feat(kubernetes): add ISO 27001 2022 compliance framework (#7204)

README.md

@@ -72,9 +72,9 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe
 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
 | AWS | 564 | 82 | 33 | 10 |
-| GCP | 77 | 13 | 5 | 3 |
+| GCP | 77 | 13 | 6 | 3 |
 | Azure | 140 | 18 | 7 | 3 |
-| Kubernetes | 83 | 7 | 2 | 7 |
+| Kubernetes | 83 | 7 | 4 | 7 |
 | Microsoft365 | 5 | 2 | 1 | 0 |
 
 > You can list the checks, services, compliance frameworks and categories with `prowler <provider> --list-checks`, `prowler <provider> --list-services`, `prowler <provider> --list-compliance` and `prowler <provider> --list-categories`.

dashboard/compliance/iso27001_2022_kubernetes.py

@@ -0,0 +1,23 @@
+import warnings
+
+from dashboard.common_methods import get_section_container_iso
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ATTRIBUTES_CATEGORY",
+            "REQUIREMENTS_ATTRIBUTES_OBJETIVE_ID",
+            "REQUIREMENTS_ATTRIBUTES_OBJETIVE_NAME",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ]
+    return get_section_container_iso(
+        aux, "REQUIREMENTS_ATTRIBUTES_CATEGORY", "REQUIREMENTS_ATTRIBUTES_OBJETIVE_ID"
+    )

prowler/__main__.py

@@ -60,6 +60,9 @@ from prowler.lib.outputs.compliance.generic.generic import GenericCompliance
 from prowler.lib.outputs.compliance.iso27001.iso27001_aws import AWSISO27001
 from prowler.lib.outputs.compliance.iso27001.iso27001_azure import AzureISO27001
 from prowler.lib.outputs.compliance.iso27001.iso27001_gcp import GCPISO27001
+from prowler.lib.outputs.compliance.iso27001.iso27001_kubernetes import (
+    KubernetesISO27001,
+)
 from prowler.lib.outputs.compliance.kisa_ismsp.kisa_ismsp_aws import AWSKISAISMSP
 from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_aws import AWSMitreAttack
 from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_azure import (
@@ -631,6 +634,19 @@ def prowler():
                 )
                 generated_outputs["compliance"].append(cis)
                 cis.batch_write_data_to_file()
+            elif compliance_name.startswith("iso27001_"):
+                # Generate ISO27001 Finding Object
+                filename = (
+                    f"{output_options.output_directory}/compliance/"
+                    f"{output_options.output_filename}_{compliance_name}.csv"
+                )
+                iso27001 = KubernetesISO27001(
+                    findings=finding_outputs,
+                    compliance=bulk_compliance_frameworks[compliance_name],
+                    file_path=filename,
+                )
+                generated_outputs["compliance"].append(iso27001)
+                iso27001.batch_write_data_to_file()
             else:
                 filename = (
                     f"{output_options.output_directory}/compliance/"

prowler/lib/outputs/compliance/iso27001/iso27001_aws.py

@@ -13,7 +13,7 @@ class AWSISO27001(ComplianceOutput):
         - _file_descriptor (TextIOWrapper): A file descriptor to write data to a file.
 
     Methods:
-        - transform: Transforms findings into AWS ENS compliance format.
+        - transform: Transforms findings into AWS ISO 27001 compliance format.
     """
 
     def transform(
@@ -23,7 +23,7 @@ class AWSISO27001(ComplianceOutput):
         compliance_name: str,
     ) -> None:
         """
-        Transforms a list of findings into AWS ENS compliance format.
+        Transforms a list of findings into AWS ISO 27001 compliance format.
 
         Parameters:
             - findings (list): A list of findings.

prowler/lib/outputs/compliance/iso27001/iso27001_azure.py

@@ -13,7 +13,7 @@ class AzureISO27001(ComplianceOutput):
         - _file_descriptor (TextIOWrapper): A file descriptor to write data to a file.
 
     Methods:
-        - transform: Transforms findings into AWS ENS compliance format.
+        - transform: Transforms findings into Azure ISO 27001 compliance format.
     """
 
     def transform(
@@ -23,7 +23,7 @@ class AzureISO27001(ComplianceOutput):
         compliance_name: str,
     ) -> None:
         """
-        Transforms a list of findings into Azure ENS compliance format.
+        Transforms a list of findings into Azure ISO 27001 compliance format.
 
         Parameters:
             - findings (list): A list of findings.

prowler/lib/outputs/compliance/iso27001/iso27001_gcp.py

@@ -13,7 +13,7 @@ class GCPISO27001(ComplianceOutput):
         - _file_descriptor (TextIOWrapper): A file descriptor to write data to a file.
 
     Methods:
-        - transform: Transforms findings into AWS ENS compliance format.
+        - transform: Transforms findings into GCP ISO 27001 compliance format.
     """
 
     def transform(

prowler/lib/outputs/compliance/iso27001/iso27001_kubernetes.py

@@ -0,0 +1,87 @@
+from prowler.lib.check.compliance_models import Compliance
+from prowler.lib.outputs.compliance.compliance_output import ComplianceOutput
+from prowler.lib.outputs.compliance.iso27001.models import KubernetesISO27001Model
+from prowler.lib.outputs.finding import Finding
+
+
+class KubernetesISO27001(ComplianceOutput):
+    """
+    This class represents the Kubernetes ISO 27001 compliance output.
+
+    Attributes:
+        - _data (list): A list to store transformed data from findings.
+        - _file_descriptor (TextIOWrapper): A file descriptor to write data to a file.
+
+    Methods:
+        - transform: Transforms findings into Kubernetes ISO 27001 compliance format.
+    """
+
+    def transform(
+        self,
+        findings: list[Finding],
+        compliance: Compliance,
+        compliance_name: str,
+    ) -> None:
+        """
+        Transforms a list of findings into Kubernetes ISO 27001 compliance format.
+
+        Parameters:
+            - findings (list): A list of findings.
+            - compliance (Compliance): A compliance model.
+            - compliance_name (str): The name of the compliance model.
+
+        Returns:
+            - None
+        """
+        for finding in findings:
+            # Get the compliance requirements for the finding
+            finding_requirements = finding.compliance.get(compliance_name, [])
+            for requirement in compliance.Requirements:
+                if requirement.Id in finding_requirements:
+                    for attribute in requirement.Attributes:
+                        compliance_row = KubernetesISO27001Model(
+                            Provider=finding.provider,
+                            Description=compliance.Description,
+                            Context=finding.account_name,
+                            Namespace=finding.region,
+                            AssessmentDate=str(finding.timestamp),
+                            Requirements_Id=requirement.Id,
+                            Requirements_Description=requirement.Description,
+                            Requirements_Name=requirement.Name,
+                            Requirements_Attributes_Category=attribute.Category,
+                            Requirements_Attributes_Objetive_ID=attribute.Objetive_ID,
+                            Requirements_Attributes_Objetive_Name=attribute.Objetive_Name,
+                            Requirements_Attributes_Check_Summary=attribute.Check_Summary,
+                            Status=finding.status,
+                            StatusExtended=finding.status_extended,
+                            ResourceId=finding.resource_uid,
+                            CheckId=finding.check_id,
+                            Muted=finding.muted,
+                            ResourceName=finding.resource_name,
+                        )
+                        self._data.append(compliance_row)
+        # Add manual requirements to the compliance output
+        for requirement in compliance.Requirements:
+            if not requirement.Checks:
+                for attribute in requirement.Attributes:
+                    compliance_row = KubernetesISO27001Model(
+                        Provider=compliance.Provider.lower(),
+                        Description=compliance.Description,
+                        Context="",
+                        Namespace="",
+                        AssessmentDate=str(finding.timestamp),
+                        Requirements_Id=requirement.Id,
+                        Requirements_Description=requirement.Description,
+                        Requirements_Name=requirement.Name,
+                        Requirements_Attributes_Category=attribute.Category,
+                        Requirements_Attributes_Objetive_ID=attribute.Objetive_ID,
+                        Requirements_Attributes_Objetive_Name=attribute.Objetive_Name,
+                        Requirements_Attributes_Check_Summary=attribute.Check_Summary,
+                        Status="MANUAL",
+                        StatusExtended="Manual check",
+                        ResourceId="manual_check",
+                        ResourceName="Manual check",
+                        CheckId="manual",
+                        Muted=False,
+                    )
+                    self._data.append(compliance_row)

prowler/lib/outputs/compliance/iso27001/models.py

@@ -74,3 +74,28 @@ class GCPISO27001Model(BaseModel):
     CheckId: str
     Muted: bool
     ResourceName: str
+
+
+class KubernetesISO27001Model(BaseModel):
+    """
+    KubernetesISO27001Model generates a finding's output in CSV Kubernetes ISO27001 format.
+    """
+
+    Provider: str
+    Description: str
+    Context: str
+    Namespace: str
+    AssessmentDate: str
+    Requirements_Id: str
+    Requirements_Name: str
+    Requirements_Description: str
+    Requirements_Attributes_Category: str
+    Requirements_Attributes_Objetive_ID: str
+    Requirements_Attributes_Objetive_Name: str
+    Requirements_Attributes_Check_Summary: str
+    Status: str
+    StatusExtended: str
+    ResourceId: str
+    CheckId: str
+    Muted: bool
+    ResourceName: str