargar in #3338
• chore(pre-commit): remove pytest from pre-commit by @sergargar in #3363
• chore(README): update syntax of supported Python versions by @sergargar in #3271
• chore(readme): Update readme with new numbers for Prowler checks by @pedrooot in #3354
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #3273, #3298, #3303, #3316, #3318, #3320, #3325, #3333, #3339, #3342, #3348, #3377
• docs(README): Update Kubernetes development status and Python supported versions by @toniblyx in #3270
• docs(security-hub): Add integration steps and images by @jfagoagas in #3304
• docs(security-hub): improve documentation and clarify steps by @jfagoagas in #3301

Dependencies

• build(deps): bump actions/checkout from 3 to 4 by @dependabot in #3284
• build(deps): bump actions/setup-python from 2 to 5 by @dependabot in #3277
• build(deps): bump aiohttp from 3.9.1 to 3.9.2 by @dependabot in #3366
• build(deps): bump aws-actions/configure-aws-credentials from 1 to 4 by @dependabot in #3278
• build(deps): bump azure-mgmt-security from 5.0.0 to 6.0.0 by @dependabot in #3312
• build(deps): bump codecov/codecov-action from 3 to 4 by @dependabot in #3360
• build(deps): bump cryptography from 41.0.6 to 42.0.0 by @dependabot in #3362
• build(deps): bump docker/build-push-action from 2 to 5 by @dependabot in #3281
• build(deps): bump docker/login-action from 2 to 3 by @dependabot in https://github...

Prowler 3.12.1 - Running Free

Fixes

• fix(rds): handle api call error response by @n4ch04 in #3258
• fix(apigatewayv2_api_access_logging_enabled): Finding ID should be unique by @jfagoagas in #3263
• fix(allowlist): Handle empty exceptions by @jfagoagas in #3266
• fix(fms): handle list compliance status error by @n4ch04 in #3259

Chores

• chore(release): update Prowler Version to 3.12.0 by @sergargar in #3242
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #3249, #3256, #3268
• chore(s3): Update log not to duplicate it by @jfagoagas in #3255
• chore(readme): remove deprecated library name by @sergargar in #3251
• chore(precommit): set trufflehog as command by @n4ch04 in #3262

Docs

• docs: Add Codecov badge by @jfagoagas in #3248

Dependencies

• build(deps-dev): bump moto from 4.2.12 to 4.2.13 by @dependabot in #3244
• build(deps): bump google-api-python-client from 2.111.0 to 2.113.0 by @dependabot in #3245
• build(deps-dev): bump flake8 from 6.1.0 to 7.0.0 by @dependabot in #3246
• build(deps-dev): bump gitpython from 3.1.37 to 3.1.41 by @dependabot in #3257
• build(deps): bump jinja2 from 3.1.2 to 3.1.3 by @dependabot in #3267

Full Changelog: 3.12.0...3.12.1

Prowler 3.12.0 - Running Free

Just sixteen, a pickup truck, out of money, out of luck
I've got nowhere to call my own, hit the gas, and here I go
I'm running free yeah, I'm running free
I'm running free yeah, oh I'm running free

Iron Maiden's Running Free song was published as single of their first album back in 1980. This song is all about running wild and running free as we do at Prowler, making cloud security open and transparent, easy to use and easy to customize, for you and thousands of organizations around the world.

hit the gas, and here I go! This version is full of new features and important improvements requested by our vibrant community. Go ahead and smash your electric guitar and use Prowler straightaway by yourself or just using our service at prowler.com.

Enjoy it! 🤘🏽🔥

New features to highlight in this version:

✍️ Custom Checks Metadata

• Now you can override the Severity from a check using the --custom-checks-metadata-file custom_checks_metadata.yaml. (Thanks @venkyvajrala for the feature!)

See more in https://docs.prowler.cloud/en/latest/tutorials/custom-checks-metadata/

👷 Custom AWS Role Session name

• Now you can customize the Role Session name that Prowler uses when assuming an AWS Role with --role-session-name <role_session_name>.

See more in https://docs.prowler.cloud/en/latest/tutorials/aws/role-assumption/#custom-role-session-name

🔧 Scan only AWS enabled regions

• Prowler now only scans AWS regions if they are enabled making the scan faster without the need to review services in regions that are not enabled.

🧵 Improved threading using ThreadPoolExecutor

• For the AWS Service now we use a ThreadPoolExecutor to improve concurrency management and allowing to parallelise per resources not only per regions. Thanks to @Fennerr for the improvement!

🐛 Bug fixing

• Now the AWS Lambda service scans each Lambda function for secrets without the need to persist the code in memory therefore reducing drastically the memory usage.
• Tons of bug fixes in services, outputs, checks and some other core functions.

Features

• feat(cognito): add Amazon Cognito service by @sergargar in #3060
• feat(custom_checks_metadata): Add checks metadata overide for severity by @venkyvajrala in #3038
• feat(aws): Added AWS role session name parameter by @Fennerr in #3234
• feat(securityhub): Send only FAILs but storing all in the output files by @jfagoagas in #3195

Fixes

• fix(access-analyzer): Handle ValidationException by @jfagoagas in #3165
• fix(allowlist): Analyse single and multi account allowlist if present by @jfagoagas in #3210
• fix(apigw_restapi_auth check): add method auth testing by @n4ch04 in #3183
• fix(aws_regions): Get enabled regions by @jfagoagas in #3095
• fix(clean local output dirs): change function description by @n4ch04 in #3068
• fix(cloudtrail): Handle UnsupportedOperationException by @jfagoagas in #3166
• fix(codeartifact): solve dependency confusion check by @congon4tor in #2999
• fix(deps): Add missing jsonschema by @jfagoagas in #3052
• fix(docs): csv fields by @n4ch04 in #3092
• fix(docs): typo in reporting/csv by @n4ch04 in #3094
• fix(elasticache): Handle CacheClusterNotFound by @jfagoagas in #3174
• fix(fms): Handle PolicyComplianceStatusList key error by @jfagoagas in #3230
• fix(gcp): fix UnknownApiNameOrVersion error by @sergargar in #3202
• fix(gcp): improve logging messages by @sergargar in #3185
• fix(gcp provider): move generate_client for consistency by @n4ch04 in #3064
• fix(generate_regional_clients): Global is not needed anymore by @jfagoagas in #3162
• fix(iam): Handle NoSuchEntity in list_group_policies by @jfagoagas in #3197
• fix(json-ocsf): add profile only for AWS provider by @sergargar in #3051
• fix(lambda): memory leakage with lambda function code by @Fennerr in #3167
• fix(organizations_scp_check_deny_regions): enhance check logic by @sergargar in #3239
• fix(outputs): initialize_file_descriptor is called dynamically by @n4ch04 in #3050
• fix(s3): Handle NoSuchBucket in the service by @jfagoagas in #3173
• fix(s3): handle NoSuchBucketPolicy error by @sergargar in #3217
• fix(send_to_s3_bucket): don't kill exec when fail by @n4ch04 in #3088
• fix(set_azure_audit_info): assign correct logging when no auth by @n4ch04 in #3063
• fix(threading): Improved threading for the AWS Service by @Fennerr in #3175
• fix(trustedadvisor): handle missing dict key by @n4ch04 in #3075
• fix(trustedadvisor): solve trustedadvisor check metadata by @sergargar in #3216
• fix(vpc_different_regions): Handle if there are no VPC by @williambrady in #3081
• revert(clean local dirs): delete clean local dirs output feature by @n4ch04 in #3087

Chores

• chore(actions): not launch linters for mkdocs.yml by @n4ch04 in #3093
• chore(actions prowler4): add prowler 4.0 branch to actions by @n4ch04 in #3184
• chore(elb): Improve status in elbv2_insecure_ssl_ciphers by @Fennerr in #3169
• chore(ens): do not apply recomendation type to score by @sergargar in #3058
• chore(moto): install all moto dependencies by @sergargar in #3048
• chore(python): update python version constraint <3.12 by @sergargar in #3047
• chore(s3 bucket input validation): validates input bucket by @n4ch04 in #3198
• chore(sqs_...not_publicly_accessible): less restrictive condition test by @n4ch04 in #3211
• chore: сhanged concatenation of strings to f-strings to improve readability by @eukub in #3227
• chore(exception): handle error in describing regions by @sergargar in #3241
• chore(role arguments): enhance role arguments validation by @sergargar in #3240
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #3045, #3168, #3059, #3079, #3065, #3074, #3182, #3189, #3196
• refactor(cloudwatch): simplify logic by @jfagoagas in #3172
• refactor(load_checks_to_execute): Refactor function and add tests by @jfagoagas in #3066
• refactor(severities): Define it in one place by @jfagoagas in #3086

Docs

• docs(aws): Added debug information to inspect retries in API calls by @Fennerr in #3186
• docs(cloudshell): Add missing steps to workaround by @AlexGidarakos in #3191
• docs(cloudshell): Add workaround to clone from github by @jfagoagas in #3190
• docs(cloudshell): Update AWS CloudShell installation steps by @AlexGidarakos in #3192
• docs(parallel-execution): Combining the output files by @Fennerr in #3096
• docs(parallel-execution): How to execute it in parallel by @Fennerr in #3091

Dependencies

• build(deps): bump cryptography from 41.0.4 to 41.0.6 by @dependabot in #3078
• build(deps): bump google-api-python-client from 2.110.0 to 2.111.0 by @dependabot in #3224
• build(deps): bump google-auth-httplib2 from 0.1.1 to 0.2.0 by @dependabot in #3207
• build(deps): bump jsonschema from 4.18.0 to 4.20.0 by @dependabot in ...

Prowler 3.11.3 - Rime Of The Ancient Mariner

What's Changed

Fixes

• fix(securityhub): findings not being imported or archived in non-aws partitions by @johnny2lu in #3040
• fix(json): check if profile is None by @sergargar in #3043

Chores

• chore(release): update Prowler Version to 3.11.2 by @sergargar in #3037
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #3042

New Contributors

• @johnny2lu made their first contribution in #3040

Full Changelog: 3.11.2...3.11.3

Prowler 3.11.2 - Rime Of The Ancient Mariner

What's Changed

Fixes

• fix(ec2_securitygroup_not_used): check if security group is associated by @sergargar in #3026
• fix(GuardDuty): only execute checks if GuardDuty enabled by @sergargar in #3028
• fix(securityhub): Use enabled_regions instead of audited_regions by @jfagoagas in #3029

Chores

• chore(accessanalyzer): include service in allowlist_non_default_regions by @sergargar in #3025
• chore(args): make compatible severity and services arguments by @sergargar in #3024
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #3035
• chore(release): update Prowler Version to 3.11.1 by @sergargar in #3021
• chore: modify latest version msg by @R3DRUN3 in #3036
• chore(azure regions): support non default azure region by @n4ch04 in #3013

Builds

• build(deps): bump alive-progress from 3.1.4 to 3.1.5 by @dependabot in #3033
• build(deps): bump azure-storage-blob from 12.18.3 to 12.19.0 by @dependabot in #3034
• build(deps): bump google-api-python-client from 2.106.0 to 2.107.0 by @dependabot in #3032
• build(deps-dev): bump moto from 4.2.7 to 4.2.8 by @dependabot in #3030
• build(deps-dev): bump pytest-xdist from 3.3.1 to 3.4.0 by @dependabot in #3031

New Contributors

• @R3DRUN3 made their first contribution in #3036

Full Changelog: 3.11.1...3.11.2