Prowler 3.16.0 - Back in the Village
·
1296 commits
to master
since this release
3.16.0
MrCloudSec
Sergio Garcia
This tag was signed with the committer’s verified signature.
MrCloudSec
Sergio Garcia
fd912b2
This commit was signed with the committer’s verified signature.
MrCloudSec
Sergio Garcia
Turn the spotlights on the people
Switch the dial and eat the worm
Take your chances, kill the engine
Drop your bombs and let it burn
Enjoy the last release of Prowler v3 🤘🏽🔥 with this Iron Maiden song!
New features to highlight in this version
💪🏼 17 New Azure checks
- Prowler is improving its Azure coverage by including 17 new checks that appears in the CIS Benchmark v2.0.0 and v2.1.0.
See all the new available checks withprowler azure --list-checks
🔒 Azure CIS v2.0 and v2.1 coverage
- Prowler includes coverage for two new compliance frameworks for Azure CIS, v2.0.0 and v2.1.0. You can execute these new frameworks with
prowler azure --compliance cis_2.1_azure
🔧 More fixes and updates for all the providers
Features
- feat(azure): New check related with diagnostics settings in subscriptions by @Hugo966 in #3539
- feat(azure): New check related with logging in Azure Key Vault by @Hugo966 in #3496
- feat(azure):App check related with http logs by @Hugo966 in #3568
- feat(entra): New 11 checks related with Microsoft Entra ID by @puchy22 in #3585
- feat(azure): New check related with trusted launch in vm by @Hugo966 in #3616
- feat(azure) New Microsoft Entra ID checks by @puchy22 in #3610
- feat(entra): Manage 403 error for getting user authentication methods by @puchy22 in #3624
- feat(azure): Check related with roles and vm access with mfa by @Hugo966 in #3638
- feat(compliance): Add new CIS 2.0 / 2.1 compliance framework for Azure by @pedrooot in #3626
Fixes
- fix(metadata): change ResourceType Type for AWS Inline Policy Check by @gabrielsoltz in #3599
- fix(sts): handle China STS regions by @sergargar in #3613
- fix(azure): fixed check
vm_ensure_using_managed_disksmetadata by @Hugo966 in #3617 - fix(aws): break loop after FAIL in SQS and SNS checks by @kagahd in #3618
- fix(azure): normalize tenant domain set in checks by @sergargar in #3641
- fix(cis_2.0_azure): add remaining requirement with id 1.25 by @pedrooot in #3646
- fix(azure): add DefaultValue to Azure CIS compliance by @pedrooot in #3652
Documentation
- docs: Update number of Azure checks by @jfagoagas in #3639
- docs(azure): Add new permissions necessary from Microsoft Entra ID by @puchy22 in #3648
Chores
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in #3598, #3609, #3615, #3621, #3637, #3647
- chore(version): update Prowler version by @sergargar in #3614
- chore(apigateway): Handle NotFoundException by @jfagoagas in #3623
- chore(action): Prepare containers release for v4 by @jfagoagas in #3597
- chore(entra): Moving constants from checks and services to config file by @puchy22 in #3645
- chore(azure): Fix AKS and App tests to new format by @puchy22 in #3651
Dependencies
- build(deps): bump trufflesecurity/trufflehog from 3.70.2 to 3.71.0 by @dependabot in #3603
- build(deps): bump crazy-max/ghaction-import-gpg from 4 to 6 by @dependabot in #3604
- build(deps-dev): bump mkdocs-material from 9.5.14 to 9.5.15 by @dependabot in #3606
- build(deps-dev): bump pytest-cov from 4.1.0 to 5.0.0 by @dependabot in #3607
- build(deps): bump google-api-python-client from 2.122.0 to 2.123.0 by @dependabot in #3608
- build(deps): bump tj-actions/changed-files from 43 to 44 by @dependabot in #3627
- build(deps): bump trufflesecurity/trufflehog from 3.71.0 to 3.71.2 by @dependabot in #3628
- build(deps): bump google-api-python-client from 2.123.0 to 2.124.0 by @dependabot in #3630
- build(deps-dev): bump mkdocs-material from 9.5.15 to 9.5.17 by @dependabot in #3633
- build(deps-dev): bump safety from 3.0.1 to 3.1.0 by @dependabot in #3632
- build(deps-dev): bump moto from 5.0.3 to 5.0.4 by @dependabot in #3629
Full Changelog: 3.15.3...3.16.0
Contributors
gabrielsoltz, jfagoagas, and 7 other contributors