prowler

mirror of https://github.com/prowler-cloud/prowler.git synced 2026-01-25 02:08:11 +00:00

Author	SHA1	Message	Date
Andoni Alonso	6cb0edf3e1	feat(aws/codebuild): add check for CodeBreach webhook filter vulnerability (#9840 ) Co-authored-by: HugoPBrito <hugopbrit@gmail.com>	2026-01-22 15:12:24 +01:00
Josema Camacho	847645543a	feat(attack-paths): update boto dependencies for catrography compatibility (#9798 ) Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>	2026-01-15 13:00:54 +01:00
Lee Trout	429c591819	chore(aws): fixup AWS EC2 SG lib (#9216 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com> Co-authored-by: Sergio Garcia <sergargar1@gmail.com> Co-authored-by: HugoPBrito <hugopbrit@gmail.com>	2026-01-12 13:47:37 +01:00
mchennai	05466cff22	test: Add edge case test for s3_bucket_server_access_logging_enabled (#9725 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2026-01-12 10:06:34 +01:00
mchennai	4169611a6a	test(s3_bucket_server_access_logging_enabled): Add multi-bucket test (#9716 ) Co-authored-by: pedrooot <pedromarting3@gmail.com>	2026-01-05 11:34:57 +01:00
Ryan Nolette	81e046ecf6	feat(bedrock): API pagination (#9606 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2025-12-23 09:06:19 +01:00
Ryan Nolette	0d363e6100	feat(sagemaker): parallelize tag listing for better performance (#9609 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2025-12-23 08:51:16 +01:00
Lee Trout	c5c7b84afd	chore(ec2): prevent test from calling live AWS endpoint (#9228 )	2025-11-13 10:12:19 +01:00
Shaun	e246c0cfd7	fix(aws): false negative in `iam_role_cross_service_confused_deputy_prevention` (#9213 ) Co-authored-by: shaun <shaun@snotra.cloud> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-11-11 17:39:16 -05:00
Hugo Pereira Brito	61a66f2bbf	fix(aws): `firehose_stream_encrypted_at_rest` description and logic (#9142 )	2025-11-03 11:31:18 -05:00
Daniel Barranquero	63169289b0	fix(ec2): AttributeError in `ec2_instance_with_outdated_ami` check (#9046 )	2025-10-28 09:13:44 -04:00
SeongYong Choi	efba5d2a8d	feat(codepipeline): add new check `codepipeline_project_repo_private` (#5915 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-10-27 18:55:36 -04:00
Daniel Barranquero	e279f7fcfd	fix: handle eks cluster version and listener certificate arn not in acm (#8802 )	2025-10-01 13:55:26 -04:00
Hugo Pereira Brito	cdb455b2b1	feat(aws): add new check `ec2_instance_with_outdated_ami` (#6910 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-09-30 13:54:36 -04:00
MustafaAamir	2a4b62527a	fix(tests_iam): AWS managed policies are isolated (#8609 ) Co-authored-by: MustafaAamir <mustafa@gmail.com> Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2025-09-30 13:44:03 +05:45
dependabot[bot]	52ddaca4c5	chore(deps-dev): bump moto from 5.0.28 to 5.1.11 (#7100 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-09-16 14:17:47 +02:00
Daniel Barranquero	b512f6c421	fix(firehose): false positive in `firehose_stream_encrypted_at_rest` (#8599 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-09-11 09:55:16 -04:00
Daniel Barranquero	74bf0e6b47	fix(aws): nonetype errors in opensearch, firehose and cognito (#8670 )	2025-09-09 13:12:57 +05:45
Daniel Barranquero	7916425ed4	fix(memorydb): handle clusters with no security groups (#8666 )	2025-09-08 15:05:13 -04:00
Samuele Pasini	1884874ab6	fix: typo `ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_*` CheckID (#8294 ) Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>	2025-09-05 13:16:12 +02:00
Daniel Barranquero	3b42eb3818	fix(s3): resource metadata error in `s3_bucket_shadow_resource_vulnerability` (#8572 )	2025-08-26 13:30:49 +02:00
Sergio Garcia	30518f2e0e	feat(aws): new check `eks_cluster_deletion_protection_enabled` (#8536 )	2025-08-19 10:25:24 +02:00
Andoni Alonso	2f5fce41dc	feat(iam): remove standalone iam:PassRole from privesc detection and add missing patterns (#8530 )	2025-08-18 11:35:14 +02:00
Andoni Alonso	39e4d20b24	feat(iam): add Bedrock AgentCore privilege escalation combo (#8526 )	2025-08-15 13:25:15 +02:00
Hugo Pereira Brito	f5b1532647	fix(kafka): false positives in `kafka_cluster_is_public` check (#8514 )	2025-08-13 09:05:09 +02:00
Paul Negedu	2170fbb1ab	feat(aws): add `s3_bucket_shadow_resource_vulnerability` check (#8398 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-08-01 18:26:03 +08:00
Sergio Garcia	7ec514d9dd	feat(aws): new check `bedrock_api_key_no_long_term_credentials` (#8396 )	2025-07-30 17:04:16 +08:00
Aviad Levy	a85b89ffb5	fix(ec2): add check that protocol is matched in security group checks (#8374 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-07-28 19:53:08 +08:00
Kay Agahd	d4e66c4a6f	chore(sqs): clean up code (#8366 )	2025-07-25 20:10:34 +08:00
Andoni Alonso	04749c1da1	fix(aws): `sns_topics_not_publicly_accessible` false positive with aws:SourceArn conditions (#8340 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-07-24 18:03:30 +08:00
Sergio Garcia	ca86aeb1d7	feat(aws): new check `bedrock_api_key_no_administrative_privileges` (#8321 )	2025-07-22 22:06:17 +08:00
Kay Agahd	bf0013dae3	fix(aws): make `is_service_role` more restrictive to avoid false positives (#8274 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-07-15 22:02:09 +08:00
Hugo Pereira Brito	ddc53c3c6d	fix(firehose): list all streams and fix `firehose_stream_encrypted_at_rest` logic (#8213 )	2025-07-09 15:38:54 +08:00
Pedro Martín	7eb08b0f14	fix(ec2): allow empty values for `http_endpoint` in templates (#8184 )	2025-07-04 18:03:51 +08:00
Kay Agahd	f5ecae6da1	fix(iam): detect wildcarded ARNs in sts:AssumeRole policy resources (#8164 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-07-03 23:09:48 +08:00
Neil Millard	965111245a	feat(aws): add new check for Codebuild projects visibility (#8127 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-07-02 17:20:15 +08:00
Jack Holloway	85242c7909	fix(aws): retrieve correctly ECS Container insights settings (#8097 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-06-25 15:54:20 +08:00
Daniel Barranquero	ea6ab406c8	fix(organizations): `Key Error: Statement` in check `organizations_scp_deny_regions` (#8091 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-06-25 15:23:38 +08:00
crr	e108b2caed	fix(aws): fix logic in VPC and ELBv2 checks (#8077 ) Co-authored-by: Sergio Garcia <sergargar1@gmail.com> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-06-24 19:13:54 +08:00
Andoni Alonso	dfd5c9aee7	feat(aws): add check to ensure Codebuild Github projects are only use allowed Github orgs (#7595 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-06-18 00:17:18 +08:00
Andoni Alonso	bfafa518b1	feat(aws): avoid bypassing IAM check using wildcards (#7708 )	2025-06-16 07:42:01 +02:00
Andoni Alonso	f5f1fce779	fix(iam): check always if root credentials are present (#7967 )	2025-06-12 17:48:09 +02:00
Sergio Garcia	97baa8a1e6	chore(ec2): improve severity logic in SG all ports open check (#7764 )	2025-05-16 15:09:48 +02:00
Ogonna Iwunze	f5a2695c3b	fix(check): Add support for condition with restriction on SNS endpoint (#7750 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-15 16:00:00 +02:00
Sergio Garcia	9458e2bbc4	fix(inspector2): handle error when getting active findings (#7670 ) Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>	2025-05-07 14:39:34 +02:00
Sergio Garcia	b55f8efed1	fix: handle errors in AWS, Azure, and GCP (#7456 )	2025-04-08 18:05:43 +05:45
Sergio Garcia	8552a578a0	fix(aws): solve multiple errors (#7431 )	2025-04-04 09:34:58 -04:00
Daniel Barranquero	ee27636f32	fix(redshift): validation error for `Cluster.multi_az` (#7381 )	2025-03-31 13:55:48 +02:00
Daniel Barranquero	87c038f0c2	fix(rds): hundle Certificate `rds-ca-2019` not found (#7383 )	2025-03-27 11:09:33 +01:00
Daniel Barranquero	d39598c9fc	fix(stepfunctions): `Nonetype` object has no attribute `level` (#7386 )	2025-03-26 19:39:27 +01:00

1 2 3 4 5 ...

694 Commits