Br1an
|
e3c4368d32
|
fix(azure): pass authority to credentials for sovereign clouds (#10284)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>
|
2026-05-29 15:17:41 +02:00 |
|
Johannes Engler
|
a2824f7166
|
feat(stackit): add new provider with 4 checks (#9237)
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>
|
2026-05-28 13:16:38 +02:00 |
|
lydiavilchez
|
c58dad2ca4
|
feat(googleworkspace): add rules service checks (#11379)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-05-28 11:17:33 +02:00 |
|
lydiavilchez
|
b4befe3a10
|
feat(googleworkspace): add security service checks (#11356)
Co-authored-by: pedrooot <pedromarting3@gmail.com>
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
|
2026-05-28 10:15:10 +02:00 |
|
Daniel Barranquero
|
2678c6bc9f
|
feat(okta): add application service with 6 new checks (#11358)
|
2026-05-27 11:16:18 +02:00 |
|
Pedro Martín
|
48c071297f
|
fix(sdk): align compliance CSV row emission with framework JSON (#11370)
|
2026-05-27 11:06:23 +02:00 |
|
Pedro Martín
|
723d161c63
|
fix(az-m365): asyncio.run() in Azure/M365 Celery worker event (#11360)
|
2026-05-26 11:26:39 +02:00 |
|
Aline Almeida
|
d560020592
|
fix(gcp): match enable-oslogin metadata case-insensitively (#11341)
Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>
|
2026-05-26 10:35:26 +02:00 |
|
Hugo Pereira Brito
|
4c59af93eb
|
fix(azure): require all SMB channel encryption algorithms to be secure (storage_smb_channel_encryption_with_secure_algorithm) (#11327)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-05-25 18:28:21 +02:00 |
|
Hugo Pereira Brito
|
6ca8e726f7
|
feat(azure): add storage_account_public_network_access_disabled and fix CIS storage mapping (#11334)
|
2026-05-25 18:17:41 +02:00 |
|
Kristofer Jussmann
|
6177fc6286
|
fix(oci): use home region for audit configuration API call (#10347)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
|
2026-05-21 16:09:29 +01:00 |
|
Sandiyo Christan
|
0fd952ae2b
|
chore(m365): use PowerShell best practices for quoting credential variables (#9997)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
|
2026-05-21 15:17:23 +01:00 |
|
lydiavilchez
|
74622dd576
|
feat(googleworkspace): add sites, additional_services and marketplace service checks (#11281)
|
2026-05-21 15:52:15 +02:00 |
|
Daniel Barranquero
|
349611d52d
|
feat(okta): 4 new signon service checks (#11224)
|
2026-05-21 12:48:06 +02:00 |
|
Simone
|
534dedb608
|
feat(sagemaker): add sagemaker_models_registry_in_use check (#11196)
Co-authored-by: cascioli <simdon2015?gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-05-20 13:59:18 +02:00 |
|
BMO
|
cff1704d7b
|
feat(ses): add check for DKIM signing enabled on SES identities (#10923)
Co-authored-by: Mohamed Solaiman <mohamedsolaiman@users.noreply.github.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
Co-authored-by: Daniel Barranquero <74871504+danibarranqueroo@users.noreply.github.com>
|
2026-05-20 13:33:03 +02:00 |
|
lydiavilchez
|
0ca444895f
|
feat(googleworkspace): add groups service checks (#11186)
|
2026-05-20 12:54:49 +02:00 |
|
Daniel Barranquero
|
6eebfcfe77
|
feat(api): add okta provider support (#11184)
|
2026-05-20 10:46:29 +02:00 |
|
Hugo Pereira Brito
|
40c1761840
|
fix(s3): only emit shadow-resource finding when bucket name matches a predictable pattern (#11220)
|
2026-05-19 15:46:05 +01:00 |
|
Pedro Martín
|
0ab0e8671d
|
fix(azure): skip system 'master' DB in sqlserver_tde_encrypted_with_cmk (#11233)
|
2026-05-19 16:34:33 +02:00 |
|
Hugo Pereira Brito
|
7a7c828fc7
|
feat(m365/entra): add entra_app_registration_client_secret_unused check (consolidates #11097 and #11212) (#11232)
Co-authored-by: shadyfox <git@twink.energy>
Co-authored-by: Oleksandr Yizchak Sanin <alexaaander.sanin@gmail.com>
|
2026-05-19 15:14:32 +01:00 |
|
s1ns3nz0
|
9dc4deccb6
|
feat(gcp): add cloudsql_instance_cmek_encryption_enabled check (#11023)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-05-19 15:52:16 +02:00 |
|
Pedro Martín
|
bfcbe0a9c4
|
feat(scaleway): add new provider (#11166)
|
2026-05-18 16:42:10 +02:00 |
|
Pedro Martín
|
5ca6e31f45
|
fix(vercel): exclude API token from serialization and repr (#11198)
|
2026-05-18 14:30:44 +02:00 |
|
lydiavilchez
|
9894ac7bc3
|
feat(googleworkspace): implement Chat service with 6 CIS checks (#11126)
|
2026-05-14 17:19:11 +02:00 |
|
lydiavilchez
|
bf4fd8fabd
|
fix(googleworkspace): use per-service resources for Directory (#11176)
|
2026-05-14 13:07:06 +02:00 |
|
lydiavilchez
|
5f92989492
|
fix(googleworkspace): use per-service resources for Calendar and Drive (#11161)
|
2026-05-14 12:43:29 +02:00 |
|
Hugo Pereira Brito
|
6befa78978
|
fix(cloudflare): plan-aware WAF FAIL hints for zones (#9896)
|
2026-05-14 12:27:47 +02:00 |
|
lydiavilchez
|
78af0c24fe
|
fix(googleworkspace): use per-service resources for Gmail (#11169)
|
2026-05-14 12:01:07 +02:00 |
|
June
|
1f39b01fb2
|
feat(sagemaker): add sagemaker_domain_sso_configured check (#11094)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-05-14 11:42:30 +02:00 |
|
Hugo Pereira Brito
|
739be07077
|
chore(aws): skip unattached IAM policies unless --scan-unused-services (#11150)
|
2026-05-14 08:10:20 +01:00 |
|
Daniel Barranquero
|
4dd5baadf6
|
feat(okta): add provider to the SDK with 1 security check (#11079)
|
2026-05-13 15:57:57 +02:00 |
|
abdou
|
7f3dcdf02f
|
fix(m365): surface AuditLog.Read.All permission errors instead of false positives (#10907)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
|
2026-05-12 18:22:19 +01:00 |
|
Hugo Pereira Brito
|
1b99550572
|
feat(m365): add entra_service_principal_no_secrets_for_permanent_tier0_roles security check (#10788)
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>
|
2026-05-12 10:45:32 +01:00 |
|
Hugo Pereira Brito
|
80482da1cb
|
refactor(m365): scope entra_emergency_access_exclusion to Block-grant policies (#10849)
|
2026-05-12 10:40:46 +01:00 |
|
Hugo Pereira Brito
|
1b0e12ec51
|
fix(m365): exclude disabled guest users from entra_users_mfa_capable (#11002)
|
2026-05-12 08:35:24 +01:00 |
|
Daniel Barranquero
|
759f7b84d6
|
feat(aws): add cloudtrail_bedrock_logging_enabled security check (#10858)
|
2026-05-11 17:11:49 +02:00 |
|
Hugo Pereira Brito
|
0b26c1a39c
|
feat(aws): add iam_user_access_not_stale_to_sagemaker security check (#11000)
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>
|
2026-05-11 16:34:18 +02:00 |
|
Daniel Barranquero
|
73c0305dc4
|
feat(aws): add bedrock_prompt_encrypted_with_cmk security check (#10905)
|
2026-05-11 10:32:44 +02:00 |
|
lydiavilchez
|
962ebac8e4
|
feat(googleworkspace): add Gmail consequence-based checks for attachment safety and spoofing (#10980)
|
2026-05-07 16:50:36 +02:00 |
|
Hugo Pereira Brito
|
2c5d47a8cd
|
chore: route vulnerability references to canonical URLs (#10853)
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>
|
2026-05-07 15:28:50 +01:00 |
|
Ivan Necheporenko
|
bcaa6ac488
|
fix(sdk): scan every Azure subscription when display names collide (#10718)
Co-authored-by: Rubén De la Torre Vico <ruben@prowler.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-05-07 13:59:38 +02:00 |
|
Pedro Martín
|
e585ae45bd
|
feat(aws): rename Essential Eight to ASD Essential Eight (#11054)
Co-authored-by: César Arroba <cesar@prowler.com>
|
2026-05-06 13:11:29 +02:00 |
|
rchotacode
|
19b602c381
|
fix(oci): scan identity in known valid region (#10529)
Co-authored-by: Ronan Chota <ronan.chota@saic.com>
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
|
2026-05-06 11:19:19 +01:00 |
|
Pepe Fagoaga
|
7c6d658154
|
fix(k8s): match RBAC rules by apiGroup, not just core (#10969)
Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>
|
2026-05-04 19:54:03 +02:00 |
|
Pepe Fagoaga
|
21d7d08b4b
|
fix(timeline): Return a compact actor name from CloudTrail events (#10986)
|
2026-05-04 19:39:17 +02:00 |
|
Daniel Barranquero
|
921f49a0de
|
feat(aws): add bedrock_prompt_management_exists security check (#10878)
|
2026-05-04 12:38:15 +02:00 |
|
Daniel Barranquero
|
86449fb99d
|
chore(vercel): add disclaimer for checks depending on billing plan (#10663)
|
2026-05-04 08:56:50 +02:00 |
|
Andoni Alonso
|
40dd0e640b
|
fix(sdk): strip http(s):// scheme from image registry URLs (#10950)
|
2026-05-04 08:37:46 +02:00 |
|
Danny Lyubenov
|
c802dc8a36
|
feat(codebuild): use batched API calls to prevent throttling and false positives (#10639)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
|
2026-04-30 17:19:21 +02:00 |
|