1625 Commits

Author SHA1 Message Date
Josema Camacho 283259f34c fix(sdk): resolve empty-set bug in _enabled_regions causing 36-region client creation and CI timeouts (#10598) 2026-04-08 08:40:58 +02:00
rchotacode 5e1e4bd8e4 fix(oci): Mutelist support (#10566)
Co-authored-by: Ronan Chota <ronan.chota@saic.com>
Co-authored-by: Hugo P.Brito <hugopbrito@users.noreply.github.com>
2026-04-07 13:23:51 +01:00
Kay Agahd 8985280621 fix(azure): create distinct report per key/secret in keyvault checks (#10332)
Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
2026-04-07 09:36:48 +01:00
kaiisfree c99ed991b7 fix: show all checks including threat-detection in --list-checks (#10578)
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: kaiisfree <kai@users.noreply.github.com>
Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>
2026-04-06 16:55:15 +01:00
Adrián Peña ab8e83da3f fix(api,ui): dynamically fetch Jira issue types instead of hardcoding "Task" (#10534)
Co-authored-by: alejandrobailo <alejandrobailo94@gmail.com>
2026-04-01 14:37:49 +02:00
Alejandro Bailo 4f86667433 feat(sdk): add Vercel provider with 30 security checks (#10189)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>
2026-03-31 16:21:22 +02:00
Andoni Alonso 4bb1e5cff7 fix(sdk): redact sensitive CLI flags in HTML output (#10518) 2026-03-31 15:01:09 +02:00
Hugo Pereira Brito ab00c2dce1 feat(m365): add entra_conditional_access_policy_block_elevated_insider_risk security check (#10234)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-30 17:27:00 +02:00
Erich Blume de5bb94ff6 fix(image): pass registry arguments through init_global_provider (#10470)
Co-authored-by: Andoni Alonso <14891798+andoniaf@users.noreply.github.com>
2026-03-30 15:19:01 +02:00
Hugo Pereira Brito 3b875484b0 feat(m365): add device registration MFA and harden Intune enrollment CA check (#10222)
Co-authored-by: Hugo Brito <hugopbrito@users.noreply.github.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-30 13:36:05 +02:00
Hugo Pereira Brito 7148086410 feat(m365): add entra_conditional_access_policy_block_o365_elevated_insider_risk security check (#10232)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-30 11:49:29 +02:00
Hugo Pereira Brito 269d9dfe41 feat(cli): add --resource-group flag to filter checks by resource group (#10479)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-27 11:55:28 +01:00
Raajhesh Kannaa Chidambaram 041f95b3df feat(ec2): add check for SG ingress from public IPs to any port (#10335)
Co-authored-by: Raajhesh Kannaa Chidambaram <495042+raajheshkannaa@users.noreply.github.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-26 17:21:16 +01:00
Hugo Pereira Brito c651f60e3a feat(m365): add entra_conditional_access_policy_mdm_compliant_device_required check (#10220)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-26 11:36:30 +01:00
Sandiyo Christan 834d1bca49 feat(awslambda): enrich Function model with inventory fields and add 3 security checks (#10381)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-26 10:33:39 +01:00
Pepe Fagoaga 571141f57c fix(aws): set partition's region for global services (#10458) 2026-03-25 15:47:51 +01:00
Raajhesh Kannaa Chidambaram 6100932c60 feat(glue): add check for plaintext secrets in ETL job arguments (#10368)
Co-authored-by: Raajhesh Kannaa Chidambaram <495042+raajheshkannaa@users.noreply.github.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-25 12:25:36 +01:00
McRolly NWANGWU 833f3779ef feat(cloudfront): detect Standard Logging v2 via CloudWatch Log Delivery (#10090)
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-03-25 10:09:21 +00:00
Daniel Barranquero c752811666 fix(oci): false positive for kms key rotation check (#10450) 2026-03-25 11:09:02 +01:00
Daniel Barranquero 4d1f7626f9 fix(oci): false positive for password policies (#10453) 2026-03-25 10:52:31 +01:00
Hugo Pereira Brito 435624fcd4 fix(sdk): support renamed OCI IdP mapping events (#10416) 2026-03-24 13:18:16 +00:00
Felix Dreissig 9e67f31913 feat(gcp): Add checks for GCP Gemini (Generative Language) API (#10280)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-24 14:11:27 +01:00
Hugo Pereira Brito 114e86c0dc fix(sdk): ignore disabled users in Entra MFA check (#10426) 2026-03-23 15:21:31 +00:00
Hugo Pereira Brito 7df73a9d4f fix(sdk): use case-insensitive comparison for Azure MySQL flexible server checks (#10396) 2026-03-23 09:59:14 +00:00
Hugo Pereira Brito 1eda94140d fix(sdk): use case-insensitive comparison for Azure VM backup checks (#10395) 2026-03-23 09:45:08 +00:00
Andoni Alonso e8aaf5266a chore(sdk): bump pygithub from 2.5.0 to 2.8.0 (#10353) 2026-03-18 09:58:40 +01:00
Andoni Alonso 65e745d779 fix(sdk): skip strict CheckMetadata validators for external tool providers (#10363) 2026-03-18 09:11:39 +01:00
Pawan Gambhir df680ef277 fix(route53): resolve false positive in dangling IP check (#9952)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-17 12:02:48 +01:00
Andoni Alonso 451071d694 feat(image): add image provider to UI (#10167)
Co-authored-by: alejandrobailo <alejandrobailo94@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Alejandro Bailo <59607668+alejandrobailo@users.noreply.github.com>
2026-03-17 10:53:37 +01:00
shria :)) 1cf6eaa0b7 feat(github): add organization_repository_deletion_limited check (#10185)
Co-authored-by: Andoni Alonso <14891798+andoniaf@users.noreply.github.com>
2026-03-16 16:22:36 +01:00
Daniel Barranquero 361f8548bf feat(azure): add 'entra_conditional_access_policy_require_mfa_for_admin_portals' check and update compliance (#10330) 2026-03-16 12:14:58 +01:00
Hugo Pereira Brito c9284f8003 chore(models): add pydantic validators for CheckMetadata (#8583)
Co-authored-by: Rubén De la Torre Vico <ruben@prowler.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>
2026-03-16 10:36:08 +01:00
Hugo Pereira Brito 534ad3d04f feat(m365): add entra_device_code_flow_blocked security check (#10218) 2026-03-13 11:31:47 +01:00
Daniel Barranquero b08cb8ffb3 fix(csv): move OU columns to the end (#10307) 2026-03-12 08:28:52 +01:00
Raajhesh Kannaa Chidambaram 39385567fc feat(organizations): add OU metadata to outputs (#10283)
Co-authored-by: Raajhesh Kannaa Chidambaram <495042+raajheshkannaa@users.noreply.github.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-11 16:41:44 +01:00
Daniel Barranquero e28bde797f feat(openstack): object storage service with 7 new checks (#10258) 2026-03-11 12:00:43 +01:00
Michael Wentz c4d692f77b feat(guardduty): add org-wide delegated admin check across all regions (#9867)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-10 12:56:00 +01:00
Eran Cohen 0b461233c1 feat(iam): Add trusted IP configurable option to reduce false positives in 'opensearch' check (#8631)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-10 12:12:54 +01:00
Hugo Pereira Brito 9cf63a2a68 feat(m365): add custom entra_conditional_access_policy_compliant_device_hybrid_joined_device_mfa_required check (#10197)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-05 18:11:20 +01:00
Hugo Pereira Brito 726b5665d0 feat(m365): add entra_conditional_access_policy_approved_client_app_required_for_mobile security check (#10216)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-05 10:58:18 +01:00
Andoni Alonso e8d2b4a189 fix(iac): include resource line range in finding UID to prevent duplicates (#10241)
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-03-03 17:40:36 +01:00
Andoni Alonso b61b6cba53 feat(sdk): add provider identity fields to OCSF unmapped output (#10240)
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-03-03 16:42:08 +01:00
Pepe Fagoaga 71ee4213b3 chore(ingestions): rename flag, update docs (#10236) 2026-03-03 15:04:34 +01:00
Hugo Pereira Brito e96ea54f3b feat(m365): add entra_break_glass_users_fido2_security_key_registered security check (#10213)
Co-authored-by: Daniel Barranquero <74871504+danibarranqueroo@users.noreply.github.com>
2026-03-03 13:58:44 +01:00
Andoni Alonso dfca97633e feat(sdk): add provider_uid to OCSF unmapped output (#10231)
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-03-03 13:35:58 +01:00
Hugo Pereira Brito 548a137046 feat(m365): add entra_authentication_method_sms_voice_disabled security check (#10212) 2026-03-03 13:08:02 +01:00
Daniel Barranquero 012fd84cb0 chore: add provider-uid flag for iac provider (#10233)
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-03-03 13:07:15 +01:00
Pepe Fagoaga 9c2cb5efa8 fix(elbv2): Handle post-quantum (PQ) TLS policies (#10219) 2026-03-03 10:18:00 +01:00
Andoni Alonso efcbbf63c2 docs: review and fix documentation coverage for provider CLI flags (#10040) 2026-03-03 09:57:05 +01:00
Harsh Mishra 150abce4a8 fix(aws): respect AWS_ENDPOINT_URL for STS session creation (#10228)
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-03-03 08:25:59 +01:00