Skip to content

Prowler 4.4.0 - Alexander the Great

Compare
Choose a tag to compare
@MrCloudSec MrCloudSec released this 30 Sep 19:41
· 14 commits to v4.4 since this release
f1f0609

Alexander the Great
His name struck fear into hearts of men
Alexander the Great
Became a legend 'mongst mortal men

Prowler 4.4.0 - Alexander the Great 🚀 is here, bringing a ton of new AWS checks and fixes! We also invite you to enjoy this Iron Maiden song.

A big shout-out to our engineers @danibarranqueroo, @MarioRgzLpz and @HugoPBrito for their fantastic work in developing new checks and to our new external contributors @abant07, @LefterisXefteris, @h4r5h1t, @Jude-Bae and @johannes-engler-mw for their PRs 🥳

New features to highlight in this version

AWS

🔐 Cover IAM non existing AWS actions/resources

Prowler now covers IAM scenarios where policies could have a non existing AWS actions in the NotAction statement allowing ALL actions in resources (same as non existing resources in NotResource) like:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "NotAction": "prowler:action",
            "NotResource": "arn:aws:s3:::calculator"
        }
    ]
}

More info in LinkedIn post by @Chan9390 here.

🤔 How to Prevent AWS AI From Using Your Data

Recently, AWS may be using your data to train its AI models, and you may have unwittingly consented to it.
The new check organizations_opt_out_ai_services_policy ensure that you stop feeding AWS’s AI with your data.
You can see @QuinnyPig's helpful post about how to opt out here or using the AWS documentation.

🚀 More checks!

Prowler has expanded its AWS coverage with 74 new checks for ACM, CloudFront, CodeBuild, DMS, DocumentDB, DynamoDB, EC2, ECS, EKS, Elasticache, ELB, ELBv2, EKS, GuardDuty, IAM, KMS, Lambda, Neptune, Network Firewall, Organizations, RDS, S3, SageMaker and VPC.

See all the new available checks with prowler aws --list-checks

  1. acm_certificates_with_secure_key_algorithms
  2. awslambda_function_inside_vpc
  3. awslambda_function_vpc_multi_az
  4. cloudfront_distributions_custom_ssl_certificate
  5. cloudfront_distributions_default_root_object
  6. cloudfront_distributions_https_sni_enabled
  7. cloudfront_distributions_multiple_origin_failover_configured
  8. cloudfront_distributions_origin_traffic_encrypted
  9. cloudfront_distributions_s3_origin_access_control
  10. cloudfront_distributions_s3_origin_non_existent_bucket
  11. codebuild_project_no_secrets_in_variables
  12. codebuild_project_source_repo_url_no_sensitive_credentials
  13. dms_endpoint_ssl_enabled
  14. documentdb_cluster_public_snapshot
  15. dynamodb_accelerator_cluster_in_transit_encryption_enabled
  16. dynamodb_table_deletion_protection_enabled
  17. dynamodb_table_protected_by_backup_plan
  18. ec2_client_vpn_endpoint_connection_logging_enabled
  19. ec2_ebs_volume_protected_by_backup_plan
  20. ec2_instance_paravirtual_type
  21. ec2_instance_uses_single_eni
  22. ec2_launch_template_no_public_ip
  23. ec2_networkacl_unused
  24. ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports
  25. ec2_transitgateway_auto_accept_vpc_attachments
  26. ecr_repositories_tag_immutability
  27. ecs_service_no_assign_public_ip
  28. ecs_task_definitions_containers_readonly_access
  29. ecs_task_definitions_host_namespace_not_shared
  30. ecs_task_definitions_host_networking_mode_users
  31. ecs_task_definitions_logging_enabled
  32. ecs_task_definitions_no_privileged_containers
  33. eks_cluster_uses_a_supported_version
  34. elasticache_redis_cluster_automatic_failover_enabled
  35. elasticache_redis_cluster_auto_minor_version_upgrades
  36. elasticache_redis_replication_group_auth_enabled
  37. elbv2_is_in_multiple_az
  38. elb_connection_draining_enabled
  39. elb_cross_zone_load_balancing_enabled
  40. elb_is_in_multiple_az
  41. guardduty_rds_protection_enabled
  42. guardduty_s3_protection_enabled
  43. iam_group_administrator_access_policy
  44. iam_user_administrator_access_policy
  45. kms_cmk_not_deleted_unintentionally
  46. neptune_cluster_copy_tags_to_snapshots
  47. neptune_cluster_integration_cloudwatch_logs
  48. neptune_cluster_public_snapshot
  49. neptune_cluster_snapshot_encrypted
  50. networkfirewall_policy_rule_group_associated
  51. organizations_opt_out_ai_services_policy
  52. rds_cluster_copy_tags_to_snapshots
  53. rds_cluster_critical_event_subscription
  54. rds_cluster_default_admin
  55. rds_cluster_deletion_protection
  56. rds_cluster_iam_authentication_enabled
  57. rds_cluster_integration_cloudwatch_logs
  58. rds_cluster_minor_version_upgrade_enabled
  59. rds_cluster_multi_az
  60. rds_cluster_non_default_port
  61. rds_cluster_storage_encrypted
  62. rds_instance_copy_tags_to_snapshots
  63. rds_instance_critical_event_subscription
  64. rds_instance_event_subscription_parameter_groups
  65. rds_instance_inside_vpc
  66. rds_instance_non_default_port
  67. rds_instance_protected_by_backup_plan
  68. s3_access_point_public_access_block
  69. s3_bucket_cross_account_access
  70. s3_bucket_cross_region_replication
  71. s3_bucket_lifecycle_enabled
  72. sagemaker_endpoint_config_prod_variant_instances
  73. vpc_endpoint_for_ec2_enabled
  74. vpc_vpn_connection_tunnels_up

📜 KISA ISMS-P AWS compliance framework added

Prowler now supports one of Korea’s key security compliance frameworks, the Personal Information & Information Security Management System (ISMS-P) from the Korea Internet & Security Agency (KISA) thanks to @Jude-Bae !

Azure

🆕 Azure Container Registries now supported!

@johannes-engler-mw added a new check containerregistry_admin_user_disabled for verifying if the admin user is disabled for Azure Container Registries.

You can try it with prowler azure -c containerregistry_admin_user_disabled

🔧 Other issues and bug fixes solved for all the cloud providers

Features

  • feat(acm): Add new check for insecure algorithms in certificates by @MarioRgzLpz in #4551
  • feat(aws): Add a test_connection method by @jfagoagas in #4563
  • feat(aws): add custom exceptions class by @pedrooot in #4847
  • feat(aws): Add new check to ensure Aurora MySQL DB Clusters publish audit logs to CloudWatch logs by @danibarranqueroo in #4916
  • feat(aws): Add new check to ensure RDS DB clusters are encrypted at rest by @danibarranqueroo in #4931
  • feat(aws): Add new check to ensure RDS db clusters copy tags to snapshots by @danibarranqueroo in #4846
  • feat(aws): Add new check to ensure RDS event notification subscriptions are configured for critical cluster events by @danibarranqueroo in #4887
  • feat(aws): Add new check to ensure RDS event notification subscriptions are configured for critical database instance events by @danibarranqueroo in #4891
  • feat(aws): Add new check to ensure RDS event notification subscriptions are configured for critical database parameter group events by @danibarranqueroo in #4907
  • feat(aws): Add new check to ensure RDS instances are not using default database engine ports by @danibarranqueroo in #4973
  • feat(aws): Add new check opensearch_service_domains_access_control_enabled by @abant07 in #5203
  • feat(aws): add new check organizations_opt_out_ai_services_policy by @sergargar in #5152
  • feat(aws): Add new CodeBuild check to validate environment variables by @danibarranqueroo in #4632
  • feat(aws): Add new KMS check to prevent unintentional key deletion by @danibarranqueroo in #4595
  • feat(aws): Add new Neptune check for cluster snapshot visibility by @danibarranqueroo in #4709
  • feat(aws): Add new RDS check for deletion protection enabled on clusters by @danibarranqueroo in #4738
  • feat(aws): Add new RDS check to ensure db clusters are configured for multiple availability zones by @danibarranqueroo in #4781
  • feat(aws): Add new RDS check to ensure db instances are protected by a backup plan by @danibarranqueroo in #4879
  • feat(aws): Add new RDS check to verify that cluster minor version upgrade is enabled by @danibarranqueroo in #4725
  • feat(aws): Add new RDS check to verify that db instances copy tags to snapshots by @danibarranqueroo in #4806
  • feat(aws): Add new S3 check for public access block configuration in access points by @HugoPBrito in #4608
  • feat(aws): add tags to Global Accelerator by @puchy22 in #5233
  • feat(aws): Split the checks that mix RDS Instances and Clusters by @danibarranqueroo in #4730
  • feat(aws) Add check to make sure EKS clusters have a supported version by @abant07 in #4604
  • feat(awslambda): add new check awslambda_function_vpc_multi_az by @puchy22 in #4816
  • feat(awslambda): New check to ensure that a function is inside VPC by @puchy22 in #4783
  • feat(azure): add custom exception class by @pedrooot in #4871
  • feat(azure): add test_connection method by @pedrooot in #4615
  • feat(azure containerregistry): gather service infos and checks disabled admin user by @johannes-engler-mw in #5191
  • feat(backup): add tags to backup vaults and backup plans by @puchy22 in #5194
  • feat(cloudfront): add new check cloudfront_distributions_custom_ssl_certificate by @HugoPBrito in #4959
  • feat(cloudfront): Add new check cloudfront_distributions_default_root_object by @HugoPBrito in #4938
  • feat(cloudfront): add new check cloudfront_distributions_s3_origin_non_existing_bucket by @HugoPBrito in #4996
  • feat(cloudfront): Add new cloudfront_distributions_s3_origin_access_control check to ensure OAC is configured in distributions by @HugoPBrito in #4939
  • feat(cloudfront): add cloudfront_distributions_origin_traffic_encrypted check to ensure traffic encryption to custom origins by @HugoPBrito in #4958
  • feat(cloudfront): Ensure Cloudfront distributions have origin failover configured by @HugoPBrito in #4868
  • feat(cloudfront): Ensure distributions use SNI to serve HTTPS requests by @HugoPBrito in #4888
  • feat(codebuild): add tags support to projects by @puchy22 in #5207
  • feat(CodeBuild): Ensure source repository URLs do not contain sensitive credentials by @MarioRgzLpz in #4731
  • feat(compliance): add KISA ISMS-P compliance framework by @Jude-Bae in #5086
  • feat(compliance): add method list_compliance_requirements by @pedrooot in #4890
  • feat(compliance): rename Compliance class and add list_compliance by @pedrooot in #4883
  • feat(dms): add tags to DMS checks by @puchy22 in #5209
  • feat(dms): new check dms_endpoint_ssl_enabled by @LefterisXefteris in #4968
  • feat(DocumentDB): Add new DocumentDB check for cluster snapshot visibility by @MarioRgzLpz in #4702
  • feat(dynamodb): add new check dynamodb_accelerator_cluster_in_transit_encryption_enabled by @danibarranqueroo in #5173
  • feat(dynamodb): add new check dynamodb_table_deletion_protection_enabled by @danibarranqueroo in #5148
  • feat(dynamodb): add new check dynamodb_table_protected_by_backup_plan by @danibarranqueroo in #5175
  • feat(EC2): Add new check for security group port restrictions by @MarioRgzLpz in #4594
  • feat(ec2): Amazon EC2 Instances Should Not Use Multiple ENIs by @MarioRgzLpz in #4935
  • feat(ec2): Amazon EC2 Paravirtual Instance Types Should Not Be Used by @MarioRgzLpz in #4922
  • feat(EC2): Change service to adjust the data saved in template_data in LaunchTemplateVersion by @MarioRgzLpz in #4848
  • feat(ec2): Client VPN Endpoints Should Have Client Connection Logging Enabled by @MarioRgzLpz in #4804
  • feat(ec2): EBS Volumes Should Be Covered by a Backup Plan by @MarioRgzLpz in #5028
  • feat(ec2): Ensure automatic acceptance of VPC attachment requests is disabled by @MarioRgzLpz in #4765
  • feat(ec2): Ensure both VPN tunnels for an AWS Site-to-Site VPN connection are UP by @MarioRgzLpz in #4948
  • feat(ec2): Ensure EC2 launch templates do not assign public IPs by @MarioRgzLpz in #4852
  • feat(ec2): Ensure not default Network Access Control Lists are used by @MarioRgzLpz in #4917
  • feat(ecr): Ensure ECR repositories have tag immutability configured by @MarioRgzLpz in #5144
  • feat(ecs): add new check ecs_task_definitions_host_networking_mode_users by @MarioRgzLpz in #5088
  • feat(ecs): Ensure ECS containers have a logging configuration specified by @MarioRgzLpz in #5234
  • feat(ecs): Ensure ECS containers have read-only access to root filesystems by @MarioRgzLpz in #5168
  • feat(ecs): Ensure ECS containers run as non-privileged by @MarioRgzLpz in #5214
  • feat(ecs): Ensure ECS task definitions host's process namespace is not shared by @MarioRgzLpz in #5146
  • feat(ecs): Ensure public IP addresses are not assigned automatically by @MarioRgzLpz in #5128
  • feat(elasticache): add check elasticache_redis_cluster_auth_enabled by @HugoPBrito in #4830
  • feat(elasticache): Ensure Redis Cache Clusters Automatically Install Minor Updates by @HugoPBrito in #4699
  • feat(elasticache): Ensure Redis replication groups have automatic failover enabled by @HugoPBrito in #4853
  • feat(elb): add new check elb_connection_draining_enabled by @puchy22 in #5014
  • feat(elb): add new check elb_cross_zone_load_balancing_enabled by @puchy22 in #4818
  • feat(elb): add new check elb_is_in_multiple_az by @puchy22 in #4829
  • feat(elbv2): add new check elbv2_is_in_multiple_az by @puchy22 in #4800
  • feat(gcp): add a test_connection method by @sergargar in #4616
  • feat(gcp): add custom exceptions clas by @pedrooot in #4908
  • feat(glue): add tags to Glue checks by @puchy22 in #5213
  • feat(guardduty): add new check guardduty_rds_protection_enabled by @HugoPBrito in #5100
  • feat(guardduty): add new check guardduty_s3_protection_enabled by @danibarranqueroo in #5087
  • feat(html): Add number of muted findings in HTML report #4703 by @abant07 in #4895
  • feat(IAM): add new check iam_group_administrator_access_policy by @puchy22 in #4831
  • feat(iam): add new check iam_user_administrator_access_policy by @puchy22 in #4802
  • feat(inspector2): Add more tests to inspector2_is_enabled check by @MarioRgzLpz in #5150
  • feat(kubernetes): add a test_connection method by @sergargar in #4684
  • feat(kubernetes): add custom exception class by @pedrooot in #4912
  • feat(neptune): add new check neptune_cluster_copy_tags_to_snapshots by @danibarranqueroo in #5062
  • feat(neptune): add new check neptune_cluster_integration_cloudwatch_logs by @danibarranqueroo in #5048
  • feat(neptune): add new check neptune_cluster_snapshot_encrypted by @danibarranqueroo in #5058
  • feat(networkfirewall): add new check networkfirewall_policy_rule_group_associated by @HugoPBrito in #5225
  • feat(networkfirewall): change network_firewalls from list to dict by @HugoPBrito in #5169
  • feat(opensearch): Add domain inside VPC case for public domain check by @puchy22 in #4570
  • feat(rds): add missing tags to RDS checks by @puchy22 in #5230
  • feat(rds): add new check rds_cluster_non_default_port by @danibarranqueroo in #5113
  • feat(rds): add new check rds_instance_inside_vpc by @danibarranqueroo in #5029
  • feat(s3): Add new check s3_bucket_cross_account_access by @HugoPBrito in #5082
  • feat(s3): add s3_bucket_cross_region_replication check by @HugoPBrito in #4761
  • feat(s3): add s3_bucket_lifecycle_enabled check by @HugoPBrito in #4801
  • feat(sagemaker): Ensure SageMaker Endpoint Production Variants have Initial Instance Count greater than one by @MarioRgzLpz in #5045
  • feat(secrets): improve detect secrets checks and add config by @pedrooot in #4915
  • feat(securityhub): add tags securityhub_enabled by @puchy22 in #5231
  • feat(slack): add more information about critical findings by @abant07 in #5042
  • feat(threat-detection): Use IAM Identity for Cloudtrail Threat Detection instead of IP by @abant07 in #5166
  • feat(vpc): Ensure Amazon EC2 Is Configured to Use VPC Endpoints Created for the Amazon EC2 Service by @MarioRgzLpz in #4872
  • feat(wafv2): add tags to wafv2_webacl_logging_enabled by @puchy22 in #5243

Fixes

  • fix(accessanalyzer): refactor accessanalyzer enabled fixer test by @pedrooot in #5026
  • fix(acm): Change check logic to scan only in use certificates by @MarioRgzLpz in #4732
  • fix(asff): include status extended in ASFF output by @sergargar in #5097
  • fix(audit): solve resources audit by @sergargar in #4983
  • fix(aws): always use audited partition by @sergargar in #5174
  • fix(aws): change check metadata ec2_securitygroup_allow_wide_open_public_ipv4 by @pedrooot in #4946
  • fix(aws): change protected_by_backup_plan checks by @danibarranqueroo in #5204
  • fix(aws): enchance check cloudformation_stack_outputs_find_secrets by @pedrooot in #4859
  • fix(aws): enhance resource arn filtering by @sergargar in #4821
  • fix(aws): handle AWS key-only tags by @sergargar in #4845
  • fix(aws): handle none type attributes by @sergargar in #5216
  • fix(aws): make intersection to retrieve checks to execute by @pedrooot in #4970
  • fix(aws): raise ArgumentTypeError for parser by @pedrooot in #4921
  • fix(aws): run Prowler as IAM Root or Federated User by @sergargar in #4712
  • fix(awslamba): add audit config to lambda_client in tests by @pedrooot in #4999
  • fix(backport): Workaround not to fail if no backport is needed by @jfagoagas in #4707
  • fix(cloudfront): duplicated link in cloudfront_distributions_https_sni_enabled check by @HugoPBrito in #5047
  • fix(ec2): Manage UnicodeDecodeError when reading user data by @puchy22 in #4785
  • fix(ecr): change log level of non-scanned images by @sergargar in #4747
  • fix(ecr): handle non-existing findingSeverityCounts key by @sergargar in #4746
  • fix(elasticache): get correct automatic failover attribute by @HugoPBrito in #5084
  • fix(gcp): add default project for org level checks by @sergargar in #5003
  • fix(gcp): check cloudsql sslMode by @pedrooot in #4635
  • fix(gcp): check next rotation time in KMS keys by @pedrooot in #4633
  • fix(gcp): solve errors in GCP services by @sergargar in #5016
  • fix(gcp): use KMS key id in checks by @sergargar in #4610
  • fix(iam): fill resource id with inline policy entity by @pedrooot in #5120
  • fix(iam): handle no arn serial numbers for MFA devices by @pedrooot in #4697
  • fix(iam): update logic of Root Hardware MFA check by @sergargar in #4726
  • fix(iam-gcp): add getters in iam_service for gcp by @pedrooot in #4998
  • fix(inspector2): Ensure Inspector2 is enabled for ECR, EC2, Lambda and Lambda Code by @MarioRgzLpz in #5061
  • fix(lightsail): Remove second call to is_resource_filtered by @h4r5h1t in #5044
  • fix(main): logic for resource_tag and resource_arn usage by @pedrooot in #4979
  • fix(metadata): change description from documentdb_cluster_deletion_protection by @pedrooot in #4909
  • fix(mutelist): change logic for tags in aws mutelist by @pedrooot in #4786
  • fix(outputs): refactor unroll_tags to use str as tags by @pedrooot in #4817
  • fix(rds): add comprobations before list tags by @puchy22 in #5249
  • fix(rds): get the db_instances values by @pedrooot in #4866
  • fix(rds): handle new rds arn template function syntax by @sergargar in #4980
  • fix(rds): Modify RDS Event Notification Subscriptions for Security Groups Events check by @danibarranqueroo in #4969
  • fix(scan_test): change resource_tags to a dict by @pedrooot in #4631
  • fix(security-groups): remove RFC1918 from ec2_securitygroup_allow_wide_open_public_ipv4 by @pedrooot in #4951
  • fix(sns): add condition to sns topics by @pedrooot in #4498
  • fix(tags): handle AWS dictionary type tags by @sergargar in #4656
  • fix(tests): patch head_bucket function correctly by @sergargar in #5246
  • fix(version): update version flag logic by @sergargar in #4688
  • fix(vpc): check all routes tables in subnet by @sergargar in #5081
  • fix: handle empty input regions by @sergargar in #4841

Chores

  • chore(actions): Run for v4.* branch by @jfagoagas in #4682
  • chore(autoscaling): deprecate check autoscaling_find_secrets_ec2_launch_configuration by @puchy22 in #5205
  • chore(aws): add mixed regions test for s3_access_point_public_access_block by @LefterisXefteris in #4877
  • chore(aws): Change RDS instance type from list to dict by @danibarranqueroo in #4851
  • chore(aws): Convert ELB and ELBv2 attributes to dictionaries by @puchy22 in #4575
  • chore(aws): handle NotAction cases in IAM policies by @sergargar in #5035
  • chore(aws): improve IAM Resource Policy public logic by @sergargar in #5067
  • chore(AWS): match all AWS resource types with SecurityHub supported types in metadata by @puchy22 in #4882
  • chore(aws): Remove token from log line by @jfagoagas in #4903
  • chore(aws-region): Use Prowler Bot by @jfagoagas in #4863
  • chore(awslambda): Enhance function public access check called from other resource by @puchy22 in #4679
  • chore(aws_mutelist): Add more Control Tower resources and tests by @jfagoagas in #4900
  • chore(azure): Fix CIS 2.1 mapping by @puchy22 in #4760
  • chore(backport): Automate all the things! by @jfagoagas in #4669
  • chore(backport): update backport PR title by @sergargar in #4686
  • chore(backport): Use Prowler-Bot PAT by @jfagoagas in #4855
  • chore(bot): Use bot Token by @jfagoagas in #5163
  • chore(check_metadata): Rename to CheckMetadata by @jfagoagas in #4864
  • chore(cloudtrail): add remediation link to check cloudtrail_s3_dataevents_read_enabled by @HugoPBrito in #4764
  • chore(cloudtrail): add remediation link to check cloudtrail_s3_dataevents_write_enabled by @HugoPBrito in #4762
  • chore(dependencies): update boto3 and botocore packages by @sergargar in #4976
  • chore(deps): bump aiohttp from 3.9.5 to 3.10.2 by @dependabot in #4713
  • chore(deps): bump azure-identity from 1.17.1 to 1.18.0 by @dependabot in #5108
  • chore(deps): bump azure-mgmt-compute from 32.0.0 to 33.0.0 by @dependabot in #4856
  • chore(deps): bump azure-mgmt-containerservice from 31.0.0 to 32.0.0 by @dependabot in #5036
  • chore(deps): bump azure-mgmt-cosmosdb from 9.5.1 to 9.6.0 by @dependabot in #5111
  • chore(deps): bump azure-mgmt-network from 26.0.0 to 27.0.0 by @dependabot in #5201
  • chore(deps): bump azure-mgmt-web from 7.3.0 to 7.3.1 by @dependabot in #4813
  • chore(deps): bump azure-storage-blob from 12.23.0 to 12.23.1 by @dependabot in #5240
  • chore(deps): bump boto3 from 1.35.26 to 1.35.28 by @dependabot in #5232
  • chore(deps): bump botocore from 1.35.28 to 1.35.29 by @dependabot in #5239
  • chore(deps): bump cryptography from 43.0.0 to 43.0.1 by @dependabot in #4923
  • chore(deps): bump cryptography from 43.0.0 to 43.0.1 by @dependabot in #4928
  • chore(deps): bump dash from 2.17.1 to 2.18.0 by @dependabot in #4932
  • chore(deps): bump dash from 2.18.0 to 2.18.1 by @dependabot in #5024
  • chore(deps): bump google-api-python-client from 2.146.0 to 2.147.0 by @dependabot in #5185
  • chore(deps): bump kubernetes from 30.1.0 to 31.0.0 by @dependabot in #5137
  • chore(deps): bump msgraph-sdk from 1.7.0 to 1.8.0 by @dependabot in #5110
  • chore(deps): bump numpy from 2.0.1 to 2.0.2 by @dependabot in #4869
  • chore(deps): bump pandas from 2.2.2 to 2.2.3 by @dependabot in #5139
  • chore(deps): bump peter-evans/create-pull-request from 6 to 7 by @dependabot in #4926
  • chore(deps): bump pytz from 2024.1 to 2024.2 by @dependabot in #5012
  • chore(deps): bump slack-sdk from 3.33.0 to 3.33.1 by @dependabot in #5107
  • chore(deps): bump tj-actions/changed-files from 44 to 45 by @dependabot in #4822
  • chore(deps): bump trufflesecurity/trufflehog from 3.82.5 to 3.82.6 by @dependabot in #5222
  • chore(deps): update docs dependencies by @sergargar in #5098
  • chore(deps-dev): bump bandit from 1.7.9 to 1.7.10 by @dependabot in #5157
  • chore(deps-dev): bump black from 24.4.2 to 24.8.0 by @dependabot in #4627
  • chore(deps-dev): bump coverage from 7.6.0 to 7.6.1 by @dependabot in #4640
  • chore(deps-dev): bump flake8 from 7.1.0 to 7.1.1 by @dependabot in #4643
  • chore(deps-dev): bump mkdocs-git-revision-date-localized-plugin from 1.2.8 to 1.2.9 by @dependabot in #5023
  • chore(deps-dev): bump mkdocs-material from 9.5.36 to 9.5.38 by @dependabot in #5206
  • chore(deps-dev): bump moto from 5.0.14 to 5.0.15 by @dependabot in #5158
  • chore(deps-dev): bump pylint from 3.3.0 to 3.3.1 by @dependabot in #5187
  • chore(deps-dev): bump pytest-env from 1.1.4 to 1.1.5 by @dependabot in #5090
  • chore(deps-dev): bump pytest from 8.3.2 to 8.3.3 by @dependabot in #4991
  • chore(deps-dev): bump safety from 3.2.7 to 3.2.8 by @dependabot in #5238
  • chore(deps-dev): bump vulture from 2.11 to 2.12 by @dependabot in #5071
  • chore(docs): change ResourceType link of Security Hub by @sergargar in #5063
  • chore(ec2): add tags to report of EC2 launch templates by @puchy22 in #5210
  • chore(ec2): Change security groups to dict by @puchy22 in #4700
  • chore(elbv2): add SecurityHub link to elbv2_desync_mitigation_mode metadata by @puchy22 in #4791
  • chore(elbv2): Add SecurityHub link to elbv2_ssl_listeners metadata by @puchy22 in #4787
  • chore(labeler): Run also for v4.* by @jfagoagas in #4687
  • chore(organizations): improve AWS Organizations service by @sergargar in #5151
  • chore(prowler): change all methods from services from format double underscore to single underscore by @puchy22 in #4910
  • chore(pull-request): add check for backport by @pedrooot in #4901
  • chore(rds): Revert changes on inherited instance checks by @danibarranqueroo in #4827
  • chore(README): update checks summary table by @puchy22 in #5119
  • chore(readme): Update Slack invite link by @toniblyx in #4875
  • chore(README): update summary table by @sergargar in #4984
  • chore(README): update summary table by @sergargar in #5248
  • chore(readme): Update the number of AWS checks by @puchy22 in #4860
  • chore(refactor): make Provider generation global by @sergargar in #4961
  • chore(regions): Update labels for backporting by @jfagoagas in #4678
  • chore(regions_update): Changes in regions for AWS services by @prowler-bot in #5224
  • chore(release): Remove unused step by @jfagoagas in #4874
  • chore(scan-class): add new scan class by @pedrooot in #4564
  • chore(ssm): add tags to ssm_managed_compliant_patching by @puchy22 in #5245
  • chore(ssm): add trusted accounts variable to ssm check by @sergargar in #5005
  • chore(test): improve iam_root_hardware_mfa_enabled tests by @sergargar in #4833
  • chore(version): update master version by @sergargar in #4681
  • chore(version): update version logic in Prowler by @sergargar in #4654
  • chore: change SaaS for Prowler by @jfagoagas in #4651
  • chore: remove not used variable by @jfagoagas in #4873
  • docs(check): change where extract ResourceTypes by @puchy22 in #5030
  • docs(dev-guide): refer poetry docs for installation by @puchy22 in #5031
  • docs(developer-guide): add info about docstrings by @pedrooot in #4701
  • docs(fixers): improve docs about fixers by @pedrooot in #4889
  • docs(is_item_matched): update docstrings for method by @pedrooot in #4836
  • docs(mutelist): Add service_* documentation by @jfagoagas in #4650
  • docs(Tutorials): include volume option when running dashboard in docker by @thejaywhy in #4620
  • docs: change installation methods by @puchy22 in #5192
  • refactor(aws): Refactor provider by @pedrooot in #4808
  • refactor(azure): refactor azure provider by @pedrooot in #4653
  • refactor(azure): remove validate_arguments for CLI by @pedrooot in #4985
  • refactor(check_metadata): move bulk_load_checks_metadata inside class by @pedrooot in #4934
  • refactor(cloudfront): replace origins dictionary with custom Origin class by @HugoPBrito in #4981
  • refactor(execute_check): refactor execute method by @pedrooot in #4975
  • refactor(gcp): refactor GCP provider by @pedrooot in #4790
  • refactor(kubernetes): refactor Kubernetes provider by @pedrooot in #4805
  • refactor(mutelist): Remove re.match and improve docs by @jfagoagas in #4637
  • refactor(output_options): remove output options from provider by @pedrooot in #5149
  • refactor(provider): move audit and fixer config inside the provider by @pedrooot in #4960
  • refactor(s3): Changed buckets variable type form list to dict by @HugoPBrito in #4742
  • refactor(tags): convert tags to a dictionary by @sergargar in #4598
  • test(awslambda): Cover possible checks with moto instead MagicMock by @puchy22 in #4609

New Contributors

Full Changelog: 4.3.7...4.4.0