3.15.0
版本发布时间: 2024-03-14 23:58:22
prowler-cloud/prowler最新发布版本:3.16.4(2024-05-08 18:20:47)
You’re children of the damned Your backs against the wall You turn into the light You’re burning in the night
Beware the cloud security issues that paralyze! As per Bruce Dickinson comments at the BBC, this Iron Maiden song part of The Number of the Beast album was inspired by by Black Sabbath’s “Children of the Sea”. In any case, let’s put all those cloud security misconfigurations against the wall now!
Enjoy it! 🤘🏽🔥
New features to highlight in this version:
💪🏼 40 New Azure checks
- Prowler is improving its Azure coverage by including 40 new checks that appears in the CIS Benchmark v2.1.0. (Thanks @Hugo966, @pedrooot and @puchy22 for their contributions and performance!)
See all the new available checks with
prowler azure -l
🔒 Shodan.io support for Azure and GCP
- Now, Prowler lets you also check if any public IPs in Azure or GCP are exposed in Shodan.
Try it with
prowler gcp -c compute_public_address_shodan --shodan <API_KEY>
andprowler azure -c network_public_ip_shodan --shodan <API_KEY>
The Shodan API Key can also be set in the
config.yaml
file instead of using the--shodan
flag.
✅ Added Kubernetes Coverage in Cloud Providers
- New checks that cover Kubernetes managed services in AWS (EKS), Azure (AKS) and in GCP (GKE/GCR) are now available in Prowler. Try them with
prowler aws/azure/gcp --services eks/aks/gke
📝 New AWS FTR Compliance
-
AWS FTR helps you identify AWS Well-Architected best practices specific to your software or solution.
You can execute the new AWS Foundational Technical Review Compliance Framework with
prowler aws --compliance foundational_technical_review_aws
Features
- feat(aws): add 2 new Amazon EKS checks from CIS by @sergargar in https://github.com/prowler-cloud/prowler/pull/3439
- feat(aws): Get organizations metadata if delegated admin by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3435
- feat(azure): add new check related with cmk by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3466
- feat(azure): add new check related with Public IPs in Shodan.io by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3433
- feat(azure): Azure new checks related with AKS by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3476
- feat(azure): Azure new checks related with App Service by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3432
- feat(azure): Azure new check
policy_ensure_asc_enforcement_enabled
by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3452 - feat(azure): Checks related to Azure Keyvault by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3430
- feat(Azure): Entra service with two checks by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3510
- feat(azure): New azure monitor check
monitor_ensure_diagnostic_setting_appropriate
by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3421 - feat(azure): new monitoring check ensuring storage account with logs private by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3453
- feat(azure): New check related with network flow logs by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3535
- feat(azure): 10 new checks related with alerts in monitoring by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3516
- feat(compliance): Add new compliance foundational_technical_review_aws by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3511
- feat(gcp): add 3 new checks for GKE CIS by @sergargar in https://github.com/prowler-cloud/prowler/pull/3440
- feat(gcp): add Shodan check for GCP External Addresses by @sergargar in https://github.com/prowler-cloud/prowler/pull/3486
Fixes
- fix(checks_loader): Handle exceptions and always load checks by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3479
- fix(check_loader): Add validation in 'Categories' field from metadata by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3480
- fix(cloudwatch): correct recommendation text by @sergargar in https://github.com/prowler-cloud/prowler/pull/3538
- fix(compliance): add default severity to Manual Mocked Metadata by @sergargar in https://github.com/prowler-cloud/prowler/pull/3484
- fix(compliance): set correct CSV Compliance model for CIS by @sergargar in https://github.com/prowler-cloud/prowler/pull/3503
- fix(compliance): set Generic Compliance as last model by @sergargar in https://github.com/prowler-cloud/prowler/pull/3487
- fix(compliance): set the provider dynamically in Manual checks by @sergargar in https://github.com/prowler-cloud/prowler/pull/3502
- fix(docs): Add docs group to install by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3436
- fix(docs): Fix some typos in requirements page by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3504
- fix(docs): Fix typo and change info about mocking by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3438
- fix(docs): readthedocs install by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3437
- fix(ecr): check if ECR Repository Policies does not exist by @sergargar in https://github.com/prowler-cloud/prowler/pull/3451
- fix(error_handling): delete unnecessary error in logger.error by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3454
- fix(gcp): handle KeyError in Compute service by @sergargar in https://github.com/prowler-cloud/prowler/pull/3471
- fix(gcp): remove Default Project ID requirement by @sergargar in https://github.com/prowler-cloud/prowler/pull/3459
- fix(glue): Add mocked ARN by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3515
- fix(iam): ignore Root User in iam_user_mfa_enabled_console_access by @sergargar in https://github.com/prowler-cloud/prowler/pull/3537
- fix(LICENSE): update LICENSE copyright by @sergargar in https://github.com/prowler-cloud/prowler/pull/3508
- fix(security_hub): Handle user facing errors by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3456
Chores
- chore(action): Link docs in PR by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3448
- chore(allowlist): add AFT IAM roles to allowlist by @sergargar in https://github.com/prowler-cloud/prowler/pull/3460
- chore(arn): improve resource ARNs in checks by @sergargar in https://github.com/prowler-cloud/prowler/pull/3388
- chore(azure): Manage new errors in the Defender service by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3534
- chore(docs): improve documentation for Azure debugging by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3411
- chore(docs): Prettify notes and add dates by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3434
- chore(fixme): Add fixme for credentials refresh by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3485
- chore(gcp): set GCP account in output file name by @sergargar in https://github.com/prowler-cloud/prowler/pull/3461
- chore(README): update checks summary table by @sergargar in https://github.com/prowler-cloud/prowler/pull/3483
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3429
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3457
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3465
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3473
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3505
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3509
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3518
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3520
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3528
- chore(regions_update): Changes in regions for AWS services. by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3533
- chore(release): update Prowler Version to 3.14.0 by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/3422
- chore: update feature request label by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3464
- docs(compliance): Add newline to format list by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3455
- docs: New overview page by @toniblyx in https://github.com/prowler-cloud/prowler/pull/3427
- docs: Update documentation links by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3424
- docs: Update README.md with bigger Slack link by @toniblyx in https://github.com/prowler-cloud/prowler/pull/3425
Dependencies
- build(deps): bump azure-keyvault-keys from 4.8.0 to 4.9.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3443
- build(deps): bump azure-storage-blob from 12.19.0 to 12.19.1 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3527
- build(deps): bump cryptography from 42.0.2 to 42.0.4 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3428
- build(deps): bump google-api-python-client from 2.120.0 to 2.122.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3531
- build(deps): bump slack-sdk from 3.27.0 to 3.27.1 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3494
- build(deps): bump trufflesecurity/trufflehog from 3.68.4 to 3.69.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3522
- build(deps-dev): bump bandit from 1.7.7 to 1.7.8 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3523
- build(deps-dev): bump coverage from 7.4.1 to 7.4.3 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3444
- build(deps-dev): bump mkdocs-material from 9.5.11 to 9.5.12 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3492
- build(deps-dev): bump moto from 5.0.2 to 5.0.3 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3525
- build(deps-dev): bump pylint from 3.0.3 to 3.1.0 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3442
- build(deps-dev): bump pytest from 8.0.2 to 8.1.1 by @dependabot in https://github.com/prowler-cloud/prowler/pull/3524
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.14.0...3.15.0