docs: review and fix documentation coverage for provider CLI flags (#10040)

docs/user-guide/providers/alibabacloud/authentication.mdx

@@ -16,23 +16,33 @@ Prowler requires Alibaba Cloud credentials to perform security checks. Authentic
 
 ### Credentials URI (Recommended for Centralized Services)
 
-If `--credentials-uri` is provided (or `ALIBABA_CLOUD_CREDENTIALS_URI` environment variable), Prowler will retrieve credentials from the specified external URI endpoint. The URI must return credentials in the standard JSON format.
+Prowler can retrieve credentials from an external URI endpoint. Provide the URI via the `--credentials-uri` flag or the `ALIBABA_CLOUD_CREDENTIALS_URI` environment variable. The URI must return credentials in the standard JSON format.
 
 ```bash
+# Using CLI flag
+prowler alibabacloud --credentials-uri http://localhost:8080/credentials
+
+# Or using environment variable
 export ALIBABA_CLOUD_CREDENTIALS_URI="http://localhost:8080/credentials"
 prowler alibabacloud
 ```
 
 ### OIDC Role Authentication (Recommended for ACK/Kubernetes)
 
-If OIDC environment variables are set, Prowler will use OIDC authentication to assume the specified role. This is the most secure method for containerized applications running in ACK (Alibaba Container Service for Kubernetes) with RRSA enabled.
+OIDC authentication assumes the specified role using an OIDC token. This is the most secure method for containerized applications running in ACK (Alibaba Container Service for Kubernetes) with RRSA enabled.
+
+The role ARN can be provided via the `--oidc-role-arn` flag or the `ALIBABA_CLOUD_ROLE_ARN` environment variable. The OIDC provider ARN and token file must be set via environment variables:
 
-Required environment variables:
-- `ALIBABA_CLOUD_ROLE_ARN`
 - `ALIBABA_CLOUD_OIDC_PROVIDER_ARN`
 - `ALIBABA_CLOUD_OIDC_TOKEN_FILE`
 
 ```bash
+# Using CLI flag for role ARN
+export ALIBABA_CLOUD_OIDC_PROVIDER_ARN="acs:ram::123456789012:oidc-provider/ack-rrsa-provider"
+export ALIBABA_CLOUD_OIDC_TOKEN_FILE="/var/run/secrets/tokens/oidc-token"
+prowler alibabacloud --oidc-role-arn acs:ram::123456789012:role/YourRole
+
+# Or using all environment variables
 export ALIBABA_CLOUD_ROLE_ARN="acs:ram::123456789012:role/YourRole"
 export ALIBABA_CLOUD_OIDC_PROVIDER_ARN="acs:ram::123456789012:oidc-provider/ack-rrsa-provider"
 export ALIBABA_CLOUD_OIDC_TOKEN_FILE="/var/run/secrets/tokens/oidc-token"
@@ -54,9 +64,17 @@ prowler alibabacloud
 
 ### RAM Role Assumption (Recommended for Cross-Account)
 
-For cross-account access, use RAM role assumption. You must provide the initial credentials (access keys) and the target role ARN.
+For cross-account access, use RAM role assumption. Provide the initial credentials (access keys) via environment variables and the target role ARN via the `--role-arn` flag or the `ALIBABA_CLOUD_ROLE_ARN` environment variable.
+
+The `--role-session-name` flag customizes the session identifier (defaults to `ProwlerAssessmentSession`).
 
 ```bash
+# Using CLI flags
+export ALIBABA_CLOUD_ACCESS_KEY_ID="your-access-key-id"
+export ALIBABA_CLOUD_ACCESS_KEY_SECRET="your-access-key-secret"
+prowler alibabacloud --role-arn acs:ram::123456789012:role/ProwlerAuditRole --role-session-name MyAuditSession
+
+# Or using all environment variables
 export ALIBABA_CLOUD_ACCESS_KEY_ID="your-access-key-id"
 export ALIBABA_CLOUD_ACCESS_KEY_SECRET="your-access-key-secret"
 export ALIBABA_CLOUD_ROLE_ARN="acs:ram::123456789012:role/ProwlerAuditRole"

docs/user-guide/providers/alibabacloud/getting-started-alibabacloud.mdx

@@ -117,6 +117,12 @@ prowler alibabacloud
 #### RAM Role Assumption
 
 ```bash
+# Using --role-arn CLI flag
+export ALIBABA_CLOUD_ACCESS_KEY_ID="your-access-key-id"
+export ALIBABA_CLOUD_ACCESS_KEY_SECRET="your-access-key-secret"
+prowler alibabacloud --role-arn acs:ram::123456789012:role/ProwlerAuditRole
+
+# Or using environment variables
 export ALIBABA_CLOUD_ACCESS_KEY_ID="your-access-key-id"
 export ALIBABA_CLOUD_ACCESS_KEY_SECRET="your-access-key-secret"
 export ALIBABA_CLOUD_ROLE_ARN="acs:ram::123456789012:role/ProwlerAuditRole"

docs/user-guide/providers/gcp/getting-started-gcp.mdx

@@ -135,3 +135,16 @@ prowler gcp --impersonate-service-account <service-account-email>
 ```
 
 More details on authentication methods in the [Authentication](/user-guide/providers/gcp/authentication) page.
+
+### Skip API Check
+
+By default, Prowler verifies which Google Cloud APIs are enabled before running checks for each service. To skip this verification and assume all APIs are active, use the `--skip-api-check` flag:
+
+```console
+prowler gcp --skip-api-check
+```
+
+<Note>
+This is useful when the authenticated principal lacks the `serviceusage.services.list` permission but has access to individual service APIs.
+
+</Note>

docs/user-guide/providers/iac/getting-started-iac.mdx

@@ -135,7 +135,7 @@ prowler iac --scan-path ./my-iac-directory --scanners vuln misconfig
 #### Exclude Paths
 
 ```sh
-prowler iac --scan-path ./my-iac-directory --exclude-path ./my-iac-directory/test,./my-iac-directory/examples
+prowler iac --scan-path ./my-iac-directory --exclude-path ./my-iac-directory/test ./my-iac-directory/examples
 ```
 
 ### Output

docs/user-guide/providers/microsoft365/getting-started-m365.mdx

@@ -127,4 +127,18 @@ Include PowerShell module initialization to run every check:
 prowler m365 --sp-env-auth --init-modules
 ```
 
+### Region Selection
+
+By default, Prowler connects to the global Microsoft 365 environment (`M365Global`). To target a different cloud environment, use the `--region` flag:
+
+```console
+prowler m365 --sp-env-auth --region M365USGovernment
+```
+
+Available regions:
+
+* **M365Global** (default): Standard commercial cloud
+* **M365China**: China-operated cloud (21Vianet)
+* **M365USGovernment**: US Government cloud (GCC High)
+
 ---