ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-01-25 02:08:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,550 Commits 354 Branches 170 Tags
feat/prowler-708-defender-safe-attachments-policy-enabled
Commit Graph

7550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andoni A.
d2aa0e9814 docs(changelog): move entry to v5.18.0 unreleased section 
Move defender_safe_attachments_policy_enabled entry from v5.17.0
(already released) to v5.18.0 unreleased section.
 2026-01-23 14:40:29 +01:00
Andoni A.
0db917595f Merge remote-tracking branch 'origin/master' into feat/prowler-708-defender-safe-attachments-policy-enabled 2026-01-23 14:39:51 +01:00
Andoni A.
64b95985a8 feat(m365): map defender_safe_attachments_policy_enabled to CIS compliance 
Map the new defender_safe_attachments_policy_enabled check to:
- CIS 4.0 M365 requirement 2.1.4
- CIS 6.0 M365 requirement 2.1.4
 2026-01-23 14:22:19 +01:00
Rubén De la Torre Vico
31b53f091b chore(azure): enhance metadata for iam service (#9620) 
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
 2026-01-23 14:22:07 +01:00
Rubén De la Torre Vico
f7a16fff99 chore(azure): enhance metadata for databricks service (#9617) 
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
 2026-01-23 13:47:45 +01:00
Josema Camacho
cb5c9ea1c5 fix(attack-paths): improve findings ingestion cypher query (#9874) 2026-01-23 13:28:38 +01:00
Josema Camacho
cb367da97d fix(attack-paths): Start Neo4j at startup for API only (#9872) 
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
 2026-01-23 10:52:22 +01:00
Adrián Peña
be2a58dc82 refactor(api): lazy load providers and compliance (#9857) 2026-01-23 10:14:35 +01:00
Pepe Fagoaga
29133f2d7e fix(neo4j): lazy load driver (#9868) 
Co-authored-by: Josema Camacho <josema@prowler.com>
 2026-01-23 06:36:47 +01:00
Pepe Fagoaga
babf18ffea fix(attack-paths): Use Findings.all_objects to avoid the custom manager (#9869) 2026-01-23 06:17:57 +01:00
Rubén De la Torre Vico
b6a34d2220 chore(azure): enhance metadata for cosmosdb service (#9616) 
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
 2026-01-22 19:53:15 +01:00
Rubén De la Torre Vico
77dc79df32 chore(azure): enhance metadata for containerregistry service (#9615) 
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
 2026-01-22 19:28:31 +01:00
Pepe Fagoaga
91e3c01f51 fix(attack-paths): load findings in batches into Neo4j (#9862) 
Co-authored-by: Josema Camacho <josema@prowler.com>
 2026-01-22 18:17:50 +01:00
Andoni Alonso
6cb0edf3e1 feat(aws/codebuild): add check for CodeBreach webhook filter vulnerability (#9840) 
Co-authored-by: HugoPBrito <hugopbrit@gmail.com>
 2026-01-22 15:12:24 +01:00
Josema Camacho
7dfafb9337 fix(attack-paths): read findings using replica DB and add more logs (#9861) 2026-01-22 14:51:22 +01:00
Pepe Fagoaga
dce05295ef chore(skills): Improve Django and DRF skills (#9831) 
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com>
 2026-01-22 13:54:06 +01:00
Josema Camacho
03d4c19ed5 fix: remove None databases name for removing provider Neo4j databases (#9858) 2026-01-22 13:45:35 +01:00
lydiavilchez
963ece9a0b feat(gcp): add check to detect persistent disks on suspended VM instances (#9747) 
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
 2026-01-22 13:38:30 +01:00
Rubén De la Torre Vico
a32eff6946 chore(azure): enhance metadata for appinsights service (#9614) 
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
 2026-01-22 13:26:42 +01:00
Rubén De la Torre Vico
3bb326133a chore(azure): enhance metadata for app service (#9613) 
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
 2026-01-22 13:07:24 +01:00
Josema Camacho
799826758e fix: improve API startup process manage.py detection (#9856) 2026-01-22 12:34:18 +01:00
Prowler Bot
1208005a94 chore(api): Bump version to v1.19.0 (#9853) 
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
 2026-01-22 11:33:24 +01:00
Prowler Bot
ecdece9f1e chore(release): Bump version to v5.18.0 (#9850) 
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
 2026-01-22 11:32:56 +01:00
Prowler Bot
9c2c555628 docs: Update version to v5.17.0 (#9852) 
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
 2026-01-22 11:32:03 +01:00
Andoni A.
b8e83d0611 fix(m365): FAIL when no Safe Attachments policies exist 
When no Safe Attachments policies are found, the check now returns a
FAIL finding instead of no findings. This aligns with Maester/CIS
expectations that absence of required security features indicates
non-compliance.
 2026-01-21 16:11:35 +01:00
Hugo Pereira Brito
ca2f3ccc1c fix(skills): avoid sdk test __init__ file creation (#9845) 2026-01-21 15:31:57 +01:00
César Arroba
9ffa0043ab chore: add release version to changelogs (#9846) 2026-01-21 15:19:31 +01:00
lydiavilchez
e76ecfdd4d feat(gcp): add check for OS Login 2FA enabled at project level (#9839) 2026-01-21 15:12:01 +01:00
Pepe Fagoaga
f11f71bc42 chore(changelog): make all consistent and product-focused (#9808) 2026-01-21 13:36:36 +01:00
Alan Buscaglia
607cfd61ef perf(ui): optimize CI cache for pnpm and Next.js builds (#9843) 2026-01-21 13:18:31 +01:00
Josema Camacho
9c76dafaa4 chore(attack-paths): adding stability to Neo4j driver and session (#9842) 2026-01-21 12:44:31 +01:00
Andoni A.
ca904a0a33 fix(m365): remove unnecessary __init__.py from test folder 
Test folders should not contain __init__.py files. Only check
implementation folders require them for proper module loading.
 2026-01-21 11:39:44 +01:00
lydiavilchez
7b839d9f9e feat(gcp): add check to enforce On Host Maintenance set to MIGRATE (#9834) 2026-01-21 09:37:21 +01:00
Andoni A.
e2bd9e7b0c fix(m365): improve error handling for missing Defender ATP cmdlets 
When Microsoft Defender for Office 365 licensing is not available,
PowerShell cmdlets like Get-SafeAttachmentPolicy fail with "not
recognized as a name of a cmdlet" errors.

This change:
- Detects cmdlet not found errors in the PowerShell layer
- Logs a clear WARNING instead of ERROR with licensing guidance
- Allows execution to continue gracefully, skipping affected checks
 2026-01-20 15:56:55 +01:00
Pepe Fagoaga
f39a82fdf4 docs(security): restructure security page into dedicated sections (#9836) 2026-01-20 15:27:29 +01:00
Josema Camacho
d1a7eed5fa chore(security): update filelock dep to solve vulnerability 82754 (#9816) 2026-01-20 13:26:59 +01:00
César Arroba
5be4ec511f fix(api): handle Neo4j unavailability during app initialization (#9827) 
Co-authored-by: Josema Camacho <josema@prowler.com>
 2026-01-20 12:22:41 +01:00
dependabot[bot]
a0166aede7 build(deps): bump django-allauth from 65.11.0 to 65.13.0 in /api (#9575) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com>
 2026-01-20 11:54:21 +01:00
Andoni A.
4feff3f400 chore: fix black formatting 2026-01-20 11:12:42 +01:00
Andoni A.
8eb2e7caae feat(m365): add defender_safe_attachments_policy_enabled security check 
Add new security check defender_safe_attachments_policy_enabled for m365 provider.
Includes check implementation, metadata, and unit tests.
 2026-01-20 10:56:16 +01:00
Alan Buscaglia
1a2a2ea3cc fix(ui): make attack paths graph edges theme-aware (#9821) 2026-01-19 18:04:23 +01:00
Rubén De la Torre Vico
e61d1401b9 chore(azure): enhance metadata for apim service (#9612) 
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
 2026-01-19 17:42:09 +01:00
Rubén De la Torre Vico
a2789b7fc6 chore(azure): enhance metadata for aks service (#9611) 
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
 2026-01-19 17:25:10 +01:00
Rubén De la Torre Vico
34217492d0 chore(azure): enhance metadata for aisearch service (#9087) 
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
 2026-01-19 16:57:22 +01:00
dependabot[bot]
ed50ed1e6d build(deps): bump pyasn1 from 0.6.1 to 0.6.2 (#9817) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
 2026-01-19 16:55:04 +01:00
Pepe Fagoaga
186977f81c docs: new support page (#9824) 2026-01-19 15:55:27 +01:00
Pepe Fagoaga
c33f20ad72 chore: lint AWS IAM simulator (#9825) 2026-01-19 15:03:21 +01:00
dependabot[bot]
d0b0c66ef0 build(deps): bump pyasn1 from 0.6.1 to 0.6.2 in /api (#9818) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
 2026-01-19 15:03:08 +01:00
Pepe Fagoaga
e849959fd5 chore(changelog): run check for root dependency files (#9823) 2026-01-19 15:02:46 +01:00
bota4go
7c090a6a07 fix(aws): simulator code path (#9822) 
Co-authored-by: Your Name <you@example.com>
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
 2026-01-19 13:34:23 +01:00