1483 Commits

Author	SHA1	Message	Date
Pepe Fagoaga	7c6d658154	fix(k8s): match RBAC rules by apiGroup, not just core (#10969) ... Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>	2026-05-04 19:54:03 +02:00
Pepe Fagoaga	21d7d08b4b	fix(timeline): Return a compact actor name from CloudTrail events (#10986)	2026-05-04 19:39:17 +02:00
Daniel Barranquero	921f49a0de	feat(aws): add bedrock_prompt_management_exists security check (#10878)	2026-05-04 12:38:15 +02:00
Daniel Barranquero	86449fb99d	chore(vercel): add disclaimer for checks depending on billing plan (#10663)	2026-05-04 08:56:50 +02:00
Andoni Alonso	40dd0e640b	fix(sdk): strip http(s):// scheme from image registry URLs (#10950)	2026-05-04 08:37:46 +02:00
Danny Lyubenov	c802dc8a36	feat(codebuild): use batched API calls to prevent throttling and false positives (#10639) ... Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>	2026-04-30 17:19:21 +02:00
Pepe Fagoaga	36b8aa1b79	fix(boto3): pass config to clients (#10944)	2026-04-30 14:11:29 +02:00
Boon	228fe6d579	feat: add ASD Essential Eight compliance framework for AWS (#10808) ... Co-authored-by: Boon <boon@security8.work> Co-authored-by: pedrooot <pedromarting3@gmail.com>	2026-04-30 13:49:08 +02:00
Pedro Martín	578186aa40	feat(sdk): integrate universal compliance into CLI pipeline (#10301)	2026-04-30 13:49:00 +02:00
Andoni Alonso	4608e45c8a	fix(image): block parser-mismatch SSRF in registry auth (#10945)	2026-04-30 12:56:35 +02:00
Josema Camacho	9297453b8a	fix(sdk): add autouse mock_aws fixture and leak detector to prevent AWS test leaks (#10605)	2026-04-29 17:49:40 +02:00
Andoni Alonso	7076900fb1	fix(kubernetes): use cluster name as provider_uid in OCSF output (#10483) ... Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2026-04-29 13:45:49 +02:00
Hugo Pereira Brito	380b89cfb6	fix(sdk): cover CNAME → dangling S3 in route53 takeover check (#10920)	2026-04-29 11:14:33 +01:00
Davlet Dzhakishev	1de01bcb78	fix(azure): tighten flow log workspace checks (#10645) ... Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>	2026-04-28 16:57:04 +02:00
Daniel Barranquero	8b368e1343	feat(aws): add bedrock_guardrails_configured security check (#10844)	2026-04-28 14:16:19 +02:00
Hugo Pereira Brito	e252058af4	fix(m365): exclude guest users from entra_users_mfa_capable (#10785)	2026-04-28 08:58:16 +01:00
Pepe Fagoaga	7df2703db1	fix(aws): get organization's metadata with assumed role (#10894)	2026-04-27 22:15:11 +01:00
Kay Agahd	67234210ba	feat(aws): add check secretsmanager_has_restrictive_resource_policy (#6985)	2026-04-27 21:49:34 +01:00
Hugo Pereira Brito	3441ad7f70	fix(sdk): align googleworkspace finding resources (#10901)	2026-04-27 15:17:29 +01:00
lydiavilchez	013809919c	feat(googleworkspace): add Gmail service with first batch of checks (#10683)	2026-04-27 13:49:07 +02:00
Daniel Barranquero	368d9c1519	fix(admincenter): restrict admincenter group visibility check to Unified groups (#10899)	2026-04-27 13:23:03 +02:00
Andoni Alonso	b668770480	feat(github): add zizmor GitHub Actions scanning as a service of the GitHub provider (#10607)	2026-04-27 08:55:07 +02:00
Pedro Martín	d4ece2b43e	feat(sdk): add multi-provider compliance framework JSONs (#10300) ... Co-authored-by: Alan Buscaglia <gentlemanprogramming@gmail.com>	2026-04-24 13:27:31 +02:00
Daniel Barranquero	80d62f355f	fix(alibabacloud): fix CS service SDK compatibility and harden Alibaba provider (#10871)	2026-04-24 09:26:09 +02:00
Mathisdjango	927be17fb7	feat(github): add check for dismissing stale PR approvals on default branch (CIS 1.1.4) (#10569) ... Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>	2026-04-22 16:14:10 +02:00
Andoni Alonso	43bd1083e0	feat(sdk): add SARIF output format for IaC provider (#10626) ... Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2026-04-22 09:32:20 +02:00
Pedro Martín	a24869fc26	feat(sdk): add universal compliance output modules (CSV, OCSF, table) (#10299)	2026-04-22 09:01:45 +02:00
Pepe Fagoaga	f2c5d2ec87	fix(aws): fallback lookup events to resource name (#10828)	2026-04-21 18:31:50 +02:00
Raajhesh Kannaa Chidambaram	39911e3ab7	feat(github): add --repo-list-file flag for GitHub scanning (#10501) ... Co-authored-by: Raajhesh Kannaa Chidambaram <495042+raajheshkannaa@users.noreply.github.com> Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>	2026-04-21 15:31:34 +02:00
Pedro Martín	ac6dd03fb8	feat(sdk): add universal compliance schema models and loaders (#10298)	2026-04-21 11:39:04 +02:00
Andoni Alonso	19c752c127	fix(cloudflare): guard validate_credentials against paginator infinite loops (#10771)	2026-04-17 11:23:31 +02:00
Erich Blume	a2a1a73749	fix(image): --registry-list crashes with AttributeError on global_provider (#10691) ... Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>	2026-04-16 13:02:25 +02:00
lydiavilchez	08fbe17e29	fix(googleworkspace): treat secure Google defaults as PASS for Drive checks (#10727)	2026-04-16 13:01:55 +02:00
lydiavilchez	d920f78059	fix(googleworkspace): treat secure Google defaults as PASS for Calendar checks (#10726)	2026-04-16 12:51:40 +02:00
Daniel Barranquero	43913b1592	feat(aws): support excluding regions from scans via CLI, env var, and config (#10688)	2026-04-15 17:59:46 +02:00
Daniel Barranquero	c3acb818d9	fix(vercel): handle team-scoped firewall config responses (#10695)	2026-04-15 11:59:20 +02:00
Hugo Pereira Brito	a82eaa885d	refactor(m365): normalize CA platforms at model level (#10635) ... Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>	2026-04-14 15:00:23 +02:00
Hugo Pereira Brito	90a619a8b4	feat(m365): add entra_conditional_access_policy_block_unknown_device_platforms security check (#10615) ... Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>	2026-04-14 14:32:37 +02:00
Hugo Pereira Brito	638bf62d76	feat(entra): directory sync account exclusion (#10620) ... Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>	2026-04-14 14:16:32 +02:00
Hugo Pereira Brito	5610f5ad90	feat(m365): add entra_conditional_access_policy_corporate_device_sign_in_frequency_enforced security check (#10618) ... Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>	2026-04-14 14:10:00 +02:00
Hugo Pereira Brito	92b838866a	feat(m365): add entra_conditional_access_policy_mfa_enforced_for_guest_users security check (#10616) ... Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>	2026-04-14 13:45:12 +02:00
Hugo Pereira Brito	e24e1ab771	feat(m365): add exchange_organization_delicensing_resiliency_enabled security check (#10608)	2026-04-14 13:30:45 +02:00
Hugo Pereira Brito	bc3fd79457	feat(intune): add device compliance policy marks noncompliant check (#10599)	2026-04-14 13:01:47 +02:00
Hugo Pereira Brito	4941ed5797	feat(entra): add new check entra_conditional_access_policy_all_apps_all_users (#10619) ... Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home>	2026-04-14 12:47:57 +02:00
Daniel Barranquero	0f4d8ff891	feat(aws): add bedrock_vpc_endpoints_configured security check (#10591)	2026-04-14 12:22:22 +02:00
Daniel Barranquero	d1ab8b8ae5	feat(aws): add iam_policy_no_wildcard_marketplace_subscribe and iam_inline_policy_no_wildcard_marketplace_subscribe checks (#10525) ... Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>	2026-04-14 12:08:40 +02:00
Daniel Barranquero	65e9593b41	feat(aws): add bedrock_access_not_stale security check (#10536)	2026-04-14 11:20:40 +02:00
Daniel Barranquero	131112398b	feat(aws): add bedrock_full_access_policy_attached security check (#10577)	2026-04-14 11:00:40 +02:00
lydiavilchez	e33825747f	fix(googleworkspace): apply customer-level policy filter to Calendar service (#10658)	2026-04-13 11:26:35 +02:00
lydiavilchez	d919d979dd	feat(googleworkspace): add Drive and Docs service checks using Cloud Identity Policy API (#10648)	2026-04-13 10:48:24 +02:00