feat(gcp): add CIS 4.0 compliance framework (#7785)

2025-12-19 05:17:47 +00:00 · 2025-05-21 12:38:34 +02:00
parent 1c1c58c975
commit 7d84d67935
5 changed files with 1903 additions and 14 deletions
--- a/README.md
+++ b/README.md
@@ -87,7 +87,7 @@ prowler dashboard
 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
 | AWS | 564 | 82 | 34 | 10 |
-| GCP | 79 | 13 | 7 | 3 |
+| GCP | 79 | 13 | 9 | 3 |
 | Azure | 140 | 18 | 8 | 3 |
 | Kubernetes | 83 | 7 | 5 | 7 |
 | GitHub | 3 | 2 | 1 | 0 |
--- a/dashboard/compliance/cis_4_0_gcp.py
+++ b/dashboard/compliance/cis_4_0_gcp.py
@@ -0,0 +1,24 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_cis
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ID",
+            "REQUIREMENTS_DESCRIPTION",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ].copy()
+
+    return get_section_containers_cis(
+        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
+    )
--- a/prowler/CHANGELOG.md
+++ b/prowler/CHANGELOG.md
@@ -10,6 +10,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Add new check `entra_users_mfa_capable`. [(#7734)](https://github.com/prowler-cloud/prowler/pull/7734)
 - Add new check `admincenter_organization_customer_lockbox_enabled`. [(#7732)](https://github.com/prowler-cloud/prowler/pull/7732)
 - Add new check `admincenter_external_calendar_sharing_disabled`. [(#7733)](https://github.com/prowler-cloud/prowler/pull/7733)
+- Add CIS 4.0 compliance framework for GCP. [(7785)](https://github.com/prowler-cloud/prowler/pull/7785)

 ### Fixed
 - Fix `m365_powershell test_credentials` to use sanitized credentials. [(#7761)](https://github.com/prowler-cloud/prowler/pull/7761)
--- a/prowler/compliance/gcp/cis_4.0_gcp.json
+++ b/prowler/compliance/gcp/cis_4.0_gcp.json
--- a/util/generate_compliance_json_from_csv_for_cis15.py
+++ b/util/generate_compliance_json_from_csv_for_cis15.py
@@ -4,7 +4,7 @@ import sys

 # Convert a CSV file following the CIS 1.5 AWS benchmark into a Prowler v3.0 Compliance JSON file
 # CSV fields:
-# Id, Title,Checks,Attributes_Section,Attributes_Level,Attributes_AssessmentStatus,Attributes_Description,Attributes_RationalStatement,Attributes_ImpactStatement,Attributes_RemediationProcedure,Attributes_AuditProcedure,Attributes_AdditionalInformation,Attributes_References
+# ID	Title	Check	Section #	SubSection	Profile	Assessment Status	Description	Rationale Statement	Impact Statement	Remediation Procedure	Audit Procedure	Additional Information	References	Default Value

 # get the CSV filename to convert from
 file_name = sys.argv[1]
@@ -14,18 +14,36 @@ output = {"Framework": "CIS-AWS", "Version": "1.5", "Requirements": []}
 with open(file_name, newline="", encoding="utf-8") as f:
    reader = csv.reader(f, delimiter=",")
    for row in reader:
-        attribute = {
-            "Section": row[3],
-            "Profile": row[4],
-            "AssessmentStatus": row[5],
-            "Description": row[6],
-            "RationaleStatement": row[7],
-            "ImpactStatement": row[8],
-            "RemediationProcedure": row[9],
-            "AuditProcedure": row[10],
-            "AdditionalInformation": row[11],
-            "References": row[12],
-        }
+        if len(row[4]) > 0:
+            attribute = {
+                "Section": row[3],
+                "SubSection": row[4],
+                "Profile": row[5],
+                "AssessmentStatus": row[6],
+                "Description": row[7],
+                "RationaleStatement": row[8],
+                "ImpactStatement": row[9],
+                "RemediationProcedure": row[10],
+                "AuditProcedure": row[11],
+                "AdditionalInformation": row[12],
+                "References": row[13],
+                "DefaultValue": row[14],
+            }
+        else:
+            attribute = {
+                "Section": row[3],
+                "Profile": row[5],
+                "AssessmentStatus": row[6],
+                "Description": row[7],
+                "RationaleStatement": row[8],
+                "ImpactStatement": row[9],
+                "RemediationProcedure": row[10],
+                "AuditProcedure": row[11],
+                "AdditionalInformation": row[12],
+                "References": row[13],
+                "DefaultValue": row[14],
+            }
+
        output["Requirements"].append(
            {
                "Id": row[0],