Skip to content

Prowler 4.2.0 - 2 Minutes to Midnight
Compare
Choose a tag to compare
@MrCloudSec MrCloudSec released this 28 May 16:59
· 939 commits to master since this release
4.2.0
This tag was signed with the committer’s verified signature.
MrCloudSec Sergio Garcia
GPG key ID: 8E4745A2F6F806A7
Learn about vigilant mode.
37e2c1f
This commit was signed with the committer’s verified signature.
MrCloudSec Sergio Garcia
GPG key ID: 8E4745A2F6F806A7
Learn about vigilant mode.

The blind men shout,
"Let the creatures out! We'll show the unbelievers"

Here we have Prowler 4.2.0 - 2 Minutes to Midnight 🚀 bringing a new look for Prowler with this Iron Maiden song.

New features to highlight in this version

🥳 New Prowler logo
This version comes with a new look of Prowler thanks to the new logo:
Prowler_Black

💪🏼 55 New AWS checks
Prowler is improving its AWS coverage by including 55 new checks for Kafka, Lightsail, Storage Gateway, DynamoDB, Cognito, EC2, EventBridge, SNS and RDS.
Special thanks to our external contributors @madereddy, @rieck-srlabs and @Davidm4r for doing new checks 🙌
See all the new available checks with prowler aws --list-checks

📝 HTML output is back!
We have listened you and as our community is always first, we brought our HTML back 😄
Get it again with prowler <provider> -M/--output-formats html

✍️ Custom Checks Metadata
Now you can override the all the metadata fields from a check using the --custom-checks-metadata-file custom_checks_metadata.yaml flag.

See more in https://docs.prowler.cloud/en/latest/tutorials/custom-checks-metadata/

🔧 Other issues and bug fixes solved for all the cloud providers

Features

  • feat(aws): Add new kafka service by @puchy22 in #4001
  • feat(aws): Lightsail new service and checks by @puchy22 in #3919
  • feat(aws): New Storage Gateway FileShare KMS CMK Check by @madereddy in #4082
  • feat(aws): new dynamodb_table_cross_account_access check by @sergargar in #3932
  • feat(cognito): Add new checks related with cognito service by @pedrooot in #3898
  • feat(compliance): Update RBI compliance framework by @pedrooot in #4026
  • feat(custom-checks-metadata): add new fields by @pedrooot in #3976
  • feat(dashboard): add idgrupocontrol description in compliance page for ens by @pedrooot in #3910
  • feat(dashboard): add more fields to dashboard overview component by @pedrooot in #4084
  • feat(dashboard): Improve table overview by @pedrooot in #4015
  • feat(dashboard): Multiple changes in compliance page by @pedrooot in #4051
  • feat(ec2): Add 2 new checks + fixers related with EC2 service by @pedrooot in #3827
  • feat(ec2): add EC2 Security group check to verify if at least one port is opened by @sergargar in #3962
  • feat(ec2): New EC2 AWS check (#852) by @rieck-srlabs in #4076
  • feat(ec2): add checks for EC2 instances with exposed ports to the internet by @sergargar in #4029
  • feat(eventbridge): add EventBridge checks by @sergargar in #4020
  • feat(json-ocsf): Add new fields for py-ocsf 0.1.0 by @pedrooot in #3853
  • feat(Kafka): New Kafka AWS checks by @puchy22 in #4021
  • feat(kubernetes): Handle empty --kubeconfig-file by @pedrooot in #3980
  • feat(logo): add new Prowler logo! by @sergargar in #4090
  • feat(output): Add HTML outputs to Prowler by @pedrooot in #4005
  • feat(rds): Add AWS RDS clusters to transport encryption check by @madereddy in #4028
  • feat(rds): Add RDS certificate expiration check by @madereddy in #4002
  • feat(sns): sns topics no http subscriptions by @Davidm4r in #4095

Fixes

  • fix(actions): Don't need expressions within if by @jfagoagas in #3733
  • fix(aws_lambda): Update obsolete lambda runtimes by @pedrooot in #3735
  • fix(ulimit): import library only in windows by @sergargar in #3738
  • fix(download): remove dataframe index from download in dashboard by @pedrooot in #3739
  • fix(json-ocsf): add check_id field in json-ocsf output by @pedrooot in #3740
  • fix(json-ocsf): Add missing fields for JSON-OCSF by @pedrooot in #3745
  • fix(ocsf): Include check_id as metadata.event_code by @jfagoagas in #3748
  • fix(json-ocsf): Remove risk field from unmapped by @pedrooot in #3759
  • fix(wafv2): Handle WAFNonexistentItemException by @pedrooot in #3761
  • fix(compliance): Add muted info to compliance outputs by @pedrooot in #3751
  • fix(mutelist): if all fails are muted do exit 0 by @jfagoagas in #3754
  • fix(ocsf): Add compliance by @jfagoagas in #3753
  • fix(rds): ParameterValue MySQL and MariaDB RDS Instances by @sansns in #4116
  • fix(security-hub): MUTED -> WARNING by @jfagoagas in #3768
  • fix(slack): Use global provider object by @jfagoagas in #3770
  • fix(trufflehog): fix GitHub action of TruffleHog by @sergargar in #3775
  • fix(table-overview): Multiple changes on dashboard table from overview by @pedrooot in #3773
  • fix(utils): import libraries when needed by @sergargar in #3805
  • fix(network_azure): handle capitalized protocols in security group rules by @pedrooot in #3808
  • fix(execute_check): Handle ModuleNotFoundError by @jfagoagas in #3812
  • fix(overview-table): change font in overview table by @pedrooot in #3815
  • fix(dashboard): fix error in windows for csvreader by @pedrooot in #3806
  • fix(ocsf): Add resource details to data by @jfagoagas in #3819

Chores

  • chore(aws): Add failed_checks to track by @kagahd in #4018
  • chore(aws): cleanup aws test cases and standardize checks by @madereddy in #4053
  • chore(aws): cleanup aws test cases by @madereddy in #4049
  • chore(check): global_provider is not needed here by @jfagoagas in #3828
  • chore(CLI): start working on CLI by @pedrooot in #4067
  • chore(compliance): change security group any port check by @sergargar in #4019
  • chore(docs): remove unnecessary line by @sergargar in #3933
  • chore(docs): solve some issues by @sergargar in #3868
  • chore(docs): update BridgeCrew links in metadata to our local docs link by @sergargar in #3858
  • chore(docs): add mapping of CSV headers with providers by @sergargar in #4118
  • chore(docs): Update docs related with the Prowler Dashboard by @pedrooot in #4113
  • chore(execute_checks): remove mutelist since it is within the provider by @jfagoagas in #4052
  • chore(gcp): handle list projects API call errors by @sergargar in #3849
  • chore(get_tagged_resources): Add return value type hint by @mlmerchant in #3860
  • chore(global_provider): Move methods to class as static by @jfagoagas in #3896
  • chore(IAM): Improve IAM checks for Azure by @puchy22 in #4061
  • chore(issue-template): Modify issue template to add logs by @pedrooot in #3924
  • chore(labeler): Add cli label by @jfagoagas in #4069
  • chore(logo): resize logo in README and update favicon and architecture by @sergargar in #4092
  • chore(logo-dashboard): update logo in dashboard by @pedrooot in #4088
  • chore(logo-html): update html logo by @pedrooot in #4089
  • chore(mitre azure): add mapping to mitre for azure provider by @n4ch04 in #3857
  • chore(mitre gcp): add mitre mapping for gcp by @n4ch04 in #3899
  • chore(mutelist): improve default AWS mutelist with ControlTower by @sergargar in #3904
  • chore(rds): cleanup RDS test cases by @madereddy in #4003
  • chore(rds): support more AWS RDS DB Instance engines in encryption check by @madereddy in #3968
  • chore(readme): update summary table numbers by @sergargar in #3930
  • chore(regions_update): Changes in regions for AWS services. by @jfagoagas in #3929, #3957, #3965, #3971, #4009, #4017, #4023, #4071, #3822, #3824, #3826, #3842, #3848, #3855, #3862, #3908 and #3915
  • chore(safety): ignore pip vulnerability by @sergargar in #4007
  • chore(scan): New scan() function and fix an issue while scanning with only logs mode by @jfagoagas in #4068
  • chore(slack): change Slack channel name env variable by @sergargar in #4080
  • chore(gcp): Add new services tests to GCP by @puchy22 in #3796
  • chore(security): update SECURITY.md by @toniblyx in #4093

Dependencies

  • chore(dependency): add TruffleHog dependency to docs by @sergargar in #4115
  • chore(deps): bump azure-mgmt-compute from 30.6.0 to 31.0.0 by @dependabot in #3880
  • chore(deps): bump azure-mgmt-containerservice from 29.1.0 to 30.0.0 by @dependabot in #3835
  • chore(deps): bump azure-mgmt-cosmosdb from 9.4.0 to 9.5.0 by @dependabot in #4031
  • chore(deps): bump azure-mgmt-network from 25.3.0 to 25.4.0 by @dependabot in #4104
  • chore(deps): bump azure-mgmt-resource from 23.0.1 to 23.1.1 by @dependabot in #3975
  • chore(deps): bump azure-mgmt-security from 6.0.0 to 7.0.0 by @dependabot in #4034
  • chore(deps): bump azure-storage-blob from 12.19.1 to 12.20.0 by @dependabot in #3988
  • chore(deps): bump boto3 from 1.34.105 to 1.34.109 by @dependabot in #4109
  • chore(deps): bump botocore from 1.34.109 to 1.34.113 by @dependabot in #4110
  • chore(deps): bump dash from 2.16.1 to 2.17.0 by @dependabot in #3947
  • chore(deps): bump detect-secrets from 1.4.0 to 1.5.0 by @dependabot in #3948
  • chore(deps): bump google-api-python-client from 2.129.0 to 2.130.0 by @dependabot in #4107
  • chore(deps): bump jinja2 from 3.1.3 to 3.1.4 by @dependabot in #3935
  • chore(deps): bump jsonschema from 4.21.1 to 4.22.0 by @dependabot in #3952
  • chore(deps): bump microsoft-kiota-abstractions from 1.3.2 to 1.3.3 by @dependabot in #4112
  • chore(deps): bump msgraph-sdk from 1.3.0 to 1.4.0 by @dependabot in #4038
  • chore(deps): bump py-ocsf-models from 0.1.0 to 0.1.1 by @dependabot in #4036
  • chore(deps): bump requests from 2.31.0 to 2.32.0 by @dependabot in #4050
  • chore(deps): bump schema from 0.7.5 to 0.7.7 by @dependabot in #3953
  • chore(deps): bump slack-sdk from 3.27.1 to 3.27.2 by @dependabot in #4039
  • chore(deps): bump trufflesecurity/trufflehog from 3.75.1 to 3.76.3 by @dependabot in #4030
  • chore(deps): bump werkzeug from 3.0.2 to 3.0.3 by @dependabot in #3934
  • chore(deps): remove mrestazure deprecated by @pedrooot in #3974
  • chore(deps-dev): bump black from 24.4.0 to 24.4.2 by @dependabot in #3883
  • chore(deps-dev): bump coverage from 7.5.1 to 7.5.2 by @dependabot in #4106
  • chore(deps-dev): bump docker from 7.0.0 to 7.1.0 by @dependabot in #4108
  • chore(deps-dev): bump freezegun from 1.5.0 to 1.5.1 by @dependabot in #3989
  • chore(deps-dev): bump mkdocs-git-revision-date-localized-plugin from 1.2.4 to 1.2.5 by @dependabot in #3949
  • chore(deps-dev): bump moto from 5.0.6 to 5.0.7 by @dependabot in #3992
  • chore(deps-dev): bump moto from 5.0.7 to 5.0.8 by @dependabot in #4111
  • chore(deps-dev): bump pylint from 3.2.0 to 3.2.2 by @dependabot in #4035
  • chore(deps-dev): bump pytest-xdist from 3.5.0 to 3.6.1 by @dependabot in #3877
  • chore(deps-dev): bump pytest from 8.2.0 to 8.2.1 by @dependabot in #4033
  • chore(deps-dev): bump safety from 3.1.0 to 3.2.0 by @dependabot in #3950
  • chore(docs): add check severity modification docs by @sergargar in #4056

Documentation

  • docs(audit_info): update docs about audit info and new testing by @pedrooot in #3831
  • docs(compliance): Add notes about compliance output by @pedrooot in #3911
  • docs(dashboard): update and improve docs by @pedrooot in #4072
  • docs(fixer): add alias to prowler fixer -> remediations by @pedrooot in #3926
  • docs(longpaths): add info about longpaths in windows by @pedrooot in #3970
  • docs(mutelist): update reference to aws_mutelist.yaml by @emmanuel-ferdman in #3927
  • docs(README): remove HTML deprecation by @jfagoagas in #4087
  • docs(readme): Update readme number checks and services by @puchy22 in #4058
  • docs(reporting): add HTML to reporting docs by @pedrooot in #4070
  • docs(unit-testing): Add GCP services documentation by @puchy22 in #3901

New Contributors

Full Changelog: 4.1.0...4.2.0

Contributors

seizans, toniblyx, and 15 other contributors
Assets 2
Loading