feat(mongodbatlas): add MongoDB Atlas provider PoC (#8312)

Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>

docs/basic-usage/prowler-cli.md

@@ -1,6 +1,6 @@
 ## Running Prowler
 
-Running Prowler requires specifying the provider (e.g `aws`, `gcp`, `azure`, `m365`, `github` or `kubernetes`):
+Running Prowler requires specifying the provider (e.g `aws`, `gcp`, `azure`, `kubernetes`, `m365`, `github`, `iac` or `mongodbatlas`):
 
 ???+ note
     If no provider is specified, AWS is used by default for backward compatibility with Prowler v2.
@@ -255,3 +255,28 @@ prowler iac --scan-path ./my-iac-directory --exclude-path ./my-iac-directory/tes
     - For more details on supported scanners, see the [Trivy documentation](https://trivy.dev/latest/docs/scanner/vulnerability/)
 
 See more details about IaC scanning in the [IaC Tutorial](../tutorials/iac/getting-started-iac.md) section.
+
+## MongoDB Atlas
+
+Prowler allows you to scan your MongoDB Atlas cloud database deployments for security and compliance issues.
+
+Authentication is done using MongoDB Atlas API key pairs:
+
+```console
+# Using command-line arguments
+prowler mongodbatlas --atlas-public-key <public_key> --atlas-private-key <private_key>
+
+# Using environment variables
+export ATLAS_PUBLIC_KEY=<public_key>
+export ATLAS_PRIVATE_KEY=<private_key>
+prowler mongodbatlas
+```
+
+You can filter scans to specific organizations or projects:
+
+```console
+# Scan specific project
+prowler mongodbatlas --atlas-project-id <project_id>
+```
+
+See more details about MongoDB Atlas Authentication in [Requirements](../getting-started/requirements.md#mongodb-atlas)

docs/developer-guide/provider.md

@@ -10,6 +10,7 @@ A provider is any platform or service that offers resources, data, or functional
 - Software as a Service (SaaS) Platforms (like Microsoft 365)
 - Development Platforms (like GitHub)
 - Container Orchestration Platforms (like Kubernetes)
+- Database-as-a-Service Platforms (like MongoDB Atlas)
 
 For providers supported by Prowler, refer to [Prowler Hub](https://hub.prowler.com/).
 
@@ -63,6 +64,7 @@ Given the complexity and variability of providers, use existing provider impleme
 - [Kubernetes](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/kubernetes/kubernetes_provider.py)
 - [Microsoft365](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/microsoft365/microsoft365_provider.py)
 - [GitHub](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/github/github_provider.py)
+- [MongoDB Atlas](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/mongodbatlas/mongodbatlas_provider.py)
 
 ### Basic Provider Implementation: Pseudocode Example
 

docs/index.md

@@ -13,6 +13,7 @@ The official supported providers right now are:
 | **M365** | Official | Stable | UI, API, CLI |
 | **Github** | Official | Stable | UI, API, CLI |
 | **IaC** | Official | Beta | CLI |
+| **MongoDB Atlas** | Official | Beta | CLI |
 | **NHN** | Unofficial | Beta | CLI |
 
 Prowler supports **auditing, incident response, continuous monitoring, hardening, forensic readiness, and remediation**.

docs/tutorials/mongodbatlas/authentication.md

@@ -0,0 +1,45 @@
+# MongoDB Atlas Authentication
+
+MongoDB Atlas provider uses [HTTP Digest Authentication with API key pairs consisting of a public key and private key](https://www.mongodb.com/docs/atlas/configure-api-access/#grant-programmatic-access-to-service).
+
+## Authentication Methods
+
+### Command-Line Arguments
+
+```bash
+prowler mongodbatlas --atlas-public-key <public_key> --atlas-private-key <private_key>
+```
+
+### Environment Variables
+
+```bash
+export ATLAS_PUBLIC_KEY=<public_key>
+export ATLAS_PRIVATE_KEY=<private_key>
+prowler mongodbatlas
+```
+
+## Creating API Keys
+
+### Step-by-Step Guide
+
+1. **Log into MongoDB Atlas**
+      - Access the MongoDB Atlas console
+
+2. **Navigate to Access Manager**
+      - Go to the organization or project access management section
+
+3. **Select API Keys Tab**
+      - Click on the "API Keys" tab
+
+4. **Create API Key**
+      - Click "Create API Key"
+      - Provide a description for the key
+
+5. **Set Permissions**
+      - Grant minimum required permissions
+
+6. **Save Credentials**
+      - Note the public key and private key
+      - Store credentials securely
+
+For more details about MongoDB Atlas, see the [MongoDB Atlas Tutorial](../tutorials/mongodbatlas/getting-started-mongodbatlas.md).

docs/tutorials/mongodbatlas/getting-started-mongodbatlas.md

@@ -0,0 +1,87 @@
+# Getting Started with MongoDB Atlas
+
+MongoDB Atlas provider enables security assessments of MongoDB Atlas cloud database deployments.
+
+## Features
+
+- **Authentication**: Supports MongoDB Atlas API key authentication
+- **Services**: Projects and clusters services
+- **Checks**: Network access security and encryption at rest validation
+
+## Creating API Keys
+
+To create MongoDB Atlas API keys:
+
+1. **Log into MongoDB Atlas**: Access the MongoDB Atlas console
+2. **Navigate to Access Manager**: Go to the organization access management section:
+
+    - Click on Access Manager and Organization Access:
+
+        ![Organization Access](./img/organization-access.png)
+
+    - After that click on the Applications tab inside the Access Manager:
+
+        ![Project Access](./img/access-manager.png)
+
+3. **Select API Keys Tab**: Click on the "API Keys" tab that appears in the image above
+
+4. **Create API Key**: Click "Create API Key" and provide a description
+
+    ![Create API Key](./img/create-api-key.png)
+
+5. **Set Permissions**: Project permissions are recommended for security, you can modify them after creating the key
+
+    ![Set Permissions](./img/modify-permission.png)
+
+6. **Save Credentials**: Note the public key and private key and store them securely
+
+    ![Save Credentials](./img/copy-key.png)
+
+7. **Add IP Access List**: Add the IP where you are running Prowler to the IP Access List of the API Key. If you want to skip this step and use your API key in all type of IP addresses you need to uncheck the `Require IP Access List for the Atlas Administration API` button on the [Organization Settings](#needed-permissions), but this is not recommended.
+
+    ![Organization Settings](./img/add-ip.png)
+
+## Basic Usage
+
+### Scan All Projects and Clusters
+
+After storing your API keys, you can run Prowler with the following command:
+
+```bash
+prowler mongodbatlas --atlas-public-key <key> --atlas-private-key <secret>
+```
+
+Also, you can set your API keys as environment variables:
+
+```bash
+export ATLAS_PUBLIC_KEY=<key>
+export ATLAS_PRIVATE_KEY=<secret>
+```
+
+And then just run Prowler with the following command:
+
+```bash
+prowler mongodbatlas
+```
+
+### Scanning a Specific Project
+
+If you want to scan a specific project, you can use the following argument added to the command above:
+
+```bash
+prowler mongodbatlas --atlas-project-id <project-id>
+```
+
+### Needed Permissions
+
+MongoDB Atlas API keys require appropriate permissions to perform security checks:
+
+- **Organization Read Only**: Provides read-only access to everything in the organization, including all projects in the organization.
+    - If you want to be able to [audit the Auditing configuration for the project](https://www.mongodb.com/docs/api/doc/atlas-admin-api-v2/group/endpoint-auditing), **Organization Owner** is needed.
+
+Also, it's important to note that the IP where you are running Prowler must be added to the IP Access List of the MongoDB Atlas organization API key. If you want to skip this step and use your API key in all type of IP addresses you need to uncheck the `Require IP Access List for the Atlas Administration API` button on the Organization Settings, that setting is [enabled by default](https://www.mongodb.com/docs/atlas/configure-api-access/#optional--require-an-ip-access-list-for-the-atlas-administration-api).
+
+???+ warning
+    If you want the check `organizations_api_access_list_required` to pass you will need to enable the API access list for the organization, so to make sure that your API Key is working you need to add your IP to the IP Access List of the organization. If you are running the check from Prowler Cloud, you will need to add our IP to the IP Access List.
+
+![Organization Settings](./img/ip-access-list.png)

docs/tutorials/prowler-app.md

@@ -39,7 +39,7 @@ Upon logging in, the Overview page will display. At this stage, no data is prese
 
 ## **Step 3: Add a Provider**
 
-To perform security scans, link a cloud provider account. Prowler supports the following providers:
+To perform security scans, link a cloud provider account. Prowler supports the following providers and more:
 
 - **AWS**
 
@@ -51,6 +51,8 @@ To perform security scans, link a cloud provider account. Prowler supports the f
 
 - **M365**
 
+- **GitHub**
+
 Steps to add a provider:
 
 1. Navigate to `Settings > Cloud Providers`.