mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
feat(compliance): add DORA compliance framework for Azure (#11551)
This commit is contained in:
@@ -112,14 +112,14 @@ def get_compliance_frameworks(provider_type: Provider.ProviderChoices) -> list[s
|
||||
"""List compliance framework identifiers available for `provider_type`.
|
||||
|
||||
Includes both per-provider frameworks and universal top-level frameworks
|
||||
(e.g. ``dora``, ``csa_ccm_4.0``).
|
||||
(e.g. ``dora_2022_2554``, ``csa_ccm_4.0``).
|
||||
|
||||
Args:
|
||||
provider_type (Provider.ProviderChoices): The cloud provider type
|
||||
(e.g., "aws", "azure", "gcp", "m365").
|
||||
|
||||
Returns:
|
||||
list[str]: Framework identifiers (e.g., "cis_1.4_aws", "dora").
|
||||
list[str]: Framework identifiers (e.g., "cis_1.4_aws", "dora_2022_2554").
|
||||
"""
|
||||
global AVAILABLE_COMPLIANCE_FRAMEWORKS
|
||||
if provider_type not in AVAILABLE_COMPLIANCE_FRAMEWORKS:
|
||||
|
||||
@@ -1884,7 +1884,7 @@ class ProviderViewSet(DisablePaginationMixin, BaseRLSViewSet):
|
||||
description=(
|
||||
"Download a specific compliance report as an OCSF JSON file. "
|
||||
"Only universal frameworks that declare an output configuration "
|
||||
"produce this artifact (currently 'dora' and 'csa_ccm_4.0'); any "
|
||||
"produce this artifact (currently 'dora_2022_2554' and 'csa_ccm_4.0'); any "
|
||||
"other framework returns 404."
|
||||
),
|
||||
parameters=[
|
||||
@@ -1893,7 +1893,7 @@ class ProviderViewSet(DisablePaginationMixin, BaseRLSViewSet):
|
||||
type=str,
|
||||
location=OpenApiParameter.PATH,
|
||||
required=True,
|
||||
description="The compliance report name, like 'dora'",
|
||||
description="The compliance report name, like 'dora_2022_2554'",
|
||||
),
|
||||
],
|
||||
responses={
|
||||
|
||||
@@ -560,7 +560,7 @@ def generate_outputs_task(scan_id: str, provider_id: str, tenant_id: str):
|
||||
|
||||
# Per-framework exporters in `COMPLIANCE_CLASS_MAP` consume the legacy bulk.
|
||||
frameworks_bulk = Compliance.get_bulk(provider_type)
|
||||
# Universal-only frameworks (top-level JSONs like `dora.json`) are emitted
|
||||
# Universal-only frameworks (top-level JSONs like `dora_2022_2554.json`) are emitted
|
||||
# via `process_universal_compliance_frameworks` below.
|
||||
universal_bulk = get_prowler_provider_compliance(provider_type)
|
||||
universal_only_names = {
|
||||
@@ -650,7 +650,7 @@ def generate_outputs_task(scan_id: str, provider_id: str, tenant_id: str):
|
||||
writer.batch_write_data_to_file(**extra)
|
||||
writer._data.clear()
|
||||
|
||||
# Universal-only frameworks (e.g. `dora.json`).
|
||||
# Universal-only frameworks (e.g. `dora_2022_2554.json`).
|
||||
if universal_only_names:
|
||||
process_universal_compliance_frameworks(
|
||||
input_compliance_frameworks=universal_only_names,
|
||||
|
||||
@@ -38,7 +38,7 @@ Before adding a new framework, complete the following checks:
|
||||
- **Verify the framework is not already supported.** Inspect `prowler/compliance/` and every `prowler/compliance/<provider>/` for an existing JSON file matching the name and version.
|
||||
- **Confirm the required checks exist.** Every requirement that can be automated must point to one or more existing Prowler checks. For each missing check, implement it first by following the [Prowler Checks](/developer-guide/checks) guide.
|
||||
- **Review a reference framework.** Use an existing framework with a similar structure as your template:
|
||||
- Universal: `prowler/compliance/dora.json`, `prowler/compliance/csa_ccm_4.0.json`.
|
||||
- Universal: `prowler/compliance/dora_2022_2554.json`, `prowler/compliance/csa_ccm_4.0.json`.
|
||||
- Legacy: `prowler/compliance/aws/cis_2.0_aws.json` (canonical CIS shape), `prowler/compliance/aws/ccc_aws.json`, `prowler/compliance/aws/ens_rd2022_aws.json`, `prowler/compliance/aws/nist_800_53_revision_5_aws.json`.
|
||||
|
||||
## Universal Compliance Framework
|
||||
@@ -51,9 +51,9 @@ Place the file at the top level of the compliance directory:
|
||||
prowler/compliance/<framework_name>.json
|
||||
```
|
||||
|
||||
Examples in the repository: `prowler/compliance/csa_ccm_4.0.json`, `prowler/compliance/dora.json`.
|
||||
Examples in the repository: `prowler/compliance/csa_ccm_4.0.json`, `prowler/compliance/dora_2022_2554.json`.
|
||||
|
||||
The file is auto-discovered — there is **no** need to register it in any `__init__.py`, modify `prowler/lib/outputs/`, or update any other Python module. The framework key Prowler CLI accepts via `--compliance` is the basename of the JSON file without `.json` (`dora.json` → `dora`).
|
||||
The file is auto-discovered — there is **no** need to register it in any `__init__.py`, modify `prowler/lib/outputs/`, or update any other Python module. The framework key Prowler CLI accepts via `--compliance` is the basename of the JSON file without `.json` (`dora_2022_2554.json` → `dora_2022_2554`).
|
||||
|
||||
### Top-level structure
|
||||
|
||||
@@ -70,7 +70,7 @@ The file is auto-discovered — there is **no** need to register it in any `__in
|
||||
}
|
||||
```
|
||||
|
||||
A `provider` field at the top level is **optional**. The framework's effective provider list is derived by `ComplianceFramework.get_providers()` (`compliance_models.py:739`) from the union of all keys appearing in `requirement.checks` across all requirements; the explicit `provider` field is used **only as a fallback** when no requirement carries any `checks` key. This is what enables a single file (e.g. `dora.json`) to cover AWS today and add Azure / GCP / etc. tomorrow without restructuring.
|
||||
A `provider` field at the top level is **optional**. The framework's effective provider list is derived by `ComplianceFramework.get_providers()` (`compliance_models.py:739`) from the union of all keys appearing in `requirement.checks` across all requirements; the explicit `provider` field is used **only as a fallback** when no requirement carries any `checks` key. This is what enables a single file (e.g. `dora_2022_2554.json`) to cover AWS today and add Azure / GCP / etc. tomorrow without restructuring.
|
||||
|
||||
Provider keys inside `requirement.checks` must match the directory names under `prowler/providers/`. The valid keys at present are: `aws`, `azure`, `gcp`, `m365`, `kubernetes`, `iac`, `github`, `googleworkspace`, `alibabacloud`, `cloudflare`, `mongodbatlas`, `nhn`, `openstack`, `oraclecloud`, `llm`. Comparison in `supports_provider()` is case-insensitive, but lowercase is the convention used everywhere in the repository.
|
||||
|
||||
@@ -493,7 +493,7 @@ Before opening a PR, validate the JSON loads cleanly against the model and that
|
||||
|
||||
### 1. Schema validation
|
||||
|
||||
For **universal** frameworks, load the file and inspect what was parsed. The framework key inside `bulk` is the **basename of the JSON file** (without `.json`); for `prowler/compliance/dora.json` that key is `dora`, for `prowler/compliance/aws/cis_5.0_aws.json` it is `cis_5.0_aws`.
|
||||
For **universal** frameworks, load the file and inspect what was parsed. The framework key inside `bulk` is the **basename of the JSON file** (without `.json`); for `prowler/compliance/dora_2022_2554.json` that key is `dora_2022_2554`, for `prowler/compliance/aws/cis_5.0_aws.json` it is `cis_5.0_aws`.
|
||||
|
||||
```python
|
||||
from prowler.lib.check.compliance_models import (
|
||||
@@ -619,7 +619,7 @@ The following issues are the most common when contributing a compliance framewor
|
||||
|
||||
Use the following files as templates when modeling a new contribution.
|
||||
|
||||
- `prowler/compliance/dora.json` — universal schema, single-provider populated (AWS), ready to extend with more providers.
|
||||
- `prowler/compliance/dora_2022_2554.json` — universal schema, single-provider populated (AWS), ready to extend with more providers.
|
||||
- `prowler/compliance/csa_ccm_4.0.json` — universal schema, multi-provider populated (AWS, Azure, GCP, AlibabaCloud, OracleCloud).
|
||||
- `prowler/compliance/aws/cis_2.0_aws.json` — legacy CIS attribute shape.
|
||||
- `prowler/compliance/aws/nist_800_53_revision_5_aws.json` — legacy generic attribute shape.
|
||||
|
||||
@@ -22,6 +22,8 @@ All notable changes to the **Prowler SDK** are documented in this file.
|
||||
- Public `Provider.get_class()` method that resolves a provider class by name for both built-in and external (entry-point) providers [(#11398)](https://github.com/prowler-cloud/prowler/pull/11398)
|
||||
- Jira timeout preventing the calls from hanging indefinitely when the Jira endpoint is unreachable or slow [(#11602)](https://github.com/prowler-cloud/prowler/pull/11602)
|
||||
- TLS certificate verification in the `codepipeline_project_repo_private` check, which previously used an unverified SSL context, leaving the repository-visibility probe open to MITM tampering [(#11603)](https://github.com/prowler-cloud/prowler/pull/11603)
|
||||
- DORA (Digital Operational Resilience Act, Regulation (EU) 2022/2554) compliance coverage for the Azure provider, mapping existing Azure checks across the five DORA pillars [(#11551)](https://github.com/prowler-cloud/prowler/pull/11551)
|
||||
- Rename DORA to DORA_2022_2554 to follow the naming <name>_<version> in compliance frameworks [(#11551)](https://github.com/prowler-cloud/prowler/pull/11551)
|
||||
- `entra_directory_sync_object_takeover_blocked` check for the M365 provider, verifying that hybrid Entra tenants block cloud object takeover through both soft-match and hard-match directory synchronization [(#11098)](https://github.com/prowler-cloud/prowler/pull/11098)
|
||||
- `entra_conditional_access_policy_no_deleted_object_references` check for M365 provider [(#11236)](https://github.com/prowler-cloud/prowler/pull/11236)
|
||||
|
||||
|
||||
@@ -114,6 +114,22 @@
|
||||
"organizations_account_part_of_organizations",
|
||||
"iam_user_mfa_enabled_console_access",
|
||||
"iam_user_hardware_mfa_enabled"
|
||||
],
|
||||
"azure": [
|
||||
"entra_global_admin_in_less_than_five_users",
|
||||
"entra_privileged_user_has_mfa",
|
||||
"entra_non_privileged_user_has_mfa",
|
||||
"entra_user_with_vm_access_has_mfa",
|
||||
"entra_security_defaults_enabled",
|
||||
"entra_conditional_access_policy_require_mfa_for_admin_portals",
|
||||
"entra_conditional_access_policy_require_mfa_for_management_api",
|
||||
"entra_policy_default_users_cannot_create_security_groups",
|
||||
"entra_policy_ensure_default_user_cannot_create_apps",
|
||||
"entra_policy_ensure_default_user_cannot_create_tenants",
|
||||
"entra_users_cannot_create_microsoft_365_groups",
|
||||
"iam_subscription_roles_owner_custom_not_created",
|
||||
"iam_role_user_access_admin_restricted",
|
||||
"iam_custom_role_has_permissions_to_administer_resource_locks"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -136,6 +152,24 @@
|
||||
"organizations_delegated_administrators",
|
||||
"guardduty_centrally_managed",
|
||||
"guardduty_delegated_admin_enabled_all_regions"
|
||||
],
|
||||
"azure": [
|
||||
"defender_ensure_defender_for_server_is_on",
|
||||
"defender_ensure_defender_for_containers_is_on",
|
||||
"defender_ensure_defender_for_storage_is_on",
|
||||
"defender_ensure_defender_for_app_services_is_on",
|
||||
"defender_ensure_defender_for_azure_sql_databases_is_on",
|
||||
"defender_ensure_defender_for_sql_servers_is_on",
|
||||
"defender_ensure_defender_for_databases_is_on",
|
||||
"defender_ensure_defender_for_os_relational_databases_is_on",
|
||||
"defender_ensure_defender_for_keyvault_is_on",
|
||||
"defender_ensure_defender_for_arm_is_on",
|
||||
"defender_ensure_defender_for_dns_is_on",
|
||||
"defender_ensure_defender_for_cosmosdb_is_on",
|
||||
"defender_ensure_mcas_is_enabled",
|
||||
"defender_ensure_wdatp_is_enabled",
|
||||
"defender_auto_provisioning_log_analytics_agent_vms_on",
|
||||
"policy_ensure_asc_enforcement_enabled"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -167,6 +201,22 @@
|
||||
"cloudfront_distributions_using_deprecated_ssl_protocols",
|
||||
"cloudfront_distributions_https_enabled",
|
||||
"rds_instance_transport_encrypted"
|
||||
],
|
||||
"azure": [
|
||||
"storage_ensure_minimum_tls_version_12",
|
||||
"storage_secure_transfer_required_is_enabled",
|
||||
"storage_smb_channel_encryption_with_secure_algorithm",
|
||||
"storage_smb_protocol_version_is_latest",
|
||||
"app_minimum_tls_version_12",
|
||||
"app_ensure_http_is_redirected_to_https",
|
||||
"app_ensure_using_http20",
|
||||
"sqlserver_recommended_minimal_tls_version",
|
||||
"mysql_flexible_server_minimum_tls_version_12",
|
||||
"mysql_flexible_server_ssl_connection_enabled",
|
||||
"postgresql_flexible_server_enforce_ssl_enabled",
|
||||
"keyvault_key_rotation_enabled",
|
||||
"storage_key_rotation_90_days",
|
||||
"aks_network_policy_enabled"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -189,6 +239,12 @@
|
||||
"ec2_elastic_ip_unassigned",
|
||||
"ec2_networkacl_unused",
|
||||
"secretsmanager_secret_unused"
|
||||
],
|
||||
"azure": [
|
||||
"defender_auto_provisioning_vulnerabilty_assessments_machines_on",
|
||||
"network_watcher_enabled",
|
||||
"network_public_ip_shodan",
|
||||
"vm_scaleset_not_empty"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -236,6 +292,43 @@
|
||||
"ec2_instance_account_imdsv2_enabled",
|
||||
"efs_encryption_at_rest_enabled",
|
||||
"awslambda_function_not_publicly_accessible"
|
||||
],
|
||||
"azure": [
|
||||
"storage_account_public_network_access_disabled",
|
||||
"storage_blob_public_access_level_is_disabled",
|
||||
"storage_default_network_access_rule_is_denied",
|
||||
"storage_ensure_private_endpoints_in_storage_accounts",
|
||||
"storage_ensure_encryption_with_customer_managed_keys",
|
||||
"storage_infrastructure_encryption_is_enabled",
|
||||
"storage_account_key_access_disabled",
|
||||
"storage_default_to_entra_authorization_enabled",
|
||||
"containerregistry_not_publicly_accessible",
|
||||
"containerregistry_uses_private_link",
|
||||
"cosmosdb_account_use_private_endpoints",
|
||||
"cosmosdb_account_firewall_use_selected_networks",
|
||||
"keyvault_private_endpoints",
|
||||
"keyvault_access_only_through_private_endpoints",
|
||||
"keyvault_rbac_enabled",
|
||||
"app_function_not_publicly_accessible",
|
||||
"aisearch_service_not_publicly_accessible",
|
||||
"aks_clusters_public_access_disabled",
|
||||
"aks_clusters_created_with_private_nodes",
|
||||
"sqlserver_unrestricted_inbound_access",
|
||||
"postgresql_flexible_server_allow_access_services_disabled",
|
||||
"vm_ensure_attached_disks_encrypted_with_cmk",
|
||||
"vm_ensure_unattached_disks_encrypted_with_cmk",
|
||||
"vm_ensure_using_managed_disks",
|
||||
"vm_trusted_launch_enabled",
|
||||
"vm_linux_enforce_ssh_authentication",
|
||||
"vm_jit_access_enabled",
|
||||
"sqlserver_tde_encryption_enabled",
|
||||
"sqlserver_tde_encrypted_with_cmk",
|
||||
"databricks_workspace_cmk_encryption_enabled",
|
||||
"network_ssh_internet_access_restricted",
|
||||
"network_rdp_internet_access_restricted",
|
||||
"network_http_internet_access_restricted",
|
||||
"network_udp_internet_access_restricted",
|
||||
"network_bastion_host_exists"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -266,6 +359,22 @@
|
||||
"inspector2_is_enabled",
|
||||
"inspector2_active_findings_exist",
|
||||
"ec2_elastic_ip_shodan"
|
||||
],
|
||||
"azure": [
|
||||
"defender_ensure_defender_for_server_is_on",
|
||||
"defender_ensure_defender_for_containers_is_on",
|
||||
"defender_ensure_defender_for_storage_is_on",
|
||||
"defender_ensure_defender_for_keyvault_is_on",
|
||||
"defender_ensure_defender_for_arm_is_on",
|
||||
"defender_ensure_defender_for_dns_is_on",
|
||||
"defender_ensure_defender_for_azure_sql_databases_is_on",
|
||||
"defender_ensure_defender_for_sql_servers_is_on",
|
||||
"defender_ensure_wdatp_is_enabled",
|
||||
"defender_ensure_mcas_is_enabled",
|
||||
"defender_container_images_scan_enabled",
|
||||
"defender_container_images_resolved_vulnerabilities",
|
||||
"sqlserver_microsoft_defender_enabled",
|
||||
"apim_threat_detection_llm_jacking"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -288,6 +397,17 @@
|
||||
"backup_vaults_exist",
|
||||
"rds_instance_critical_event_subscription",
|
||||
"rds_cluster_critical_event_subscription"
|
||||
],
|
||||
"azure": [
|
||||
"monitor_alert_service_health_exists",
|
||||
"monitor_alert_create_update_security_solution",
|
||||
"monitor_alert_delete_security_solution",
|
||||
"defender_additional_email_configured_with_a_security_contact",
|
||||
"defender_ensure_notify_alerts_severity_is_high",
|
||||
"defender_ensure_notify_emails_to_owners",
|
||||
"defender_attack_path_notifications_properly_configured",
|
||||
"vm_backup_enabled",
|
||||
"vm_sufficient_daily_backup_retention_period"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -329,6 +449,16 @@
|
||||
"elbv2_is_in_multiple_az",
|
||||
"cloudfront_distributions_multiple_origin_failover_configured",
|
||||
"dynamodb_table_protected_by_backup_plan"
|
||||
],
|
||||
"azure": [
|
||||
"vm_backup_enabled",
|
||||
"vm_sufficient_daily_backup_retention_period",
|
||||
"vm_ensure_using_managed_disks",
|
||||
"storage_ensure_soft_delete_is_enabled",
|
||||
"storage_ensure_file_shares_soft_delete_is_enabled",
|
||||
"storage_blob_versioning_is_enabled",
|
||||
"storage_geo_redundant_enabled",
|
||||
"keyvault_recoverable"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -348,6 +478,16 @@
|
||||
"inspector2_active_findings_exist",
|
||||
"accessanalyzer_enabled_without_findings",
|
||||
"cloudtrail_insights_exist"
|
||||
],
|
||||
"azure": [
|
||||
"defender_auto_provisioning_vulnerabilty_assessments_machines_on",
|
||||
"defender_assessments_vm_endpoint_protection_installed",
|
||||
"defender_container_images_resolved_vulnerabilities",
|
||||
"defender_container_images_scan_enabled",
|
||||
"defender_ensure_system_updates_are_applied",
|
||||
"sqlserver_vulnerability_assessment_enabled",
|
||||
"sqlserver_va_periodic_recurring_scans_enabled",
|
||||
"sqlserver_va_scan_reports_configured"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -370,6 +510,13 @@
|
||||
"eventbridge_schema_registry_cross_account_access",
|
||||
"cloudwatch_alarm_actions_enabled",
|
||||
"cloudwatch_alarm_actions_alarm_state_configured"
|
||||
],
|
||||
"azure": [
|
||||
"defender_additional_email_configured_with_a_security_contact",
|
||||
"defender_ensure_notify_emails_to_owners",
|
||||
"defender_ensure_notify_alerts_severity_is_high",
|
||||
"defender_attack_path_notifications_properly_configured",
|
||||
"monitor_alert_service_health_exists"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -406,6 +553,26 @@
|
||||
"elbv2_logging_enabled",
|
||||
"cloudfront_distributions_logging_enabled",
|
||||
"s3_bucket_server_access_logging_enabled"
|
||||
],
|
||||
"azure": [
|
||||
"monitor_diagnostic_settings_exists",
|
||||
"monitor_diagnostic_setting_with_appropriate_categories",
|
||||
"monitor_storage_account_with_activity_logs_is_private",
|
||||
"monitor_storage_account_with_activity_logs_cmk_encrypted",
|
||||
"network_flow_log_captured_sent",
|
||||
"network_flow_log_more_than_90_days",
|
||||
"keyvault_logging_enabled",
|
||||
"sqlserver_auditing_enabled",
|
||||
"sqlserver_auditing_retention_90_days",
|
||||
"mysql_flexible_server_audit_log_enabled",
|
||||
"mysql_flexible_server_audit_log_connection_activated",
|
||||
"postgresql_flexible_server_log_checkpoints_on",
|
||||
"postgresql_flexible_server_log_connections_on",
|
||||
"postgresql_flexible_server_log_disconnections_on",
|
||||
"postgresql_flexible_server_log_retention_days_greater_3",
|
||||
"app_http_logs_enabled",
|
||||
"app_function_application_insights_enabled",
|
||||
"appinsights_ensure_is_configured"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -429,6 +596,15 @@
|
||||
"cloudtrail_threat_detection_enumeration",
|
||||
"cloudtrail_threat_detection_llm_jacking",
|
||||
"cloudtrail_threat_detection_privilege_escalation"
|
||||
],
|
||||
"azure": [
|
||||
"defender_ensure_notify_alerts_severity_is_high",
|
||||
"defender_attack_path_notifications_properly_configured",
|
||||
"defender_ensure_defender_for_server_is_on",
|
||||
"defender_ensure_wdatp_is_enabled",
|
||||
"defender_ensure_mcas_is_enabled",
|
||||
"sqlserver_microsoft_defender_enabled",
|
||||
"apim_threat_detection_llm_jacking"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -459,6 +635,20 @@
|
||||
"cloudwatch_changes_to_network_route_tables_alarm_configured",
|
||||
"cloudwatch_changes_to_vpcs_alarm_configured",
|
||||
"sns_subscription_not_using_http_endpoints"
|
||||
],
|
||||
"azure": [
|
||||
"monitor_alert_create_policy_assignment",
|
||||
"monitor_alert_delete_policy_assignment",
|
||||
"monitor_alert_create_update_nsg",
|
||||
"monitor_alert_delete_nsg",
|
||||
"monitor_alert_create_update_security_solution",
|
||||
"monitor_alert_delete_security_solution",
|
||||
"monitor_alert_create_update_sqlserver_fr",
|
||||
"monitor_alert_delete_sqlserver_fr",
|
||||
"monitor_alert_create_update_public_ip_address_rule",
|
||||
"monitor_alert_delete_public_ip_address_rule",
|
||||
"monitor_alert_service_health_exists",
|
||||
"defender_additional_email_configured_with_a_security_contact"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -479,6 +669,16 @@
|
||||
"ec2_instance_managed_by_ssm",
|
||||
"ec2_instance_with_outdated_ami",
|
||||
"ssm_managed_compliant_patching"
|
||||
],
|
||||
"azure": [
|
||||
"defender_auto_provisioning_vulnerabilty_assessments_machines_on",
|
||||
"defender_ensure_system_updates_are_applied",
|
||||
"defender_container_images_scan_enabled",
|
||||
"defender_assessments_vm_endpoint_protection_installed",
|
||||
"sqlserver_vulnerability_assessment_enabled",
|
||||
"sqlserver_va_periodic_recurring_scans_enabled",
|
||||
"vm_ensure_using_approved_images",
|
||||
"vm_desired_sku_size"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -506,6 +706,23 @@
|
||||
"rds_instance_certificate_expiration",
|
||||
"iam_no_expired_server_certificates_stored",
|
||||
"ssm_managed_compliant_patching"
|
||||
],
|
||||
"azure": [
|
||||
"defender_auto_provisioning_vulnerabilty_assessments_machines_on",
|
||||
"defender_container_images_resolved_vulnerabilities",
|
||||
"sqlserver_vulnerability_assessment_enabled",
|
||||
"sqlserver_va_periodic_recurring_scans_enabled",
|
||||
"sqlserver_va_scan_reports_configured",
|
||||
"sqlserver_va_emails_notifications_admins_enabled",
|
||||
"keyvault_key_expiration_set_in_non_rbac",
|
||||
"keyvault_rbac_key_expiration_set",
|
||||
"keyvault_non_rbac_secret_expiration_set",
|
||||
"keyvault_rbac_secret_expiration_set",
|
||||
"app_ensure_java_version_is_latest",
|
||||
"app_ensure_php_version_is_latest",
|
||||
"app_ensure_python_version_is_latest",
|
||||
"app_function_latest_runtime_version",
|
||||
"storage_smb_protocol_version_is_latest"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -537,6 +754,17 @@
|
||||
"vpc_endpoint_services_allowed_principals_trust_boundaries",
|
||||
"vpc_peering_routing_tables_with_least_privilege",
|
||||
"awslambda_function_using_cross_account_layers"
|
||||
],
|
||||
"azure": [
|
||||
"entra_policy_guest_users_access_restrictions",
|
||||
"entra_policy_guest_invite_only_for_admin_roles",
|
||||
"entra_policy_restricts_user_consent_for_apps",
|
||||
"entra_policy_user_consent_for_verified_apps",
|
||||
"storage_cross_tenant_replication_disabled",
|
||||
"containerregistry_uses_private_link",
|
||||
"cosmosdb_account_use_private_endpoints",
|
||||
"keyvault_access_only_through_private_endpoints",
|
||||
"aks_clusters_created_with_private_nodes"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -567,6 +795,15 @@
|
||||
"iam_administrator_access_with_mfa",
|
||||
"iam_policy_attached_only_to_group_or_roles",
|
||||
"accessanalyzer_enabled"
|
||||
],
|
||||
"azure": [
|
||||
"iam_subscription_roles_owner_custom_not_created",
|
||||
"iam_role_user_access_admin_restricted",
|
||||
"iam_custom_role_has_permissions_to_administer_resource_locks",
|
||||
"entra_global_admin_in_less_than_five_users",
|
||||
"app_function_identity_without_admin_privileges",
|
||||
"entra_policy_default_users_cannot_create_security_groups",
|
||||
"entra_policy_ensure_default_user_cannot_create_apps"
|
||||
]
|
||||
}
|
||||
},
|
||||
@@ -590,6 +827,14 @@
|
||||
"cloudtrail_threat_detection_llm_jacking",
|
||||
"cloudtrail_threat_detection_privilege_escalation",
|
||||
"accessanalyzer_enabled_without_findings"
|
||||
],
|
||||
"azure": [
|
||||
"defender_ensure_mcas_is_enabled",
|
||||
"defender_ensure_wdatp_is_enabled",
|
||||
"defender_ensure_defender_for_server_is_on",
|
||||
"defender_attack_path_notifications_properly_configured",
|
||||
"sqlserver_microsoft_defender_enabled",
|
||||
"apim_threat_detection_llm_jacking"
|
||||
]
|
||||
}
|
||||
}
|
||||
@@ -8,6 +8,7 @@ build/
|
||||
coverage/
|
||||
dist/
|
||||
esm/
|
||||
CHANGELOG.md
|
||||
|
||||
# Generated files
|
||||
next-env.d.ts
|
||||
|
||||
@@ -11,6 +11,7 @@ All notable changes to the **Prowler UI** are documented in this file.
|
||||
### 🐞 Fixed
|
||||
|
||||
- Radio button no longer shifts vertically when selected [(#11608)](https://github.com/prowler-cloud/prowler/pull/11608)
|
||||
- Handle rename DORA to DORA_2022_2554 to follow the naming <name>_<version> in compliance frameworks [(#11551)](https://github.com/prowler-cloud/prowler/pull/11551)
|
||||
|
||||
### 🔐 Security
|
||||
|
||||
|
||||
@@ -163,7 +163,7 @@ describe("ComplianceDownloadContainer", () => {
|
||||
compact
|
||||
presentation="dropdown"
|
||||
scanId="scan-1"
|
||||
complianceId="dora"
|
||||
complianceId="dora_2022_2554"
|
||||
/>,
|
||||
);
|
||||
|
||||
@@ -178,7 +178,7 @@ describe("ComplianceDownloadContainer", () => {
|
||||
|
||||
expect(downloadComplianceOcsfMock).toHaveBeenCalledWith(
|
||||
"scan-1",
|
||||
"dora",
|
||||
"dora_2022_2554",
|
||||
{},
|
||||
);
|
||||
});
|
||||
|
||||
@@ -69,8 +69,9 @@ const COMPLIANCE_LOGOS = [
|
||||
["c5", C5Logo],
|
||||
["ccc", CCCLogo],
|
||||
["csa", CSALogo],
|
||||
// DORA — universal framework (`prowler/compliance/dora.json`). The
|
||||
// compliance_id is just `dora`, no provider suffix.
|
||||
// DORA — universal framework (`prowler/compliance/dora_2022_2554.json`).
|
||||
// The compliance_id is `dora_2022_2554`; the `dora` keyword still matches
|
||||
// it via `includes`, with no provider suffix.
|
||||
["dora", DORALogo],
|
||||
["secnumcloud", ANSSILogo],
|
||||
["okta", OktaLogo],
|
||||
|
||||
@@ -2,10 +2,10 @@
|
||||
{
|
||||
"section": "dependencies",
|
||||
"name": "@ai-sdk/react",
|
||||
"from": "2.0.111",
|
||||
"to": "3.0.207",
|
||||
"from": "3.0.207",
|
||||
"to": "3.0.205",
|
||||
"strategy": "installed",
|
||||
"generatedAt": "2026-06-15T07:44:51.977Z"
|
||||
"generatedAt": "2026-06-17T11:28:12.866Z"
|
||||
},
|
||||
{
|
||||
"section": "dependencies",
|
||||
@@ -362,10 +362,10 @@
|
||||
{
|
||||
"section": "dependencies",
|
||||
"name": "ai",
|
||||
"from": "5.0.109",
|
||||
"to": "6.0.205",
|
||||
"from": "6.0.205",
|
||||
"to": "6.0.203",
|
||||
"strategy": "installed",
|
||||
"generatedAt": "2026-06-15T07:44:51.977Z"
|
||||
"generatedAt": "2026-06-17T11:28:12.866Z"
|
||||
},
|
||||
{
|
||||
"section": "dependencies",
|
||||
|
||||
@@ -228,7 +228,7 @@ const getComplianceMappers = (): Record<string, ComplianceMapper> => ({
|
||||
createElement(OktaIDaaSStigCustomDetails, { requirement }),
|
||||
},
|
||||
// DORA (Regulation (EU) 2022/2554) — universal framework keyed by the
|
||||
// `framework` field of `prowler/compliance/dora.json` ("DORA"). Groups by
|
||||
// `framework` field of `prowler/compliance/dora_2022_2554.json` ("DORA"). Groups by
|
||||
// Pillar (5 enum values) and surfaces Pillar / Article / ArticleTitle in
|
||||
// the requirement detail drawer.
|
||||
DORA: {
|
||||
|
||||
@@ -37,7 +37,7 @@ describe("getReportTypeForFramework", () => {
|
||||
|
||||
describe("isOcsfSupported", () => {
|
||||
it("returns true for universal frameworks shipping an OCSF artifact", () => {
|
||||
expect(isOcsfSupported("dora")).toBe(true);
|
||||
expect(isOcsfSupported("dora_2022_2554")).toBe(true);
|
||||
expect(isOcsfSupported("csa_ccm_4.0")).toBe(true);
|
||||
});
|
||||
|
||||
|
||||
@@ -178,7 +178,7 @@ export const pickLatestCisPerProvider = (
|
||||
* ``isOcsfSupported``.
|
||||
*/
|
||||
const OCSF_SUPPORTED_COMPLIANCE_IDS: ReadonlySet<string> = new Set([
|
||||
"dora",
|
||||
"dora_2022_2554",
|
||||
"csa_ccm_4.0",
|
||||
]);
|
||||
|
||||
|
||||
@@ -373,7 +373,7 @@ export interface OktaIDaaSStigRequirement extends Requirement {
|
||||
// DORA (Digital Operational Resilience Act, Regulation (EU) 2022/2554).
|
||||
// Universal framework — flat attributes dict with Pillar/Article/ArticleTitle.
|
||||
// `Pillar` is the canonical grouping key for tables and PDF; the enum mirrors
|
||||
// the five DORA pillars declared in `prowler/compliance/dora.json`.
|
||||
// the five DORA pillars declared in `prowler/compliance/dora_2022_2554.json`.
|
||||
export const DORA_PILLAR = {
|
||||
ICT_RISK_MANAGEMENT: "ICT Risk Management",
|
||||
INCIDENT_REPORTING: "ICT-Related Incident Reporting",
|
||||
|
||||
Reference in New Issue
Block a user