Erich Blume
|
a2a1a73749
|
fix(image): --registry-list crashes with AttributeError on global_provider (#10691)
Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>
|
2026-04-16 13:02:25 +02:00 |
|
lydiavilchez
|
08fbe17e29
|
fix(googleworkspace): treat secure Google defaults as PASS for Drive checks (#10727)
|
2026-04-16 13:01:55 +02:00 |
|
lydiavilchez
|
d920f78059
|
fix(googleworkspace): treat secure Google defaults as PASS for Calendar checks (#10726)
|
2026-04-16 12:51:40 +02:00 |
|
Daniel Barranquero
|
43913b1592
|
feat(aws): support excluding regions from scans via CLI, env var, and config (#10688)
|
2026-04-15 17:59:46 +02:00 |
|
Daniel Barranquero
|
c3acb818d9
|
fix(vercel): handle team-scoped firewall config responses (#10695)
|
2026-04-15 11:59:20 +02:00 |
|
Hugo Pereira Brito
|
a82eaa885d
|
refactor(m365): normalize CA platforms at model level (#10635)
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>
|
2026-04-14 15:00:23 +02:00 |
|
Hugo Pereira Brito
|
90a619a8b4
|
feat(m365): add entra_conditional_access_policy_block_unknown_device_platforms security check (#10615)
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>
|
2026-04-14 14:32:37 +02:00 |
|
Hugo Pereira Brito
|
638bf62d76
|
feat(entra): directory sync account exclusion (#10620)
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>
|
2026-04-14 14:16:32 +02:00 |
|
Hugo Pereira Brito
|
5610f5ad90
|
feat(m365): add entra_conditional_access_policy_corporate_device_sign_in_frequency_enforced security check (#10618)
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>
|
2026-04-14 14:10:00 +02:00 |
|
Hugo Pereira Brito
|
92b838866a
|
feat(m365): add entra_conditional_access_policy_mfa_enforced_for_guest_users security check (#10616)
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>
|
2026-04-14 13:45:12 +02:00 |
|
Hugo Pereira Brito
|
e24e1ab771
|
feat(m365): add exchange_organization_delicensing_resiliency_enabled security check (#10608)
|
2026-04-14 13:30:45 +02:00 |
|
Hugo Pereira Brito
|
bc3fd79457
|
feat(intune): add device compliance policy marks noncompliant check (#10599)
|
2026-04-14 13:01:47 +02:00 |
|
Hugo Pereira Brito
|
4941ed5797
|
feat(entra): add new check entra_conditional_access_policy_all_apps_all_users (#10619)
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>
|
2026-04-14 12:47:57 +02:00 |
|
Daniel Barranquero
|
0f4d8ff891
|
feat(aws): add bedrock_vpc_endpoints_configured security check (#10591)
|
2026-04-14 12:22:22 +02:00 |
|
Daniel Barranquero
|
d1ab8b8ae5
|
feat(aws): add iam_policy_no_wildcard_marketplace_subscribe and iam_inline_policy_no_wildcard_marketplace_subscribe checks (#10525)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
|
2026-04-14 12:08:40 +02:00 |
|
Daniel Barranquero
|
65e9593b41
|
feat(aws): add bedrock_access_not_stale security check (#10536)
|
2026-04-14 11:20:40 +02:00 |
|
Daniel Barranquero
|
131112398b
|
feat(aws): add bedrock_full_access_policy_attached security check (#10577)
|
2026-04-14 11:00:40 +02:00 |
|
lydiavilchez
|
e33825747f
|
fix(googleworkspace): apply customer-level policy filter to Calendar service (#10658)
|
2026-04-13 11:26:35 +02:00 |
|
lydiavilchez
|
d919d979dd
|
feat(googleworkspace): add Drive and Docs service checks using Cloud Identity Policy API (#10648)
|
2026-04-13 10:48:24 +02:00 |
|
Alejandro Bailo
|
4e508b69c9
|
fix(vercel): use canonical Hub URLs in check metadata (#10636)
|
2026-04-09 16:23:50 +02:00 |
|
Avula Jeevan Yadav
|
b898f257f1
|
feat(stepfunctions): add check for secrets in state machine definition (#10570)
Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>
|
2026-04-09 15:56:29 +02:00 |
|
Pedro Martín
|
56c370d3a4
|
chore(ccc): update with latest version and improve mapping (#10625)
|
2026-04-09 15:27:18 +02:00 |
|
lydiavilchez
|
bc38104903
|
feat(googleworkspace): add calendar service checks using Cloud Identity Policy API (#10597)
|
2026-04-08 13:26:56 +02:00 |
|
Andoni Alonso
|
9290d7e105
|
feat(sdk): warn when sensitive CLI flags receive explicit values (#10532)
|
2026-04-08 13:15:05 +02:00 |
|
lydiavilchez
|
72e8f09c07
|
feat(googleworkspace): add directory check for CIS 1.1.3 - super admin only admin roles (#10488)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-04-08 12:05:15 +02:00 |
|
Kay Agahd
|
89fe867944
|
fix(aws): recognize service-specific condition keys as restrictive in is_policy_public (#10600)
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
|
2026-04-08 10:55:55 +02:00 |
|
Pepe Fagoaga
|
2be2753c55
|
fix(codeartifact): only retrieve the latest version from a package (#10243)
Co-authored-by: Andoni Alonso <14891798+andoniaf@users.noreply.github.com>
|
2026-04-08 09:21:19 +02:00 |
|
Josema Camacho
|
283259f34c
|
fix(sdk): resolve empty-set bug in _enabled_regions causing 36-region client creation and CI timeouts (#10598)
|
2026-04-08 08:40:58 +02:00 |
|
rchotacode
|
5e1e4bd8e4
|
fix(oci): Mutelist support (#10566)
Co-authored-by: Ronan Chota <ronan.chota@saic.com>
Co-authored-by: Hugo P.Brito <hugopbrito@users.noreply.github.com>
|
2026-04-07 13:23:51 +01:00 |
|
Kay Agahd
|
8985280621
|
fix(azure): create distinct report per key/secret in keyvault checks (#10332)
Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
|
2026-04-07 09:36:48 +01:00 |
|
kaiisfree
|
c99ed991b7
|
fix: show all checks including threat-detection in --list-checks (#10578)
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: kaiisfree <kai@users.noreply.github.com>
Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>
|
2026-04-06 16:55:15 +01:00 |
|
Adrián Peña
|
ab8e83da3f
|
fix(api,ui): dynamically fetch Jira issue types instead of hardcoding "Task" (#10534)
Co-authored-by: alejandrobailo <alejandrobailo94@gmail.com>
|
2026-04-01 14:37:49 +02:00 |
|
Alejandro Bailo
|
4f86667433
|
feat(sdk): add Vercel provider with 30 security checks (#10189)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>
|
2026-03-31 16:21:22 +02:00 |
|
Andoni Alonso
|
4bb1e5cff7
|
fix(sdk): redact sensitive CLI flags in HTML output (#10518)
|
2026-03-31 15:01:09 +02:00 |
|
Hugo Pereira Brito
|
ab00c2dce1
|
feat(m365): add entra_conditional_access_policy_block_elevated_insider_risk security check (#10234)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-03-30 17:27:00 +02:00 |
|
Erich Blume
|
de5bb94ff6
|
fix(image): pass registry arguments through init_global_provider (#10470)
Co-authored-by: Andoni Alonso <14891798+andoniaf@users.noreply.github.com>
|
2026-03-30 15:19:01 +02:00 |
|
Hugo Pereira Brito
|
3b875484b0
|
feat(m365): add device registration MFA and harden Intune enrollment CA check (#10222)
Co-authored-by: Hugo Brito <hugopbrito@users.noreply.github.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-03-30 13:36:05 +02:00 |
|
Hugo Pereira Brito
|
7148086410
|
feat(m365): add entra_conditional_access_policy_block_o365_elevated_insider_risk security check (#10232)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-03-30 11:49:29 +02:00 |
|
Hugo Pereira Brito
|
269d9dfe41
|
feat(cli): add --resource-group flag to filter checks by resource group (#10479)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-03-27 11:55:28 +01:00 |
|
Raajhesh Kannaa Chidambaram
|
041f95b3df
|
feat(ec2): add check for SG ingress from public IPs to any port (#10335)
Co-authored-by: Raajhesh Kannaa Chidambaram <495042+raajheshkannaa@users.noreply.github.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-03-26 17:21:16 +01:00 |
|
Hugo Pereira Brito
|
c651f60e3a
|
feat(m365): add entra_conditional_access_policy_mdm_compliant_device_required check (#10220)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-03-26 11:36:30 +01:00 |
|
Sandiyo Christan
|
834d1bca49
|
feat(awslambda): enrich Function model with inventory fields and add 3 security checks (#10381)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-03-26 10:33:39 +01:00 |
|
Pepe Fagoaga
|
571141f57c
|
fix(aws): set partition's region for global services (#10458)
|
2026-03-25 15:47:51 +01:00 |
|
Raajhesh Kannaa Chidambaram
|
6100932c60
|
feat(glue): add check for plaintext secrets in ETL job arguments (#10368)
Co-authored-by: Raajhesh Kannaa Chidambaram <495042+raajheshkannaa@users.noreply.github.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-03-25 12:25:36 +01:00 |
|
McRolly NWANGWU
|
833f3779ef
|
feat(cloudfront): detect Standard Logging v2 via CloudWatch Log Delivery (#10090)
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
|
2026-03-25 10:09:21 +00:00 |
|
Daniel Barranquero
|
c752811666
|
fix(oci): false positive for kms key rotation check (#10450)
|
2026-03-25 11:09:02 +01:00 |
|
Daniel Barranquero
|
4d1f7626f9
|
fix(oci): false positive for password policies (#10453)
|
2026-03-25 10:52:31 +01:00 |
|
Hugo Pereira Brito
|
435624fcd4
|
fix(sdk): support renamed OCI IdP mapping events (#10416)
|
2026-03-24 13:18:16 +00:00 |
|
Felix Dreissig
|
9e67f31913
|
feat(gcp): Add checks for GCP Gemini (Generative Language) API (#10280)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-03-24 14:11:27 +01:00 |
|
Hugo Pereira Brito
|
114e86c0dc
|
fix(sdk): ignore disabled users in Entra MFA check (#10426)
|
2026-03-23 15:21:31 +00:00 |
|