StylusFrost
45e946cd87
Merge branch 'master' into PROWLER-1391-provider-contract-dynamic-discovery
2026-04-28 12:42:18 +02:00
StylusFrost
52f6653ccf
fix(sdk): use equality not substring in provider dispatch chain
2026-04-28 11:54:23 +02:00
Hugo Pereira Brito
e252058af4
fix(m365): exclude guest users from entra_users_mfa_capable ( #10785 )
2026-04-28 08:58:16 +01:00
Pepe Fagoaga
7df2703db1
fix(aws): get organization's metadata with assumed role ( #10894 )
2026-04-27 22:15:11 +01:00
Kay Agahd
67234210ba
feat(aws): add check secretsmanager_has_restrictive_resource_policy ( #6985 )
2026-04-27 21:49:34 +01:00
Hugo Pereira Brito
3441ad7f70
fix(sdk): align googleworkspace finding resources ( #10901 )
2026-04-27 15:17:29 +01:00
lydiavilchez
013809919c
feat(googleworkspace): add Gmail service with first batch of checks ( #10683 )
2026-04-27 13:49:07 +02:00
Daniel Barranquero
368d9c1519
fix(admincenter): restrict admincenter group visibility check to Unified groups ( #10899 )
2026-04-27 13:23:03 +02:00
Andoni Alonso
b668770480
feat(github): add zizmor GitHub Actions scanning as a service of the GitHub provider ( #10607 )
2026-04-27 08:55:07 +02:00
StylusFrost
a31fe9b618
Merge branch 'master' into PROWLER-1391-provider-contract-dynamic-discovery
...
Conflict in prowler/config/config.py resolved by combining both branches:
- HEAD: external compliance discovery via entry points (PROWLER-1391)
- master: multi-provider framework JSONs scanned at top-level compliance/ (#10300 )
Order: built-in per-provider -> built-in multi-provider -> external entry points.
Built-ins first so they win on name collisions against external registrations.
Supporting external plug-ins to register multi-provider frameworks is tracked
in PROWLER-1444.
2026-04-24 20:54:22 +02:00
StylusFrost
907166d88a
fix(sdk): discriminate builtin vs external providers via find_spec for clearer import errors
2026-04-24 20:33:38 +02:00
StylusFrost
0883baad78
fix(sdk): external providers with --service and external checks for new services
2026-04-24 20:18:20 +02:00
StylusFrost
cf70d1f9f8
fix(sdk): honor from_cli_args return value in init_global_provider fallback
2026-04-24 18:51:57 +02:00
StylusFrost
60e7657081
feat(sdk): wire is_external_tool_provider property to execution and metadata validators
2026-04-24 18:23:42 +02:00
StylusFrost
e8487d0686
fix(sdk): unwrap namespaced config for all built-in and external providers
...
load_and_validate_config_file only detected the namespaced format for 5
hardcoded providers (aws, gcp, azure, kubernetes, m365). For every other
built-in (github, nhn, vercel, cloudflare, iac, llm, image, mongodbatlas,
oraclecloud, openstack, alibabacloud, googleworkspace) and for any
external plug-in, the full YAML was returned wrapped instead of the
provider's own block.
Replace the hardcoded list with a dynamic check: if the file has a
top-level key matching the provider and its value is a dict, unwrap it.
Keep the legacy flat format for AWS only (historical, pre-multicloud)
and identify it by the absence of nested-dict top-level values, which
prevents cross-provider config leakage when a namespaced file has no
section for the requested provider.
2026-04-24 18:01:47 +02:00
Pedro Martín
d4ece2b43e
feat(sdk): add multi-provider compliance framework JSONs ( #10300 )
...
Co-authored-by: Alan Buscaglia <gentlemanprogramming@gmail.com >
2026-04-24 13:27:31 +02:00
Daniel Barranquero
80d62f355f
fix(alibabacloud): fix CS service SDK compatibility and harden Alibaba provider ( #10871 )
2026-04-24 09:26:09 +02:00
Mathisdjango
927be17fb7
feat(github): add check for dismissing stale PR approvals on default branch (CIS 1.1.4) ( #10569 )
...
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com >
2026-04-22 16:14:10 +02:00
StylusFrost
9c056beed1
Merge branch 'master' into PROWLER-1391-provider-contract-dynamic-discovery
2026-04-22 09:39:10 +02:00
Andoni Alonso
43bd1083e0
feat(sdk): add SARIF output format for IaC provider ( #10626 )
...
Co-authored-by: Pepe Fagoaga <pepe@prowler.com >
2026-04-22 09:32:20 +02:00
Pedro Martín
a24869fc26
feat(sdk): add universal compliance output modules (CSV, OCSF, table) ( #10299 )
2026-04-22 09:01:45 +02:00
StylusFrost
f60f7c61c7
feat(provider): add display_compliance_table method for provider-specific compliance rendering
2026-04-21 19:40:38 +02:00
StylusFrost
3deb1359a5
Merge branch 'master' into PROWLER-1391-provider-contract-dynamic-discovery
2026-04-21 18:52:13 +02:00
StylusFrost
e2295bd086
feat(provider): implement get_mutelist_finding_args for external providers and add tests
2026-04-21 18:50:18 +02:00
Pepe Fagoaga
f2c5d2ec87
fix(aws): fallback lookup events to resource name ( #10828 )
2026-04-21 18:31:50 +02:00
Raajhesh Kannaa Chidambaram
39911e3ab7
feat(github): add --repo-list-file flag for GitHub scanning ( #10501 )
...
Co-authored-by: Raajhesh Kannaa Chidambaram <495042+raajheshkannaa@users.noreply.github.com >
Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com >
2026-04-21 15:31:34 +02:00
StylusFrost
5f10e1c1b6
Merge branch 'master' into PROWLER-1391-provider-contract-dynamic-discovery
2026-04-21 14:19:52 +02:00
StylusFrost
484211b465
fix(sdk): align exception handlers to SDK convention and improve test coverage
2026-04-21 14:14:17 +02:00
Pedro Martín
ac6dd03fb8
feat(sdk): add universal compliance schema models and loaders ( #10298 )
2026-04-21 11:39:04 +02:00
Andoni Alonso
19c752c127
fix(cloudflare): guard validate_credentials against paginator infinite loops ( #10771 )
2026-04-17 11:23:31 +02:00
Erich Blume
a2a1a73749
fix(image): --registry-list crashes with AttributeError on global_provider ( #10691 )
...
Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com >
2026-04-16 13:02:25 +02:00
lydiavilchez
08fbe17e29
fix(googleworkspace): treat secure Google defaults as PASS for Drive checks ( #10727 )
2026-04-16 13:01:55 +02:00
lydiavilchez
d920f78059
fix(googleworkspace): treat secure Google defaults as PASS for Calendar checks ( #10726 )
2026-04-16 12:51:40 +02:00
Daniel Barranquero
43913b1592
feat(aws): support excluding regions from scans via CLI, env var, and config ( #10688 )
2026-04-15 17:59:46 +02:00
StylusFrost
f8333baf24
feat: Enhance dynamic provider loading and compliance framework discovery
...
- Implemented dynamic loading of external providers via entry points, allowing for greater flexibility in provider integration.
- Added functionality to discover compliance directories from entry points, enabling external compliance frameworks to be loaded seamlessly.
- Refactored check module resolution to prioritize built-in checks while falling back to entry points if necessary.
- Improved compliance framework loading to include both built-in and external sources, ensuring comprehensive compliance coverage.
- Enhanced CLI argument parsing to support external providers, improving user experience and configurability.
- Introduced extensive unit tests to validate dynamic loading, compliance discovery, and overall integration of external providers.
2026-04-15 13:22:57 +02:00
Daniel Barranquero
c3acb818d9
fix(vercel): handle team-scoped firewall config responses ( #10695 )
2026-04-15 11:59:20 +02:00
Hugo Pereira Brito
a82eaa885d
refactor(m365): normalize CA platforms at model level ( #10635 )
...
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home >
2026-04-14 15:00:23 +02:00
Hugo Pereira Brito
90a619a8b4
feat(m365): add entra_conditional_access_policy_block_unknown_device_platforms security check ( #10615 )
...
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home >
2026-04-14 14:32:37 +02:00
Hugo Pereira Brito
638bf62d76
feat(entra): directory sync account exclusion ( #10620 )
...
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home >
2026-04-14 14:16:32 +02:00
Hugo Pereira Brito
5610f5ad90
feat(m365): add entra_conditional_access_policy_corporate_device_sign_in_frequency_enforced security check ( #10618 )
...
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home >
2026-04-14 14:10:00 +02:00
Hugo Pereira Brito
92b838866a
feat(m365): add entra_conditional_access_policy_mfa_enforced_for_guest_users security check ( #10616 )
...
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home >
2026-04-14 13:45:12 +02:00
Hugo Pereira Brito
e24e1ab771
feat(m365): add exchange_organization_delicensing_resiliency_enabled security check ( #10608 )
2026-04-14 13:30:45 +02:00
Hugo Pereira Brito
bc3fd79457
feat(intune): add device compliance policy marks noncompliant check ( #10599 )
2026-04-14 13:01:47 +02:00
Hugo Pereira Brito
4941ed5797
feat(entra): add new check entra_conditional_access_policy_all_apps_all_users ( #10619 )
...
Co-authored-by: Hugo P.Brito <hugopbrito@Mac.home >
2026-04-14 12:47:57 +02:00
Daniel Barranquero
0f4d8ff891
feat(aws): add bedrock_vpc_endpoints_configured security check ( #10591 )
2026-04-14 12:22:22 +02:00
Daniel Barranquero
d1ab8b8ae5
feat(aws): add iam_policy_no_wildcard_marketplace_subscribe and iam_inline_policy_no_wildcard_marketplace_subscribe checks ( #10525 )
...
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com >
2026-04-14 12:08:40 +02:00
Daniel Barranquero
65e9593b41
feat(aws): add bedrock_access_not_stale security check ( #10536 )
2026-04-14 11:20:40 +02:00
Daniel Barranquero
131112398b
feat(aws): add bedrock_full_access_policy_attached security check ( #10577 )
2026-04-14 11:00:40 +02:00
lydiavilchez
e33825747f
fix(googleworkspace): apply customer-level policy filter to Calendar service ( #10658 )
2026-04-13 11:26:35 +02:00
lydiavilchez
d919d979dd
feat(googleworkspace): add Drive and Docs service checks using Cloud Identity Policy API ( #10648 )
2026-04-13 10:48:24 +02:00