ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-02-09 02:30:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: ben.carrasco:aws-regions-update-170
Branches Tags
ben.carrasco:master ben.carrasco:feat/PROWLER-941-stage-2-b-image-provider-cli-docs ben.carrasco:feat/PROWLER-939-stage-2-registry-auth ben.carrasco:PROWLER-961-openstack-network-service-new-checks ben.carrasco:PROWLER-1025-review-ec-2-001-iam-014-glue-001-and-bedrock-001-privesc-queries ben.carrasco:feat/PROWLER-939-stage-1-image-provider-mvp-for-cli ben.carrasco:PROWLER-820-low-cloudflare-scan-is-slow-for-accounts-with-many-zones ben.carrasco:v5.18 ben.carrasco:dependabot/github_actions/master/actions/checkout-6.0.2 ben.carrasco:dependabot/github_actions/master/actions/setup-node-6.2.0 ben.carrasco:dependabot/github_actions/master/actions/cache-5.0.3 ben.carrasco:PROWLER-877-endpoints-get-findings-groups-and-findings-groups-id-resources ben.carrasco:fix/ui-scans-polling-optimization ben.carrasco:image-scan-poc ben.carrasco:update-readme-numbers ben.carrasco:PROWLER-1028-create-compliance-cis-3-1-for-oracle-cloud ben.carrasco:PROWLER-389-add-cloudflare-to-ui ben.carrasco:review_metadata_azure_monitor ben.carrasco:dependabot/pip/master/pytest-cov-6.3.0 ben.carrasco:dependabot/pip/master/moto-5.1.20 ben.carrasco:dependabot/pip/master/coverage-7.10.7 ben.carrasco:dependabot/pip/master/pytest-8.4.2 ben.carrasco:dependabot/pip/master/pre-commit-4.3.0 ben.carrasco:dependabot/pip/master/flake8-7.3.0 ben.carrasco:dependabot/pip/master/freezegun-1.5.5 ben.carrasco:dependabot/pip/master/marshmallow-4.0.1 ben.carrasco:dependabot/pip/master/openapi-spec-validator-0.7.2 ben.carrasco:dependabot/pip/master/pytest-xdist-3.8.0 ben.carrasco:dependabot/pip/master/bandit-1.8.6 ben.carrasco:dependabot/pip/master/black-25.11.0 ben.carrasco:dependabot/pip/master/pytest-randomly-4.0.1 ben.carrasco:dependabot/pip/master/pylint-3.3.9 ben.carrasco:PROWLER-960-jwt-key-generation-fails-with-permission-error-on-fresh-docker-compose-deployment ben.carrasco:dependabot/pip/authlib-1.6.6 ben.carrasco:dependabot/pip/protobuf-6.33.5 ben.carrasco:PROWLER-897-openstack-compute-service-new-checks ben.carrasco:feat/PROWLER-930-recursive-table ben.carrasco:feat/PROWLER-809-tree-view ben.carrasco:feat/prowler-709-defender-atp-safe-attachments-policy-enabled ben.carrasco:feat/PROWLER-707-test ben.carrasco:aws-regions-update-170 ben.carrasco:dependabot/github_actions/master/peter-evans/create-pull-request-8.1.0 ben.carrasco:dependabot/github_actions/master/regclient/actions-148669fe4b19151fcab6e00c6df2db43b9e2b097 ben.carrasco:dependabot/github_actions/master/actions/setup-python-6.2.0 ben.carrasco:dependabot/github_actions/master/docker/login-action-3.7.0 ben.carrasco:dependabot/github_actions/master/github/codeql-action-4.32.0 ben.carrasco:dependabot/github_actions/master/trufflesecurity/trufflehog-3.92.5 ben.carrasco:feature/PROWLER-952-vitest-testing-library ben.carrasco:PROWLER-509-update-privesc-checks-with-all-the-paths-from-pathfinding-cloud ben.carrasco:feat/prowler-838-entra-conditional-access-policy-enforce-sign-in-frequency ben.carrasco:v5.17 ben.carrasco:dependabot/pip/api/azure-core-1.38.0 ben.carrasco:feat/prowler-708-defender-safe-attachments-policy-enabled ben.carrasco:feat/PROWLER-774-Findings-Hierarchical-Tree-View-Check-Resources ben.carrasco:feat/prowler-835-entra-conditional-access-policy-emergency-access-exclusion ben.carrasco:feat/prowler-833-entra-conditional-access-policy-all-apps-coverage ben.carrasco:feat/prowler-832-entra-default-app-management-policy-enabled ben.carrasco:PROWLER-822-high-cloudflare-zone-waf-enabled-check-false-positive ben.carrasco:backport/v5.17/pr-9892 ben.carrasco:PROWLER-690-feature-add-batch-provider-creation-endpoint-api ben.carrasco:PROWLER-717-enhance-git-hub-placeholder-and-documentation ben.carrasco:dependabot/uv/mcp_server/python-multipart-0.0.22 ben.carrasco:feat/migrate-to-prek ben.carrasco:aws-regions-update-169 ben.carrasco:fix/skill-sync-bash3-compat ben.carrasco:PROWLER-693-enhancement-add-status-field-to-provider-model-api ben.carrasco:aws-regions-update-168 ben.carrasco:dependabot/uv/mcp_server/starlette-0.49.1 ben.carrasco:dependabot/uv/mcp_server/authlib-1.6.6 ben.carrasco:dependabot/uv/mcp_server/urllib3-2.6.3 ben.carrasco:PROWLER-512-merge-attack-paths ben.carrasco:v5.16 ben.carrasco:attack-paths-demo-extras ben.carrasco:PROWLER-511-solve-one-neo-4-j-database-per-provider ben.carrasco:PROWLER-611-create-e-2-e-tests-for-the-alibabacloud-provider ben.carrasco:fix/black-formatting-validate-compliance ben.carrasco:feat/prowler-compliance-review-skill ben.carrasco:PROWLER-663-improve-skill-md-and-correct-typos-for-the-compliance-part ben.carrasco:dependabot/pip/master/google-auth-httplib2-0.2.1 ben.carrasco:feat/sns-integration ben.carrasco:feat/github-integration ben.carrasco:review_metadata_m365_teams ben.carrasco:review_metadata_m365_sharepoint ben.carrasco:review_metadata_m365_exchange ben.carrasco:review_metadata_m365_entra ben.carrasco:review_metadata_m365_defender ben.carrasco:review_metadata_m365_admincenter ben.carrasco:review_metadata_kubernetes_scheduler ben.carrasco:review_metadata_kubernetes_rbac ben.carrasco:review_metadata_kubernetes_kubelet ben.carrasco:review_metadata_kubernetes_core ben.carrasco:review_metadata_kubernetes_controllermanager ben.carrasco:review_metadata_kubernetes_apiserver ben.carrasco:update-api-lock ben.carrasco:review_metadata_github_repository ben.carrasco:review_metadata_mongodbatlas_organizations ben.carrasco:review_metadata_mongodbatlas_clusters ben.carrasco:review_metadata_gcp_logging ben.carrasco:review_metadata_gcp_kms ben.carrasco:review_metadata_gcp_iam ben.carrasco:review_metadata_gcp_gke ben.carrasco:review_metadata_gcp_gcr ben.carrasco:review_metadata_gcp_dns ben.carrasco:review_metadata_gcp_dataproc ben.carrasco:review_metadata_gcp_compute ben.carrasco:review_metadata_gcp_cloudstorage ben.carrasco:review_metadata_gcp_cloudsql ben.carrasco:review_metadata_gcp_bigquery ben.carrasco:review_metadata_gcp_apikeys ben.carrasco:review_metadata_azure_vm ben.carrasco:review_metadata_azure_keyvault ben.carrasco:review_metadata_azure_entra ben.carrasco:fix/v5.16-version-alignment ben.carrasco:api-5.16-changelog ben.carrasco:v5.15 ben.carrasco:feat/PROWLER-22-Risk-Radar-Component-UI-2 ben.carrasco:backport/v5.15/pr-9567 ben.carrasco:feat/api-query-performance-guide ben.carrasco:feat/ui-gga-code-review ben.carrasco:backport/v5.15/pr-9558 ben.carrasco:aws-regions-update-163 ben.carrasco:PROWLER-481-issues-with-ia-c-scan-in-bug-repos ben.carrasco:add-search-provider-bar ben.carrasco:chore/ui-e2e-cloud-tests ben.carrasco:feat/ui-scans-resources-link ben.carrasco:backport/v5.14/pr-9489 ben.carrasco:backport/v5.14/pr-9487 ben.carrasco:aws-regions-update-162 ben.carrasco:feat/PROWLER-34-Risk-Plot-Component-UI ben.carrasco:rbi-framework-support ben.carrasco:PROWLER-XX-separate-runner-for-aws-tests ben.carrasco:v5.14 ben.carrasco:feat/api-providers-severity-endpoint ben.carrasco:feat/PROWLER-447-Attack-surface-component-Front ben.carrasco:review_metadata_oraclecloud_objectstorage ben.carrasco:review_metadata_oraclecloud_network ben.carrasco:review_metadata_oraclecloud_kms ben.carrasco:review_metadata_oraclecloud_integration ben.carrasco:review_metadata_oraclecloud_identity ben.carrasco:review_metadata_oraclecloud_filestorage ben.carrasco:review_metadata_oraclecloud_events ben.carrasco:review_metadata_oraclecloud_database ben.carrasco:review_metadata_oraclecloud_compute ben.carrasco:backport/v5.14/pr-9345 ben.carrasco:aws-regions-update-161 ben.carrasco:PROWLER-182-kubernetes-add-and-connect-the-provider ben.carrasco:PROWLER-181-gcp-add-and-connect-the-provider ben.carrasco:backport/v5.13/pr-9274 ben.carrasco:PRWLR-7853-asff-first-observed-at-is-not-taking-into-account-the-finding-can-exist ben.carrasco:backport/v5.13/pr-9208 ben.carrasco:v5.13 ben.carrasco:PRWLR-7885-fix-report-timestamps ben.carrasco:DEVREL-115-fix-anchors ben.carrasco:backport/v5.13/pr-9054 ben.carrasco:PROWLER-285-aws-add-an-connect-the-provider-sdk-default-env ben.carrasco:prwlr-7751-github-app-authentication-incorrectly-handles-key-parameter-and-environment-variables ben.carrasco:PROWLER-376-update-docs-with-gcp-permissions ben.carrasco:DEVREL-98-include-open-api-specification-in-mintlify ben.carrasco:DEVREL-93-prowler-gha-poc ben.carrasco:add-timeout-thread ben.carrasco:DEVREL-109-add-link-to-aws-console-in-aws-findings ben.carrasco:PROWLER-185-launch-scheduled-scan ben.carrasco:add-links-to-iac-findings ben.carrasco:PROWLER-186-launch-on-demand-scan ben.carrasco:chore-api-prowler-version-update ben.carrasco:api-mintlify-docs ben.carrasco:review_metadata_m365_purview ben.carrasco:PROWLER-188-invite-new-user ben.carrasco:PROWLER-197-out-of-scope-github-add-an-connect-the-provider ben.carrasco:PROWLER-XX-check-all-checks-have-passed ben.carrasco:backport/v5.13/pr-9062 ben.carrasco:PROWLER-253-extract-aws-data-from-prowler-database-and-transform-it-to-be-ingested-by-cartography ben.carrasco:workshop-as-docs ben.carrasco:create-alibaba-provider ben.carrasco:PRWLR-7835-amazon-bedrock ben.carrasco:feat/gcp-cloudstorage-versioning-enabled ben.carrasco:feat/cloudflare-provider ben.carrasco:feat/stuck-scans-command ben.carrasco:PROWLER-XX-update-changelogs ben.carrasco:refactor/graph-components-kebab-case ben.carrasco:fix-threatscore-s3-location ben.carrasco:demo-api-key ben.carrasco:trigger-preview ben.carrasco:api-changelog-1-14 ben.carrasco:feat/PRWLR-7763-new-credentials-form ben.carrasco:PROWLER-258-github-social-sign-up ben.carrasco:feat/PRWLR-7933-UI-Api-Key ben.carrasco:attribute-error-in-m365 ben.carrasco:v5.12 ben.carrasco:api-keys-docs-improvement ben.carrasco:iac-in-the-app ben.carrasco:pr-8743 ben.carrasco:PRWLR-8174-add-additional-compliance-information-to-compliance-detail-page-ui ben.carrasco:PRWLR-7170-improve-html-output-in-prowler ben.carrasco:todo-check-class ben.carrasco:review-metadata-aws-neptune ben.carrasco:fix/nextjs-cache-folder-not-found ben.carrasco:update-api-dependency-v5.12-1757406446 ben.carrasco:aws-services-regions-updated-422a8a0f625cee103be5e5a97b9639f49997b949 ben.carrasco:PRWLR-7873-add-all-finding-fields-in-the-ticket-summary-table-jira ben.carrasco:backport/v5.11/pr-8619 ben.carrasco:backport/v5.11/pr-8629 ben.carrasco:backport/v5.11/pr-8638 ben.carrasco:aws-services-regions-updated-fdb76e78207e10cf07660bbfa70665fc6552c0dd ben.carrasco:v5.11 ben.carrasco:PRWLR-7706-add-pydantic-validators-to-check-metadata-model-per-rfc-specification ben.carrasco:nitpicks/7e7fce94-067a-47b0-b6d1-9b1f4ccac28f ben.carrasco:PRWLR-6707-create-a-way-of-reporting-for-prowler-threatscore ben.carrasco:v5.10 ben.carrasco:fix-threatscore-scoring ben.carrasco:PRWLR-7212-recommend-fix ben.carrasco:PRWLR-7784-cloud-providers-connection-filter-status-labels ben.carrasco:add-posthog-integration ben.carrasco:PRWLR-7732-add-mutelist-menu-item ben.carrasco:v5.9 ben.carrasco:alert-autofix-55 ben.carrasco:PRWLR-7212-recommend ben.carrasco:nitpicks/678b4540-69e7-4be1-802c-11e249359177 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359177 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359176 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359175 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359174 ben.carrasco:PRWLR-7606-add-github-provider-to-ui ben.carrasco:fix/kisa-isms-p_compilance ben.carrasco:fix-gh-typo ben.carrasco:backport/v5.9/pr-8265 ben.carrasco:PRWLR-7569-create-different-flows-of-onboarding-in-m-365 ben.carrasco:feature/add-posthog-analytics ben.carrasco:PRWLR-7635-mongodbatlas-additional-checks ben.carrasco:PRWLR-7635-mongodbatlas-provider-foundation ben.carrasco:v5.8 ben.carrasco:PRWLR-6064-change-user-deletion-api-response ben.carrasco:backport/v5.8/pr-8257 ben.carrasco:backport/v5.7/pr-8270 ben.carrasco:update-fixers-docs ben.carrasco:PRWLR-7205-migrate-fixers-to-new-class-structure ben.carrasco:PRWLR-5093-design-the-fixer-class ben.carrasco:PRWLR-7597-fix-and-optimize-search-filters-for-findings-and-resources ben.carrasco:backport/v5.8/pr-8253 ben.carrasco:PRWLR-7512-create-custom-link-component ben.carrasco:PRWLR-7524-improve-api-performance-on-scan-page-using-include-param ben.carrasco:v5.7 ben.carrasco:PRWLR-7386-playwright-setup-nextjs ben.carrasco:backport/v5.7/pr-8087 ben.carrasco:PRWLR-7459-support-for-scanning-remote-git-repositories-specified-by-url ben.carrasco:api-add-missing-map ben.carrasco:PRWLR-7346-create-a-db-helper-to-create-indexes-following-best-practices ben.carrasco:PRWLR-4758-django-must-support-read-only-replica-database-config ben.carrasco:PRWLR-7134-api-performance-tests-for-resources ben.carrasco:fix/update-changelog-and-block-1st-item-in-providers-selector ben.carrasco:psql-proxy ben.carrasco:PRWLR-7292-old-scans-not-shown-when-all-providers-have-connection-fail ben.carrasco:PRWLR-7160-findings-page-scan-id-filter-improvement ben.carrasco:showdown-demo ben.carrasco:backport/v5.7/pr-7928 ben.carrasco:PRWLR-7302-nextjs-analyst ben.carrasco:backport/v5.7/pr-7921 ben.carrasco:PRWLR-7297-django-endpoint ben.carrasco:api-changelog-5.7.2 ben.carrasco:update-changelog ben.carrasco:PRWLR-7318-add-ia-c-provider-tests ben.carrasco:PRWLR-6367-create-a-finding-new-uid-column-to-avoid-length-limitations ben.carrasco:PRWLR-5556-ensure-inactive-users-are-reviewed-and-removed-periodically ben.carrasco:fix/7508-review-fixes ben.carrasco:PRWLR-5989-ensure-that-spf-records-are-published-for-all-exchange ben.carrasco:v5.6 ben.carrasco:backport/v5.6/pr-7746 ben.carrasco:PRWLR-7117-implement-new-findings-latest-endpoint-API-UI ben.carrasco:poc-ui-e2e ben.carrasco:review-changelogs-for-v5.6 ben.carrasco:v5.5 ben.carrasco:PRWLR-6373-Implement-Compliance-Outputs-UI-temp ben.carrasco:PRWLR-6886-sdk-aws-resource-po-c ben.carrasco:PRWLR-6834-exclude-checks-in-prowler-api ben.carrasco:improve-rls-policies ben.carrasco:M365-testing ben.carrasco:PRWLR-6643-capture-sentry-exceptions ben.carrasco:PRWLR-6464-running-into-302-error-subscription-could-not-be-found-7214 ben.carrasco:v4.6 ben.carrasco:PRWLR-6469-review-resource-types-in-check-metadata-2nd-round ben.carrasco:v5.4 ben.carrasco:backport/v4.6/pr-7420 ben.carrasco:v3 ben.carrasco:backport/v4.6/pr-7410 ben.carrasco:backport/v4.6/pr-7330 ben.carrasco:backport/v3/pr-7330 ben.carrasco:improve-deletion-process ben.carrasco:PRWLR-6502-improve-docs-adding-videos ben.carrasco:PRWLR-6472-add-docs-inside-ui-page-for-each-provider ben.carrasco:PRWLR-6455-change-microsoft-365-check-names ben.carrasco:revert-7112-PRWLR-6398-upgrade-poetry-to-v-2-in-prowler ben.carrasco:fix-api-prowler-dep ben.carrasco:backport/v4.6/pr-7205 ben.carrasco:backport/v5.4/pr-7141 ben.carrasco:v5.3 ben.carrasco:PRWLR-5956-Export-Artifacts-only-UIpart-v2 ben.carrasco:backport/v5.2/pr-6947 ben.carrasco:backport/v4.6/pr-6896 ben.carrasco:backport/v4.6/pr-6908 ben.carrasco:PRWLR-5956-Export-Artifacts-only-UIpart ben.carrasco:PRWLR-5860-ensure-security-defaults-is-disabled ben.carrasco:v5.2 ben.carrasco:backport/v3/pr-6823 ben.carrasco:backport/v3/pr-6822 ben.carrasco:backport/v3/pr-6824 ben.carrasco:PRWLR-6129-review-check-report-init-for-region-resource-id-resource-arn ben.carrasco:PRWLR-5956-Export-Artifacts ben.carrasco:PRWLR-6143-fix-error-related-with-detect-secrets ben.carrasco:v5.1 ben.carrasco:v5.0 ben.carrasco:backport/v3/pr-6611 ben.carrasco:backport/v3/pr-6352 ben.carrasco:PRWLR-5573-ensure-scanners-are-in-place-for-open-source-vulnerabilities-in-used-packages ben.carrasco:PRWLR-4669-Roles-Page-UI-with-API-changes ben.carrasco:PRWLR-5831-review-and-fix-all-the-nonetypes-from-prod-logs ben.carrasco:PRWLR-4669-Roles-Page-API-UI ben.carrasco:PRWLR-5516-ensure-branch-protection-is-enforced-on-the-default-branch ben.carrasco:PRWLR-5535-ensure-linear-history-is-required ben.carrasco:backport/v3/pr-6122 ben.carrasco:PRWLR-5696-debug-django-loosing-db-connections ben.carrasco:backport/v4.4/pr-5195 ben.carrasco:PRWLR-5513-enforce-two-approval-requirement-for-code-changes-in-git-hub-repositories ben.carrasco:PRWLR-5550-Scans-New-attribute-Next-scan-schedule ben.carrasco:backport/v3/pr-5961 ben.carrasco:PRWLR-4785-remove-only-logs ben.carrasco:v4.5 ben.carrasco:PRWLR-5281-po-c-development ben.carrasco:PRWLR-5266-review-checks-executed-by-sdk-and-cli ben.carrasco:v4.4 ben.carrasco:PRWLR-4539-iam-customer-managed-policies-should-not-allow-decryption-actions-on-all-kms-keys ben.carrasco:PRWLR-4554-open-search-domains-should-have-at-least-three-data-nodes-with-zone-awareness-enabled ben.carrasco:PRWLR-4969-ensure-elasticsearch-domains-have-at-least-three-dedicated-master-nodes ben.carrasco:prowler-inventory ben.carrasco:PRWLR-4985-fix-resource-type-aws-metadata ben.carrasco:PRWLR-4782-research-about-removing-the-checks-metadata-loading-from-the-check-class ben.carrasco:v4.3 ben.carrasco:PRWLR-4785-review-only-logs-and-remove-it ben.carrasco:PRWLR-4820-error-in-gcp-execution-error-global-key-error-32-accounts ben.carrasco:PRWLR-4778-git-hub-issue-ensure-no-security-groups-allow-ingress-from-wide-open-non-rfc-1918-address-false-positive-4936 ben.carrasco:improve-ocsf ben.carrasco:PRWLR-4674-refactor-cloudfront-service ben.carrasco:dev-memory-management-optimization-poc ben.carrasco:PRWLR-4601-conflicting-documentation-for-mutelist-tags-on-aws-4782 ben.carrasco:PRWLR-4226-bad-dynamo-db-checks-i-ds ben.carrasco:PRWLR-3963-Create-new-tests-for-new-impersonate-account-of-GCP ben.carrasco:revert-4202-bugfix/execute-custom-rules ben.carrasco:v4.2 ben.carrasco:PRWLR-3773-add-listing-functions-to-new-cli ben.carrasco:PRWLR-3778-kubernetes-core-service-error ben.carrasco:PRWLR-3635-Azure-Review-checks-iam_subscription_roles_owner_custom_not_created-and-iam_custom_role_has_permissions_to_administer_resource_locks ben.carrasco:PRWLR-752-run-subservices-by-service-subservices ben.carrasco:PRWLR-2756-OSS-Amazon-Managed-Streaming-for-Apache-Kafka-MSK-Checks ben.carrasco:PRWLR-3666-bug-check-failing-due-to-iam-roles-created-by-aws-control-tower-and-aft-with-administrator-access-policy-3810 ben.carrasco:elasticache-keyerror ben.carrasco:PRWLR-3580-oss-map-k-8-s-checks-to-mitre-att-ck-framework ben.carrasco:cis-azure-fixes ben.carrasco:3865-bug-efs_not_publicly_accessible-does-not-consider-recommended-aws-condition ben.carrasco:v4.1 ben.carrasco:new-public-exposed-checks ben.carrasco:json-ocsf-checkid ben.carrasco:ens_compliance ben.carrasco:work-on-audit-manager ben.carrasco:refactor-audit-info-sagemaker ben.carrasco:bypass-compute-service ben.carrasco:fix-audit-info-tests ben.carrasco:PRWLR-2798-prowler-create-flag-to-remove-output-files-if-sent-to-an-external-provider ben.carrasco:fix-vpc_different_regions ben.carrasco:prowler-2 ben.carrasco:load-once-checks-metadata-info
ben.carrasco:5.18.1 ben.carrasco:5.18.0 ben.carrasco:5.17.1 ben.carrasco:5.17.0 ben.carrasco:5.16.1 ben.carrasco:5.16.0 ben.carrasco:5.15.1 ben.carrasco:5.15.0 ben.carrasco:5.14.2 ben.carrasco:5.14.1 ben.carrasco:5.14.0 ben.carrasco:5.13.1 ben.carrasco:5.13.0 ben.carrasco:5.12.3 ben.carrasco:5.12.2 ben.carrasco:5.12.1 ben.carrasco:5.12.0 ben.carrasco:5.11.0 ben.carrasco:5.10.2 ben.carrasco:5.10.1 ben.carrasco:5.10.0 ben.carrasco:5.9.2 ben.carrasco:5.9.1 ben.carrasco:5.9.0 ben.carrasco:5.8.1 ben.carrasco:5.8.0 ben.carrasco:5.7.5 ben.carrasco:5.7.4 ben.carrasco:5.7.3 ben.carrasco:5.7.2 ben.carrasco:5.7.1 ben.carrasco:5.7.0 ben.carrasco:5.6.0 ben.carrasco:5.5.1 ben.carrasco:5.5.0 ben.carrasco:5.4.4 ben.carrasco:5.4.3 ben.carrasco:5.4.2 ben.carrasco:5.4.1 ben.carrasco:5.4.0 ben.carrasco:5.3.0 ben.carrasco:5.2.3 ben.carrasco:5.2.2 ben.carrasco:5.2.1 ben.carrasco:5.2.0 ben.carrasco:5.1.5 ben.carrasco:5.1.4 ben.carrasco:5.1.3 ben.carrasco:5.1.2 ben.carrasco:5.1.1 ben.carrasco:5.1.0 ben.carrasco:5.0.5 ben.carrasco:5.0.4 ben.carrasco:5.0.3 ben.carrasco:5.0.2 ben.carrasco:5.0.1 ben.carrasco:4.6.2 ben.carrasco:5.0.0 ben.carrasco:4.6.1 ben.carrasco:4.6.0 ben.carrasco:4.5.3 ben.carrasco:4.5.2 ben.carrasco:4.5.1 ben.carrasco:4.5.0 ben.carrasco:4.4.1 ben.carrasco:4.4.0 ben.carrasco:4.3.7 ben.carrasco:4.3.6 ben.carrasco:3.16.17 ben.carrasco:4.3.5 ben.carrasco:4.3.4 ben.carrasco:3.16.16 ben.carrasco:3.16.15 ben.carrasco:4.3.3 ben.carrasco:4.3.2 ben.carrasco:4.3.1 ben.carrasco:4.3.0 ben.carrasco:3.16.14 ben.carrasco:3.16.13 ben.carrasco:3.16.12 ben.carrasco:3.16.11 ben.carrasco:3.16.10 ben.carrasco:4.2.4 ben.carrasco:4.2.3 ben.carrasco:3.16.9 ben.carrasco:4.2.2 ben.carrasco:3.16.8 ben.carrasco:3.16.7 ben.carrasco:3.16.6 ben.carrasco:4.2.1 ben.carrasco:4.2.0 ben.carrasco:3.16.5 ben.carrasco:3.16.4 ben.carrasco:3.16.3 ben.carrasco:4.1.0 ben.carrasco:3.16.2 ben.carrasco:3.16.1 ben.carrasco:4.0.1 ben.carrasco:4.0.0 ben.carrasco:3.16.0 ben.carrasco:3.15.3 ben.carrasco:3.15.2 ben.carrasco:3.15.1 ben.carrasco:3.15.0 ben.carrasco:3.14.0 ben.carrasco:3.13.1 ben.carrasco:3.13.0 ben.carrasco:3.12.1 ben.carrasco:3.12.0 ben.carrasco:3.11.3 ben.carrasco:3.11.2 ben.carrasco:3.11.1 ben.carrasco:3.11.0 ben.carrasco:3.10.0 ben.carrasco:3.9.0 ben.carrasco:3.8.2 ben.carrasco:3.8.1 ben.carrasco:3.8.0 ben.carrasco:3.7.2 ben.carrasco:3.7.1 ben.carrasco:3.7.0 ben.carrasco:3.6.1 ben.carrasco:3.6.0 ben.carrasco:3.5.3 ben.carrasco:3.5.2 ben.carrasco:3.5.1 ben.carrasco:3.5.0 ben.carrasco:3.4.1 ben.carrasco:3.4.0 ben.carrasco:3.3.4 ben.carrasco:3.3.3 ben.carrasco:3.3.2 ben.carrasco:3.3.1 ben.carrasco:3.3.0 ben.carrasco:3.2.4 ben.carrasco:3.2.3 ben.carrasco:3.2.2 ben.carrasco:3.2.1 ben.carrasco:3.2.0 ben.carrasco:3.1.4 ben.carrasco:3.1.3 ben.carrasco:3.1.2 ben.carrasco:3.1.1 ben.carrasco:3.1.0 ben.carrasco:3.0.2 ben.carrasco:3.0.1 ben.carrasco:3.0.0 ben.carrasco:2.12.1 ben.carrasco:2.12.0 ben.carrasco:2.11.0 ben.carrasco:2.10.0 ben.carrasco:2.9.0 ben.carrasco:2.8.1 ben.carrasco:2.8.0 ben.carrasco:2.7.0 ben.carrasco:2.6.1 ben.carrasco:2.6.0 ben.carrasco:2.5.0 ben.carrasco:2.4.1 ben.carrasco:2.4.0 ben.carrasco:2.3.0-18122020 ben.carrasco:2.3.0RC ben.carrasco:2.2.0 ben.carrasco:2.0 ben.carrasco:2.0-Beta ben.carrasco:1.6 ben.carrasco:1.5 ben.carrasco:1.4 ben.carrasco:1.3 ben.carrasco:1.2 ben.carrasco:1.1.1 ben.carrasco:1.1 ben.carrasco:1.0
...
pull from: ben.carrasco:PROWLER-509-update-privesc-checks-with-all-the-paths-from-pathfinding-cloud
Branches Tags
ben.carrasco:feat/PROWLER-941-stage-2-b-image-provider-cli-docs ben.carrasco:feat/PROWLER-939-stage-2-registry-auth ben.carrasco:PROWLER-961-openstack-network-service-new-checks ben.carrasco:PROWLER-1025-review-ec-2-001-iam-014-glue-001-and-bedrock-001-privesc-queries ben.carrasco:feat/PROWLER-939-stage-1-image-provider-mvp-for-cli ben.carrasco:PROWLER-820-low-cloudflare-scan-is-slow-for-accounts-with-many-zones ben.carrasco:v5.18 ben.carrasco:master ben.carrasco:dependabot/github_actions/master/actions/checkout-6.0.2 ben.carrasco:dependabot/github_actions/master/actions/setup-node-6.2.0 ben.carrasco:dependabot/github_actions/master/actions/cache-5.0.3 ben.carrasco:PROWLER-877-endpoints-get-findings-groups-and-findings-groups-id-resources ben.carrasco:fix/ui-scans-polling-optimization ben.carrasco:image-scan-poc ben.carrasco:update-readme-numbers ben.carrasco:PROWLER-1028-create-compliance-cis-3-1-for-oracle-cloud ben.carrasco:PROWLER-389-add-cloudflare-to-ui ben.carrasco:review_metadata_azure_monitor ben.carrasco:dependabot/pip/master/pytest-cov-6.3.0 ben.carrasco:dependabot/pip/master/moto-5.1.20 ben.carrasco:dependabot/pip/master/coverage-7.10.7 ben.carrasco:dependabot/pip/master/pytest-8.4.2 ben.carrasco:dependabot/pip/master/pre-commit-4.3.0 ben.carrasco:dependabot/pip/master/flake8-7.3.0 ben.carrasco:dependabot/pip/master/freezegun-1.5.5 ben.carrasco:dependabot/pip/master/marshmallow-4.0.1 ben.carrasco:dependabot/pip/master/openapi-spec-validator-0.7.2 ben.carrasco:dependabot/pip/master/pytest-xdist-3.8.0 ben.carrasco:dependabot/pip/master/bandit-1.8.6 ben.carrasco:dependabot/pip/master/black-25.11.0 ben.carrasco:dependabot/pip/master/pytest-randomly-4.0.1 ben.carrasco:dependabot/pip/master/pylint-3.3.9 ben.carrasco:PROWLER-960-jwt-key-generation-fails-with-permission-error-on-fresh-docker-compose-deployment ben.carrasco:dependabot/pip/authlib-1.6.6 ben.carrasco:dependabot/pip/protobuf-6.33.5 ben.carrasco:PROWLER-897-openstack-compute-service-new-checks ben.carrasco:feat/PROWLER-930-recursive-table ben.carrasco:feat/PROWLER-809-tree-view ben.carrasco:feat/prowler-709-defender-atp-safe-attachments-policy-enabled ben.carrasco:feat/PROWLER-707-test ben.carrasco:aws-regions-update-170 ben.carrasco:dependabot/github_actions/master/peter-evans/create-pull-request-8.1.0 ben.carrasco:dependabot/github_actions/master/regclient/actions-148669fe4b19151fcab6e00c6df2db43b9e2b097 ben.carrasco:dependabot/github_actions/master/actions/setup-python-6.2.0 ben.carrasco:dependabot/github_actions/master/docker/login-action-3.7.0 ben.carrasco:dependabot/github_actions/master/github/codeql-action-4.32.0 ben.carrasco:dependabot/github_actions/master/trufflesecurity/trufflehog-3.92.5 ben.carrasco:feature/PROWLER-952-vitest-testing-library ben.carrasco:PROWLER-509-update-privesc-checks-with-all-the-paths-from-pathfinding-cloud ben.carrasco:feat/prowler-838-entra-conditional-access-policy-enforce-sign-in-frequency ben.carrasco:v5.17 ben.carrasco:dependabot/pip/api/azure-core-1.38.0 ben.carrasco:feat/prowler-708-defender-safe-attachments-policy-enabled ben.carrasco:feat/PROWLER-774-Findings-Hierarchical-Tree-View-Check-Resources ben.carrasco:feat/prowler-835-entra-conditional-access-policy-emergency-access-exclusion ben.carrasco:feat/prowler-833-entra-conditional-access-policy-all-apps-coverage ben.carrasco:feat/prowler-832-entra-default-app-management-policy-enabled ben.carrasco:PROWLER-822-high-cloudflare-zone-waf-enabled-check-false-positive ben.carrasco:backport/v5.17/pr-9892 ben.carrasco:PROWLER-690-feature-add-batch-provider-creation-endpoint-api ben.carrasco:PROWLER-717-enhance-git-hub-placeholder-and-documentation ben.carrasco:dependabot/uv/mcp_server/python-multipart-0.0.22 ben.carrasco:feat/migrate-to-prek ben.carrasco:aws-regions-update-169 ben.carrasco:fix/skill-sync-bash3-compat ben.carrasco:PROWLER-693-enhancement-add-status-field-to-provider-model-api ben.carrasco:aws-regions-update-168 ben.carrasco:dependabot/uv/mcp_server/starlette-0.49.1 ben.carrasco:dependabot/uv/mcp_server/authlib-1.6.6 ben.carrasco:dependabot/uv/mcp_server/urllib3-2.6.3 ben.carrasco:PROWLER-512-merge-attack-paths ben.carrasco:v5.16 ben.carrasco:attack-paths-demo-extras ben.carrasco:PROWLER-511-solve-one-neo-4-j-database-per-provider ben.carrasco:PROWLER-611-create-e-2-e-tests-for-the-alibabacloud-provider ben.carrasco:fix/black-formatting-validate-compliance ben.carrasco:feat/prowler-compliance-review-skill ben.carrasco:PROWLER-663-improve-skill-md-and-correct-typos-for-the-compliance-part ben.carrasco:dependabot/pip/master/google-auth-httplib2-0.2.1 ben.carrasco:feat/sns-integration ben.carrasco:feat/github-integration ben.carrasco:review_metadata_m365_teams ben.carrasco:review_metadata_m365_sharepoint ben.carrasco:review_metadata_m365_exchange ben.carrasco:review_metadata_m365_entra ben.carrasco:review_metadata_m365_defender ben.carrasco:review_metadata_m365_admincenter ben.carrasco:review_metadata_kubernetes_scheduler ben.carrasco:review_metadata_kubernetes_rbac ben.carrasco:review_metadata_kubernetes_kubelet ben.carrasco:review_metadata_kubernetes_core ben.carrasco:review_metadata_kubernetes_controllermanager ben.carrasco:review_metadata_kubernetes_apiserver ben.carrasco:update-api-lock ben.carrasco:review_metadata_github_repository ben.carrasco:review_metadata_mongodbatlas_organizations ben.carrasco:review_metadata_mongodbatlas_clusters ben.carrasco:review_metadata_gcp_logging ben.carrasco:review_metadata_gcp_kms ben.carrasco:review_metadata_gcp_iam ben.carrasco:review_metadata_gcp_gke ben.carrasco:review_metadata_gcp_gcr ben.carrasco:review_metadata_gcp_dns ben.carrasco:review_metadata_gcp_dataproc ben.carrasco:review_metadata_gcp_compute ben.carrasco:review_metadata_gcp_cloudstorage ben.carrasco:review_metadata_gcp_cloudsql ben.carrasco:review_metadata_gcp_bigquery ben.carrasco:review_metadata_gcp_apikeys ben.carrasco:review_metadata_azure_vm ben.carrasco:review_metadata_azure_keyvault ben.carrasco:review_metadata_azure_entra ben.carrasco:fix/v5.16-version-alignment ben.carrasco:api-5.16-changelog ben.carrasco:v5.15 ben.carrasco:feat/PROWLER-22-Risk-Radar-Component-UI-2 ben.carrasco:backport/v5.15/pr-9567 ben.carrasco:feat/api-query-performance-guide ben.carrasco:feat/ui-gga-code-review ben.carrasco:backport/v5.15/pr-9558 ben.carrasco:aws-regions-update-163 ben.carrasco:PROWLER-481-issues-with-ia-c-scan-in-bug-repos ben.carrasco:add-search-provider-bar ben.carrasco:chore/ui-e2e-cloud-tests ben.carrasco:feat/ui-scans-resources-link ben.carrasco:backport/v5.14/pr-9489 ben.carrasco:backport/v5.14/pr-9487 ben.carrasco:aws-regions-update-162 ben.carrasco:feat/PROWLER-34-Risk-Plot-Component-UI ben.carrasco:rbi-framework-support ben.carrasco:PROWLER-XX-separate-runner-for-aws-tests ben.carrasco:v5.14 ben.carrasco:feat/api-providers-severity-endpoint ben.carrasco:feat/PROWLER-447-Attack-surface-component-Front ben.carrasco:review_metadata_oraclecloud_objectstorage ben.carrasco:review_metadata_oraclecloud_network ben.carrasco:review_metadata_oraclecloud_kms ben.carrasco:review_metadata_oraclecloud_integration ben.carrasco:review_metadata_oraclecloud_identity ben.carrasco:review_metadata_oraclecloud_filestorage ben.carrasco:review_metadata_oraclecloud_events ben.carrasco:review_metadata_oraclecloud_database ben.carrasco:review_metadata_oraclecloud_compute ben.carrasco:backport/v5.14/pr-9345 ben.carrasco:aws-regions-update-161 ben.carrasco:PROWLER-182-kubernetes-add-and-connect-the-provider ben.carrasco:PROWLER-181-gcp-add-and-connect-the-provider ben.carrasco:backport/v5.13/pr-9274 ben.carrasco:PRWLR-7853-asff-first-observed-at-is-not-taking-into-account-the-finding-can-exist ben.carrasco:backport/v5.13/pr-9208 ben.carrasco:v5.13 ben.carrasco:PRWLR-7885-fix-report-timestamps ben.carrasco:DEVREL-115-fix-anchors ben.carrasco:backport/v5.13/pr-9054 ben.carrasco:PROWLER-285-aws-add-an-connect-the-provider-sdk-default-env ben.carrasco:prwlr-7751-github-app-authentication-incorrectly-handles-key-parameter-and-environment-variables ben.carrasco:PROWLER-376-update-docs-with-gcp-permissions ben.carrasco:DEVREL-98-include-open-api-specification-in-mintlify ben.carrasco:DEVREL-93-prowler-gha-poc ben.carrasco:add-timeout-thread ben.carrasco:DEVREL-109-add-link-to-aws-console-in-aws-findings ben.carrasco:PROWLER-185-launch-scheduled-scan ben.carrasco:add-links-to-iac-findings ben.carrasco:PROWLER-186-launch-on-demand-scan ben.carrasco:chore-api-prowler-version-update ben.carrasco:api-mintlify-docs ben.carrasco:review_metadata_m365_purview ben.carrasco:PROWLER-188-invite-new-user ben.carrasco:PROWLER-197-out-of-scope-github-add-an-connect-the-provider ben.carrasco:PROWLER-XX-check-all-checks-have-passed ben.carrasco:backport/v5.13/pr-9062 ben.carrasco:PROWLER-253-extract-aws-data-from-prowler-database-and-transform-it-to-be-ingested-by-cartography ben.carrasco:workshop-as-docs ben.carrasco:create-alibaba-provider ben.carrasco:PRWLR-7835-amazon-bedrock ben.carrasco:feat/gcp-cloudstorage-versioning-enabled ben.carrasco:feat/cloudflare-provider ben.carrasco:feat/stuck-scans-command ben.carrasco:PROWLER-XX-update-changelogs ben.carrasco:refactor/graph-components-kebab-case ben.carrasco:fix-threatscore-s3-location ben.carrasco:demo-api-key ben.carrasco:trigger-preview ben.carrasco:api-changelog-1-14 ben.carrasco:feat/PRWLR-7763-new-credentials-form ben.carrasco:PROWLER-258-github-social-sign-up ben.carrasco:feat/PRWLR-7933-UI-Api-Key ben.carrasco:attribute-error-in-m365 ben.carrasco:v5.12 ben.carrasco:api-keys-docs-improvement ben.carrasco:iac-in-the-app ben.carrasco:pr-8743 ben.carrasco:PRWLR-8174-add-additional-compliance-information-to-compliance-detail-page-ui ben.carrasco:PRWLR-7170-improve-html-output-in-prowler ben.carrasco:todo-check-class ben.carrasco:review-metadata-aws-neptune ben.carrasco:fix/nextjs-cache-folder-not-found ben.carrasco:update-api-dependency-v5.12-1757406446 ben.carrasco:aws-services-regions-updated-422a8a0f625cee103be5e5a97b9639f49997b949 ben.carrasco:PRWLR-7873-add-all-finding-fields-in-the-ticket-summary-table-jira ben.carrasco:backport/v5.11/pr-8619 ben.carrasco:backport/v5.11/pr-8629 ben.carrasco:backport/v5.11/pr-8638 ben.carrasco:aws-services-regions-updated-fdb76e78207e10cf07660bbfa70665fc6552c0dd ben.carrasco:v5.11 ben.carrasco:PRWLR-7706-add-pydantic-validators-to-check-metadata-model-per-rfc-specification ben.carrasco:nitpicks/7e7fce94-067a-47b0-b6d1-9b1f4ccac28f ben.carrasco:PRWLR-6707-create-a-way-of-reporting-for-prowler-threatscore ben.carrasco:v5.10 ben.carrasco:fix-threatscore-scoring ben.carrasco:PRWLR-7212-recommend-fix ben.carrasco:PRWLR-7784-cloud-providers-connection-filter-status-labels ben.carrasco:add-posthog-integration ben.carrasco:PRWLR-7732-add-mutelist-menu-item ben.carrasco:v5.9 ben.carrasco:alert-autofix-55 ben.carrasco:PRWLR-7212-recommend ben.carrasco:nitpicks/678b4540-69e7-4be1-802c-11e249359177 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359177 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359176 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359175 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359174 ben.carrasco:PRWLR-7606-add-github-provider-to-ui ben.carrasco:fix/kisa-isms-p_compilance ben.carrasco:fix-gh-typo ben.carrasco:backport/v5.9/pr-8265 ben.carrasco:PRWLR-7569-create-different-flows-of-onboarding-in-m-365 ben.carrasco:feature/add-posthog-analytics ben.carrasco:PRWLR-7635-mongodbatlas-additional-checks ben.carrasco:PRWLR-7635-mongodbatlas-provider-foundation ben.carrasco:v5.8 ben.carrasco:PRWLR-6064-change-user-deletion-api-response ben.carrasco:backport/v5.8/pr-8257 ben.carrasco:backport/v5.7/pr-8270 ben.carrasco:update-fixers-docs ben.carrasco:PRWLR-7205-migrate-fixers-to-new-class-structure ben.carrasco:PRWLR-5093-design-the-fixer-class ben.carrasco:PRWLR-7597-fix-and-optimize-search-filters-for-findings-and-resources ben.carrasco:backport/v5.8/pr-8253 ben.carrasco:PRWLR-7512-create-custom-link-component ben.carrasco:PRWLR-7524-improve-api-performance-on-scan-page-using-include-param ben.carrasco:v5.7 ben.carrasco:PRWLR-7386-playwright-setup-nextjs ben.carrasco:backport/v5.7/pr-8087 ben.carrasco:PRWLR-7459-support-for-scanning-remote-git-repositories-specified-by-url ben.carrasco:api-add-missing-map ben.carrasco:PRWLR-7346-create-a-db-helper-to-create-indexes-following-best-practices ben.carrasco:PRWLR-4758-django-must-support-read-only-replica-database-config ben.carrasco:PRWLR-7134-api-performance-tests-for-resources ben.carrasco:fix/update-changelog-and-block-1st-item-in-providers-selector ben.carrasco:psql-proxy ben.carrasco:PRWLR-7292-old-scans-not-shown-when-all-providers-have-connection-fail ben.carrasco:PRWLR-7160-findings-page-scan-id-filter-improvement ben.carrasco:showdown-demo ben.carrasco:backport/v5.7/pr-7928 ben.carrasco:PRWLR-7302-nextjs-analyst ben.carrasco:backport/v5.7/pr-7921 ben.carrasco:PRWLR-7297-django-endpoint ben.carrasco:api-changelog-5.7.2 ben.carrasco:update-changelog ben.carrasco:PRWLR-7318-add-ia-c-provider-tests ben.carrasco:PRWLR-6367-create-a-finding-new-uid-column-to-avoid-length-limitations ben.carrasco:PRWLR-5556-ensure-inactive-users-are-reviewed-and-removed-periodically ben.carrasco:fix/7508-review-fixes ben.carrasco:PRWLR-5989-ensure-that-spf-records-are-published-for-all-exchange ben.carrasco:v5.6 ben.carrasco:backport/v5.6/pr-7746 ben.carrasco:PRWLR-7117-implement-new-findings-latest-endpoint-API-UI ben.carrasco:poc-ui-e2e ben.carrasco:review-changelogs-for-v5.6 ben.carrasco:v5.5 ben.carrasco:PRWLR-6373-Implement-Compliance-Outputs-UI-temp ben.carrasco:PRWLR-6886-sdk-aws-resource-po-c ben.carrasco:PRWLR-6834-exclude-checks-in-prowler-api ben.carrasco:improve-rls-policies ben.carrasco:M365-testing ben.carrasco:PRWLR-6643-capture-sentry-exceptions ben.carrasco:PRWLR-6464-running-into-302-error-subscription-could-not-be-found-7214 ben.carrasco:v4.6 ben.carrasco:PRWLR-6469-review-resource-types-in-check-metadata-2nd-round ben.carrasco:v5.4 ben.carrasco:backport/v4.6/pr-7420 ben.carrasco:v3 ben.carrasco:backport/v4.6/pr-7410 ben.carrasco:backport/v4.6/pr-7330 ben.carrasco:backport/v3/pr-7330 ben.carrasco:improve-deletion-process ben.carrasco:PRWLR-6502-improve-docs-adding-videos ben.carrasco:PRWLR-6472-add-docs-inside-ui-page-for-each-provider ben.carrasco:PRWLR-6455-change-microsoft-365-check-names ben.carrasco:revert-7112-PRWLR-6398-upgrade-poetry-to-v-2-in-prowler ben.carrasco:fix-api-prowler-dep ben.carrasco:backport/v4.6/pr-7205 ben.carrasco:backport/v5.4/pr-7141 ben.carrasco:v5.3 ben.carrasco:PRWLR-5956-Export-Artifacts-only-UIpart-v2 ben.carrasco:backport/v5.2/pr-6947 ben.carrasco:backport/v4.6/pr-6896 ben.carrasco:backport/v4.6/pr-6908 ben.carrasco:PRWLR-5956-Export-Artifacts-only-UIpart ben.carrasco:PRWLR-5860-ensure-security-defaults-is-disabled ben.carrasco:v5.2 ben.carrasco:backport/v3/pr-6823 ben.carrasco:backport/v3/pr-6822 ben.carrasco:backport/v3/pr-6824 ben.carrasco:PRWLR-6129-review-check-report-init-for-region-resource-id-resource-arn ben.carrasco:PRWLR-5956-Export-Artifacts ben.carrasco:PRWLR-6143-fix-error-related-with-detect-secrets ben.carrasco:v5.1 ben.carrasco:v5.0 ben.carrasco:backport/v3/pr-6611 ben.carrasco:backport/v3/pr-6352 ben.carrasco:PRWLR-5573-ensure-scanners-are-in-place-for-open-source-vulnerabilities-in-used-packages ben.carrasco:PRWLR-4669-Roles-Page-UI-with-API-changes ben.carrasco:PRWLR-5831-review-and-fix-all-the-nonetypes-from-prod-logs ben.carrasco:PRWLR-4669-Roles-Page-API-UI ben.carrasco:PRWLR-5516-ensure-branch-protection-is-enforced-on-the-default-branch ben.carrasco:PRWLR-5535-ensure-linear-history-is-required ben.carrasco:backport/v3/pr-6122 ben.carrasco:PRWLR-5696-debug-django-loosing-db-connections ben.carrasco:backport/v4.4/pr-5195 ben.carrasco:PRWLR-5513-enforce-two-approval-requirement-for-code-changes-in-git-hub-repositories ben.carrasco:PRWLR-5550-Scans-New-attribute-Next-scan-schedule ben.carrasco:backport/v3/pr-5961 ben.carrasco:PRWLR-4785-remove-only-logs ben.carrasco:v4.5 ben.carrasco:PRWLR-5281-po-c-development ben.carrasco:PRWLR-5266-review-checks-executed-by-sdk-and-cli ben.carrasco:v4.4 ben.carrasco:PRWLR-4539-iam-customer-managed-policies-should-not-allow-decryption-actions-on-all-kms-keys ben.carrasco:PRWLR-4554-open-search-domains-should-have-at-least-three-data-nodes-with-zone-awareness-enabled ben.carrasco:PRWLR-4969-ensure-elasticsearch-domains-have-at-least-three-dedicated-master-nodes ben.carrasco:prowler-inventory ben.carrasco:PRWLR-4985-fix-resource-type-aws-metadata ben.carrasco:PRWLR-4782-research-about-removing-the-checks-metadata-loading-from-the-check-class ben.carrasco:v4.3 ben.carrasco:PRWLR-4785-review-only-logs-and-remove-it ben.carrasco:PRWLR-4820-error-in-gcp-execution-error-global-key-error-32-accounts ben.carrasco:PRWLR-4778-git-hub-issue-ensure-no-security-groups-allow-ingress-from-wide-open-non-rfc-1918-address-false-positive-4936 ben.carrasco:improve-ocsf ben.carrasco:PRWLR-4674-refactor-cloudfront-service ben.carrasco:dev-memory-management-optimization-poc ben.carrasco:PRWLR-4601-conflicting-documentation-for-mutelist-tags-on-aws-4782 ben.carrasco:PRWLR-4226-bad-dynamo-db-checks-i-ds ben.carrasco:PRWLR-3963-Create-new-tests-for-new-impersonate-account-of-GCP ben.carrasco:revert-4202-bugfix/execute-custom-rules ben.carrasco:v4.2 ben.carrasco:PRWLR-3773-add-listing-functions-to-new-cli ben.carrasco:PRWLR-3778-kubernetes-core-service-error ben.carrasco:PRWLR-3635-Azure-Review-checks-iam_subscription_roles_owner_custom_not_created-and-iam_custom_role_has_permissions_to_administer_resource_locks ben.carrasco:PRWLR-752-run-subservices-by-service-subservices ben.carrasco:PRWLR-2756-OSS-Amazon-Managed-Streaming-for-Apache-Kafka-MSK-Checks ben.carrasco:PRWLR-3666-bug-check-failing-due-to-iam-roles-created-by-aws-control-tower-and-aft-with-administrator-access-policy-3810 ben.carrasco:elasticache-keyerror ben.carrasco:PRWLR-3580-oss-map-k-8-s-checks-to-mitre-att-ck-framework ben.carrasco:cis-azure-fixes ben.carrasco:3865-bug-efs_not_publicly_accessible-does-not-consider-recommended-aws-condition ben.carrasco:v4.1 ben.carrasco:new-public-exposed-checks ben.carrasco:json-ocsf-checkid ben.carrasco:ens_compliance ben.carrasco:work-on-audit-manager ben.carrasco:refactor-audit-info-sagemaker ben.carrasco:bypass-compute-service ben.carrasco:fix-audit-info-tests ben.carrasco:PRWLR-2798-prowler-create-flag-to-remove-output-files-if-sent-to-an-external-provider ben.carrasco:fix-vpc_different_regions ben.carrasco:prowler-2 ben.carrasco:load-once-checks-metadata-info
ben.carrasco:5.18.1 ben.carrasco:5.18.0 ben.carrasco:5.17.1 ben.carrasco:5.17.0 ben.carrasco:5.16.1 ben.carrasco:5.16.0 ben.carrasco:5.15.1 ben.carrasco:5.15.0 ben.carrasco:5.14.2 ben.carrasco:5.14.1 ben.carrasco:5.14.0 ben.carrasco:5.13.1 ben.carrasco:5.13.0 ben.carrasco:5.12.3 ben.carrasco:5.12.2 ben.carrasco:5.12.1 ben.carrasco:5.12.0 ben.carrasco:5.11.0 ben.carrasco:5.10.2 ben.carrasco:5.10.1 ben.carrasco:5.10.0 ben.carrasco:5.9.2 ben.carrasco:5.9.1 ben.carrasco:5.9.0 ben.carrasco:5.8.1 ben.carrasco:5.8.0 ben.carrasco:5.7.5 ben.carrasco:5.7.4 ben.carrasco:5.7.3 ben.carrasco:5.7.2 ben.carrasco:5.7.1 ben.carrasco:5.7.0 ben.carrasco:5.6.0 ben.carrasco:5.5.1 ben.carrasco:5.5.0 ben.carrasco:5.4.4 ben.carrasco:5.4.3 ben.carrasco:5.4.2 ben.carrasco:5.4.1 ben.carrasco:5.4.0 ben.carrasco:5.3.0 ben.carrasco:5.2.3 ben.carrasco:5.2.2 ben.carrasco:5.2.1 ben.carrasco:5.2.0 ben.carrasco:5.1.5 ben.carrasco:5.1.4 ben.carrasco:5.1.3 ben.carrasco:5.1.2 ben.carrasco:5.1.1 ben.carrasco:5.1.0 ben.carrasco:5.0.5 ben.carrasco:5.0.4 ben.carrasco:5.0.3 ben.carrasco:5.0.2 ben.carrasco:5.0.1 ben.carrasco:4.6.2 ben.carrasco:5.0.0 ben.carrasco:4.6.1 ben.carrasco:4.6.0 ben.carrasco:4.5.3 ben.carrasco:4.5.2 ben.carrasco:4.5.1 ben.carrasco:4.5.0 ben.carrasco:4.4.1 ben.carrasco:4.4.0 ben.carrasco:4.3.7 ben.carrasco:4.3.6 ben.carrasco:3.16.17 ben.carrasco:4.3.5 ben.carrasco:4.3.4 ben.carrasco:3.16.16 ben.carrasco:3.16.15 ben.carrasco:4.3.3 ben.carrasco:4.3.2 ben.carrasco:4.3.1 ben.carrasco:4.3.0 ben.carrasco:3.16.14 ben.carrasco:3.16.13 ben.carrasco:3.16.12 ben.carrasco:3.16.11 ben.carrasco:3.16.10 ben.carrasco:4.2.4 ben.carrasco:4.2.3 ben.carrasco:3.16.9 ben.carrasco:4.2.2 ben.carrasco:3.16.8 ben.carrasco:3.16.7 ben.carrasco:3.16.6 ben.carrasco:4.2.1 ben.carrasco:4.2.0 ben.carrasco:3.16.5 ben.carrasco:3.16.4 ben.carrasco:3.16.3 ben.carrasco:4.1.0 ben.carrasco:3.16.2 ben.carrasco:3.16.1 ben.carrasco:4.0.1 ben.carrasco:4.0.0 ben.carrasco:3.16.0 ben.carrasco:3.15.3 ben.carrasco:3.15.2 ben.carrasco:3.15.1 ben.carrasco:3.15.0 ben.carrasco:3.14.0 ben.carrasco:3.13.1 ben.carrasco:3.13.0 ben.carrasco:3.12.1 ben.carrasco:3.12.0 ben.carrasco:3.11.3 ben.carrasco:3.11.2 ben.carrasco:3.11.1 ben.carrasco:3.11.0 ben.carrasco:3.10.0 ben.carrasco:3.9.0 ben.carrasco:3.8.2 ben.carrasco:3.8.1 ben.carrasco:3.8.0 ben.carrasco:3.7.2 ben.carrasco:3.7.1 ben.carrasco:3.7.0 ben.carrasco:3.6.1 ben.carrasco:3.6.0 ben.carrasco:3.5.3 ben.carrasco:3.5.2 ben.carrasco:3.5.1 ben.carrasco:3.5.0 ben.carrasco:3.4.1 ben.carrasco:3.4.0 ben.carrasco:3.3.4 ben.carrasco:3.3.3 ben.carrasco:3.3.2 ben.carrasco:3.3.1 ben.carrasco:3.3.0 ben.carrasco:3.2.4 ben.carrasco:3.2.3 ben.carrasco:3.2.2 ben.carrasco:3.2.1 ben.carrasco:3.2.0 ben.carrasco:3.1.4 ben.carrasco:3.1.3 ben.carrasco:3.1.2 ben.carrasco:3.1.1 ben.carrasco:3.1.0 ben.carrasco:3.0.2 ben.carrasco:3.0.1 ben.carrasco:3.0.0 ben.carrasco:2.12.1 ben.carrasco:2.12.0 ben.carrasco:2.11.0 ben.carrasco:2.10.0 ben.carrasco:2.9.0 ben.carrasco:2.8.1 ben.carrasco:2.8.0 ben.carrasco:2.7.0 ben.carrasco:2.6.1 ben.carrasco:2.6.0 ben.carrasco:2.5.0 ben.carrasco:2.4.1 ben.carrasco:2.4.0 ben.carrasco:2.3.0-18122020 ben.carrasco:2.3.0RC ben.carrasco:2.2.0 ben.carrasco:2.0 ben.carrasco:2.0-Beta ben.carrasco:1.6 ben.carrasco:1.5 ben.carrasco:1.4 ben.carrasco:1.3 ben.carrasco:1.2 ben.carrasco:1.1.1 ben.carrasco:1.1 ben.carrasco:1.0

3 Commits
aws-region ... PROWLER-50

Author SHA1 Message Date
Andoni A.
49182f11d6 docs(aws): restore reference and TODO comments in privilege escalation patterns 
Restore comments that were inadvertently removed during refactoring:
- Add reference URL for ECS StartTask privilege escalation path
- Add TODO comment for AssumeRole handling considerations
 2026-01-29 14:28:03 +01:00
Andoni A.
a2419d2766 docs(aws): add prerequisite comments to privilege escalation patterns 
Document environmental requirements for patterns that need existing
resources to exploit (e.g., existing Lambda functions, EC2 instances,
or CloudFormation stacks with elevated roles).
 2026-01-29 09:53:55 +01:00
Andoni A.
9ac43784c3 refactor(aws): remove redundant superset patterns from privilege escalation detection 
Remove 6 patterns that are strict supersets of other patterns and add no
detection value:
- PassRole+GlueEndpoint (superset of PassRole+GlueCreateDevEndpoint)
- PassRole+GlueEndpoints (superset of PassRole+GlueCreateDevEndpoint)
- PassRole+CloudFormation (superset of PassRole+CloudFormationCreateStack)
- PassRole+ECS+CreateCluster+RegisterTaskDef+CreateService
- PassRole+ECS+CreateCluster+RegisterTaskDef+RunTask
- PassRole+AgentCoreFullSession
 2026-01-28 10:38:49 +01:00
1 changed files with 216 additions and 33 deletions
Expand all files Collapse all files

249
prowler/providers/aws/services/iam/lib/privilege_escalation.py
View File

@@ -18,16 +18,88 @@ from prowler.providers.aws.services.iam.lib.policy import get_effective_actions
# - https://bishopfox.com/blog/privilege-escalation-in-aws
# - https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/aws_escalate.py
# - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
# - https://github.com/DataDog/pathfinding.cloud (AWS IAM Privilege Escalation Path Library)
privilege_escalation_policies_combination = {
# IAM self-escalation and policy manipulation
"OverPermissiveIAM": {"iam:*"},
"IAMPut": {"iam:Put*"},
"CreatePolicyVersion": {"iam:CreatePolicyVersion"},
"SetDefaultPolicyVersion": {"iam:SetDefaultPolicyVersion"},
"iam:CreateAccessKey": {"iam:CreateAccessKey"},
"iam:CreateLoginProfile": {"iam:CreateLoginProfile"},
"iam:UpdateLoginProfile": {"iam:UpdateLoginProfile"},
"iam:AttachUserPolicy": {"iam:AttachUserPolicy"},
"iam:AttachGroupPolicy": {"iam:AttachGroupPolicy"},
"iam:AttachRolePolicy": {"iam:AttachRolePolicy"},
"iam:PutGroupPolicy": {"iam:PutGroupPolicy"},
"iam:PutRolePolicy": {"iam:PutRolePolicy"},
"iam:PutUserPolicy": {"iam:PutUserPolicy"},
"iam:AddUserToGroup": {"iam:AddUserToGroup"},
"iam:UpdateAssumeRolePolicy": {"iam:UpdateAssumeRolePolicy"},
# IAM chained privilege escalation patterns
"CreateAccessKey+DeleteAccessKey": {
"iam:CreateAccessKey",
"iam:DeleteAccessKey",
},
"AttachUserPolicy+CreateAccessKey": {
"iam:AttachUserPolicy",
"iam:CreateAccessKey",
},
"PutUserPolicy+CreateAccessKey": {
"iam:PutUserPolicy",
"iam:CreateAccessKey",
},
"AttachRolePolicy+UpdateAssumeRolePolicy": {
"iam:AttachRolePolicy",
"iam:UpdateAssumeRolePolicy",
},
"CreatePolicyVersion+UpdateAssumeRolePolicy": {
"iam:CreatePolicyVersion",
"iam:UpdateAssumeRolePolicy",
},
"PutRolePolicy+UpdateAssumeRolePolicy": {
"iam:PutRolePolicy",
"iam:UpdateAssumeRolePolicy",
},
# STS-based privilege escalation patterns
"AssumeRole+AttachRolePolicy": {"sts:AssumeRole", "iam:AttachRolePolicy"},
"AssumeRole+PutRolePolicy": {"sts:AssumeRole", "iam:PutRolePolicy"},
"AssumeRole+UpdateAssumeRolePolicy": {
"sts:AssumeRole",
"iam:UpdateAssumeRolePolicy",
},
"AssumeRole+CreatePolicyVersion": {
"sts:AssumeRole",
"iam:CreatePolicyVersion",
},
# EC2-based privilege escalation patterns
"PassRole+EC2": {
"iam:PassRole",
"ec2:RunInstances",
},
"PassRole+EC2SpotInstances": {
"iam:PassRole",
"ec2:RequestSpotInstances",
},
# Prerequisite: Existing EC2 instance with admin role attached
"EC2ModifyInstanceAttribute": {
"ec2:ModifyInstanceAttribute",
"ec2:StopInstances",
"ec2:StartInstances",
},
# Prerequisite: Existing launch template used by instances with admin role
"EC2ModifyLaunchTemplate": {
"ec2:CreateLaunchTemplateVersion",
"ec2:ModifyLaunchTemplate",
},
# EC2 Instance Connect privilege escalation
# Prerequisite: Running EC2 with Instance Connect enabled and admin role
"EC2InstanceConnect+SendSSHPublicKey": {
"ec2-instance-connect:SendSSHPublicKey",
"ec2:DescribeInstances",
},
# Lambda-based privilege escalation patterns
"PassRole+CreateLambda+Invoke": {
"iam:PassRole",
"lambda:CreateFunction",
@@ -45,68 +117,131 @@ privilege_escalation_policies_combination = {
"dynamodb:CreateTable",
"dynamodb:PutItem",
},
"PassRole+GlueEndpoint": {
"PassRole+CreateLambda+AddPermission": {
"iam:PassRole",
"lambda:CreateFunction",
"lambda:AddPermission",
},
# Prerequisite: Existing Lambda function with admin execution role
"lambda:UpdateFunctionCode": {"lambda:UpdateFunctionCode"},
# Prerequisite: Existing Lambda function with admin execution role
"lambda:UpdateFunctionConfiguration": {"lambda:UpdateFunctionConfiguration"},
# Prerequisite: Existing Lambda function with admin execution role
"UpdateFunctionCode+InvokeFunction": {
"lambda:UpdateFunctionCode",
"lambda:InvokeFunction",
},
# Prerequisite: Existing Lambda function with admin execution role
"UpdateFunctionCode+AddPermission": {
"lambda:UpdateFunctionCode",
"lambda:AddPermission",
},
# Glue-based privilege escalation patterns
"PassRole+GlueCreateDevEndpoint": {
"iam:PassRole",
"glue:CreateDevEndpoint",
"glue:GetDevEndpoint",
},
"PassRole+GlueEndpoints": {
# Prerequisite: Existing Glue dev endpoint with admin role
"GlueUpdateDevEndpoint": {"glue:UpdateDevEndpoint"},
"PassRole+GlueCreateJob+StartJobRun": {
"iam:PassRole",
"glue:CreateDevEndpoint",
"glue:GetDevEndpoints",
"glue:CreateJob",
"glue:StartJobRun",
},
"PassRole+CloudFormation": {
"PassRole+GlueCreateJob+CreateTrigger": {
"iam:PassRole",
"glue:CreateJob",
"glue:CreateTrigger",
},
# Prerequisite: Existing Glue job
"PassRole+GlueUpdateJob+StartJobRun": {
"iam:PassRole",
"glue:UpdateJob",
"glue:StartJobRun",
},
# Prerequisite: Existing Glue job
"PassRole+GlueUpdateJob+CreateTrigger": {
"iam:PassRole",
"glue:UpdateJob",
"glue:CreateTrigger",
},
# CloudFormation-based privilege escalation patterns
"PassRole+CloudFormationCreateStack": {
"iam:PassRole",
"cloudformation:CreateStack",
"cloudformation:DescribeStacks",
},
# Prerequisite: Existing CloudFormation stack with admin service role
"CloudFormationUpdateStack": {"cloudformation:UpdateStack"},
"PassRole+CloudFormationCreateStackSet": {
"iam:PassRole",
"cloudformation:CreateStackSet",
"cloudformation:CreateStackInstances",
},
# Prerequisite: Existing CloudFormation StackSet
"PassRole+CloudFormationUpdateStackSet": {
"iam:PassRole",
"cloudformation:UpdateStackSet",
},
# Prerequisite: Existing CloudFormation stack with admin service role
"CloudFormationChangeSet": {
"cloudformation:CreateChangeSet",
"cloudformation:ExecuteChangeSet",
},
# DataPipeline-based privilege escalation patterns
"PassRole+DataPipeline": {
"iam:PassRole",
"datapipeline:CreatePipeline",
"datapipeline:PutPipelineDefinition",
"datapipeline:ActivatePipeline",
},
"GlueUpdateDevEndpoint": {"glue:UpdateDevEndpoint"},
"lambda:UpdateFunctionCode": {"lambda:UpdateFunctionCode"},
"lambda:UpdateFunctionConfiguration": {"lambda:UpdateFunctionConfiguration"},
# CodeStar-based privilege escalation patterns
"PassRole+CodeStar": {
"iam:PassRole",
"codestar:CreateProject",
},
# CodeBuild-based privilege escalation patterns
"PassRole+CodeBuildCreateProject+StartBuild": {
"iam:PassRole",
"codebuild:CreateProject",
"codebuild:StartBuild",
},
"PassRole+CodeBuildCreateProject+StartBuildBatch": {
"iam:PassRole",
"codebuild:CreateProject",
"codebuild:StartBuildBatch",
},
# Prerequisite: Existing CodeBuild project with admin service role
"CodeBuildStartBuild": {"codebuild:StartBuild"},
# Prerequisite: Existing CodeBuild project with admin service role
"CodeBuildStartBuildBatch": {"codebuild:StartBuildBatch"},
# AutoScaling-based privilege escalation patterns
"PassRole+CreateAutoScaling": {
"iam:PassRole",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
},
# Prerequisite: Existing Auto Scaling group
"PassRole+UpdateAutoScaling": {
"iam:PassRole",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
},
"iam:CreateAccessKey": {"iam:CreateAccessKey"},
"iam:CreateLoginProfile": {"iam:CreateLoginProfile"},
"iam:UpdateLoginProfile": {"iam:UpdateLoginProfile"},
"iam:AttachUserPolicy": {"iam:AttachUserPolicy"},
"iam:AttachGroupPolicy": {"iam:AttachGroupPolicy"},
"iam:AttachRolePolicy": {"iam:AttachRolePolicy"},
"AssumeRole+AttachRolePolicy": {"sts:AssumeRole", "iam:AttachRolePolicy"},
"iam:PutGroupPolicy": {"iam:PutGroupPolicy"},
"iam:PutRolePolicy": {"iam:PutRolePolicy"},
"AssumeRole+PutRolePolicy": {"sts:AssumeRole", "iam:PutRolePolicy"},
"iam:PutUserPolicy": {"iam:PutUserPolicy"},
"iam:AddUserToGroup": {"iam:AddUserToGroup"},
"iam:UpdateAssumeRolePolicy": {"iam:UpdateAssumeRolePolicy"},
"AssumeRole+UpdateAssumeRolePolicy": {
"sts:AssumeRole",
"iam:UpdateAssumeRolePolicy",
},
# AgentCore privilege escalation patterns
"PassRole+AgentCoreCreateInterpreter+InvokeInterpreter": {
"iam:PassRole",
"bedrock-agentcore:CreateCodeInterpreter",
"bedrock-agentcore:InvokeCodeInterpreter",
},
# ECS-based privilege escalation patterns
"PassRole+ECS+RegisterTaskDef+CreateService": {
"iam:PassRole",
"ecs:RegisterTaskDefinition",
"ecs:CreateService",
},
"PassRole+ECS+RegisterTaskDef+RunTask": {
"iam:PassRole",
"ecs:RegisterTaskDefinition",
"ecs:RunTask",
},
"PassRole+ECS+RegisterTaskDef+StartTask": {
"iam:PassRole",
"ecs:RegisterTaskDefinition",
"ecs:StartTask",
},
# Reference: https://labs.reversec.com/posts/2025/08/another-ecs-privilege-escalation-path
"PassRole+ECS+StartTask": {
"iam:PassRole",
@@ -114,10 +249,58 @@ privilege_escalation_policies_combination = {
"ecs:RegisterContainerInstance",
"ecs:DeregisterContainerInstance",
},
# Prerequisite: Existing ECS cluster and task definition with admin role
"PassRole+ECS+RunTask": {
"iam:PassRole",
"ecs:RunTask",
},
# SageMaker-based privilege escalation patterns
"PassRole+SageMakerCreateNotebookInstance": {
"iam:PassRole",
"sagemaker:CreateNotebookInstance",
},
"PassRole+SageMakerCreateTrainingJob": {
"iam:PassRole",
"sagemaker:CreateTrainingJob",
},
"PassRole+SageMakerCreateProcessingJob": {
"iam:PassRole",
"sagemaker:CreateProcessingJob",
},
# Prerequisite: Existing SageMaker notebook instance with admin role
"SageMakerCreatePresignedNotebookInstanceUrl": {
"sagemaker:CreatePresignedNotebookInstanceUrl",
},
# Prerequisite: Existing SageMaker notebook instance with admin role
"SageMakerNotebookLifecycleConfig": {
"sagemaker:CreateNotebookInstanceLifecycleConfig",
"sagemaker:StopNotebookInstance",
"sagemaker:UpdateNotebookInstance",
"sagemaker:StartNotebookInstance",
},
# SSM-based privilege escalation patterns
# Prerequisite: Running EC2 with SSM agent and admin instance profile
"SSMStartSession": {"ssm:StartSession"},
# Prerequisite: Running EC2 with SSM agent and admin instance profile
"SSMSendCommand": {"ssm:SendCommand"},
# AppRunner-based privilege escalation patterns
"PassRole+AppRunnerCreateService": {
"iam:PassRole",
"apprunner:CreateService",
},
# Prerequisite: Existing App Runner service with admin role
"AppRunnerUpdateService": {"apprunner:UpdateService"},
# Bedrock AgentCore privilege escalation patterns
"PassRole+AgentCoreCreateInterpreter+InvokeInterpreter": {
"iam:PassRole",
"bedrock-agentcore:CreateCodeInterpreter",
"bedrock-agentcore:InvokeCodeInterpreter",
},
# Prerequisite: Existing Bedrock code interpreter with admin role
"AgentCoreSessionInvoke": {
"bedrock-agentcore:StartCodeInterpreterSession",
"bedrock-agentcore:InvokeCodeInterpreter",
},
# TO-DO: We have to handle AssumeRole just if the resource is * and without conditions
# "sts:AssumeRole": {"sts:AssumeRole"},
}