chore(deps): bump trufflesecurity/trufflehog from 3.88.14 to 3.88.20 (#7416)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.backportrc.json

@@ -1,14 +0,0 @@
-{
-  "repoOwner": "prowler-cloud",
-  "repoName": "prowler",
-  "targetPRLabels": [
-    "backport"
-  ],
-  "sourcePRLabels": [
-    "was-backported"
-  ],
-  "copySourcePRLabels": false,
-  "copySourcePRReviewers": true,
-  "prTitle": "{{sourcePullRequest.title}}",
-  "commitConflicts": true
-}

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,5 +1,6 @@
 name: 🐞 Bug Report
 description: Create a report to help us improve
+title: "[Bug]: "
 labels: ["bug", "status/needs-triage"]
 
 body:
@@ -26,7 +27,7 @@ body:
     id: actual
     attributes:
       label: Actual Result with Screenshots or Logs
-      description: If applicable, add screenshots to help explain your problem. Also, you can add logs (anonymize them first!). Here a command that may help to share a log `prowler <your arguments> --log-level ERROR --log-file $(date +%F)_error.log` then attach here the log file.
+      description: If applicable, add screenshots to help explain your problem. Also, you can add logs (anonymize them first!). Here a command that may help to share a log `prowler <your arguments> --log-level DEBUG --log-file $(date +%F)_debug.log` then attach here the log file.
     validations:
       required: true
   - type: dropdown

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -1,7 +1,8 @@
-name: 💡 Feature Request
+name:  💡 Feature Request
 description: Suggest an idea for this project
 labels: ["feature-request", "status/needs-triage"]
 
+
 body:
   - type: textarea
     id: Problem

.github/dependabot.yml

@@ -5,12 +5,10 @@
 
 version: 2
 updates:
-  # v5
-  - package-ecosystem: "pip"
-    directory: "/"
+  - package-ecosystem: "pip" # See documentation for possible values
+    directory: "/" # Location of package manifests
     schedule:
-      interval: "daily"
-    open-pull-requests-limit: 10
+      interval: "weekly"
     target-branch: master
     labels:
       - "dependencies"
@@ -19,8 +17,7 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
-    open-pull-requests-limit: 10
+      interval: "weekly"
     target-branch: master
     labels:
       - "dependencies"
@@ -70,7 +67,6 @@ updates:
       - "dependencies"
       - "pip"
       - "v3"
-
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:

.github/labeler.yml

@@ -25,64 +25,3 @@ provider/kubernetes:
 github_actions:
   - changed-files:
       - any-glob-to-any-file: ".github/workflows/*"
-
-cli:
-  - changed-files:
-      - any-glob-to-any-file: "cli/**"
-
-mutelist:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/lib/mutelist/**"
-      - any-glob-to-any-file: "prowler/providers/aws/lib/mutelist/**"
-      - any-glob-to-any-file: "prowler/providers/azure/lib/mutelist/**"
-      - any-glob-to-any-file: "prowler/providers/gcp/lib/mutelist/**"
-      - any-glob-to-any-file: "prowler/providers/kubernetes/lib/mutelist/**"
-      - any-glob-to-any-file: "tests/lib/mutelist/**"
-      - any-glob-to-any-file: "tests/providers/aws/lib/mutelist/**"
-      - any-glob-to-any-file: "tests/providers/azure/lib/mutelist/**"
-      - any-glob-to-any-file: "tests/providers/gcp/lib/mutelist/**"
-      - any-glob-to-any-file: "tests/providers/kubernetes/lib/mutelist/**"
-
-integration/s3:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/providers/aws/lib/s3/**"
-      - any-glob-to-any-file: "tests/providers/aws/lib/s3/**"
-
-integration/slack:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/lib/outputs/slack/**"
-      - any-glob-to-any-file: "tests/lib/outputs/slack/**"
-
-integration/security-hub:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/providers/aws/lib/security_hub/**"
-      - any-glob-to-any-file: "tests/providers/aws/lib/security_hub/**"
-      - any-glob-to-any-file: "prowler/lib/outputs/asff/**"
-      - any-glob-to-any-file: "tests/lib/outputs/asff/**"
-
-output/html:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/lib/outputs/html/**"
-      - any-glob-to-any-file: "tests/lib/outputs/html/**"
-
-output/asff:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/lib/outputs/asff/**"
-      - any-glob-to-any-file: "tests/lib/outputs/asff/**"
-
-output/ocsf:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/lib/outputs/ocsf/**"
-      - any-glob-to-any-file: "tests/lib/outputs/ocsf/**"
-
-output/csv:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/lib/outputs/csv/**"
-      - any-glob-to-any-file: "tests/lib/outputs/csv/**"
-
-compliance:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/lib/outputs/compliance/**"
-      - any-glob-to-any-file: "tests/lib/outputs/compliance/**"
-      - any-glob-to-any-file: "prowler/compliance/**"
-

.github/pull_request_template.md

@@ -2,19 +2,11 @@
 
 Please include relevant motivation and context for this PR.
 
-If fixes an issue please add it with `Fix #XXXX`
 
 ### Description
 
 Please include a summary of the change and which issue is fixed. List any dependencies that are required for this change.
 
-### Checklist
-
-- Are there new checks included in this PR? Yes / No
-    - If so, do we need to update permissions for the provider? Please review this carefully.
-- [ ] Review if the code is being covered by tests.
-- [ ] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
-- [ ] Review if backport is needed.
 
 ### License
 

.github/workflows/backport.yml

@@ -1,42 +0,0 @@
-name: Automatic Backport
-
-on:
-  pull_request_target:
-    branches: ['master']
-    types: ['labeled', 'closed']
-
-jobs:
-  backport:
-    name: Backport PR
-    if: github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport'))
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      pull-requests: write
-      contents: write
-    steps:
-      # Workaround not to fail the workflow if the PR does not need a backport
-      # https://github.com/sorenlouv/backport-github-action/issues/127#issuecomment-2258561266
-      - name: Check for backport labels
-        id: check_labels
-        run: |-
-          labels='${{ toJSON(github.event.pull_request.labels.*.name) }}'
-          echo "$labels"
-          matched=$(echo "${labels}" | jq '. | map(select(startswith("backport-to-"))) | length')
-          echo "matched=$matched"
-          echo "matched=$matched" >> $GITHUB_OUTPUT
-
-      - name: Backport Action
-        if: fromJSON(steps.check_labels.outputs.matched) > 0
-        uses: sorenlouv/backport-github-action@v9.5.1
-        with:
-          github_token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          auto_backport_label_prefix: backport-to-
-
-      - name: Info log
-        if: ${{ success() && fromJSON(steps.check_labels.outputs.matched) > 0 }}
-        run: cat ~/.backport/backport.info.log
-
-      - name: Debug log
-        if: ${{ failure() && fromJSON(steps.check_labels.outputs.matched) > 0 }}
-        run: cat ~/.backport/backport.debug.log

.github/workflows/build-documentation-on-pr.yml

@@ -16,9 +16,9 @@ jobs:
     name: Documentation Link
     runs-on: ubuntu-latest
     steps:
-      - name: Leave PR comment with the Prowler Documentation URI
+      - name: Leave PR comment with the SaaS Documentation URI
         uses: peter-evans/create-or-update-comment@v4
         with:
           issue-number: ${{ env.PR_NUMBER }}
           body: |
-            You can check the documentation for this PR here -> [Prowler Documentation](https://prowler-prowler-docs--${{ env.PR_NUMBER }}.com.readthedocs.build/projects/prowler-open-source/en/${{ env.PR_NUMBER }}/)
+            You can check the documentation for this PR here -> [SaaS Documentation](https://prowler-prowler-docs--${{ env.PR_NUMBER }}.com.readthedocs.build/projects/prowler-open-source/en/${{ env.PR_NUMBER }}/)

.github/workflows/build-lint-push-containers.yml

@@ -3,11 +3,7 @@ name: build-lint-push-containers
 on:
   push:
     branches:
-      # For `v3-latest`
       - "v3"
-      # For `v4-latest`
-      - "v4.6"
-      # For `latest`
       - "master"
     paths-ignore:
       - ".github/**"
@@ -84,8 +80,8 @@ jobs:
               ;;
 
           4)
-              echo "LATEST_TAG=v4-latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=v4-stable" >> "${GITHUB_ENV}"
+              echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
               ;;
 
           *)

.github/workflows/codeql.yml

@@ -13,10 +13,10 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "master", "v3", "v4.*" ]
+    branches: [ "master", "v3" ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "master", "v3", "v4.*" ]
+    branches: [ "master", "v3" ]
   schedule:
     - cron: '00 12 * * *'
 

.github/workflows/find-secrets.yml

@@ -11,9 +11,9 @@ jobs:
         with:
           fetch-depth: 0
       - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.88.23
+        uses: trufflesecurity/trufflehog@v3.88.20
         with:
           path: ./
           base: ${{ github.event.repository.default_branch }}
           head: HEAD
-          extra_args: --only-verified
+          extra_args: --only-verified

.github/workflows/labeler.yml

@@ -5,7 +5,6 @@ on:
       branches:
         - "master"
         - "v3"
-        - "v4.*"
 
 jobs:
   labeler:

.github/workflows/pull-request.yml

@@ -5,12 +5,10 @@ on:
     branches:
       - "master"
       - "v3"
-      - "v4.*"
   pull_request:
     branches:
       - "master"
       - "v3"
-      - "v4.*"
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -22,7 +20,7 @@ jobs:
       - uses: actions/checkout@v4
       - name: Test if changes are in not ignored paths
         id: are-non-ignored-files-changed
-        uses: tj-actions/changed-files@v46
+        uses: tj-actions/changed-files@v45
         with:
           files: ./**
           files_ignore: |
@@ -31,7 +29,6 @@ jobs:
             docs/**
             permissions/**
             mkdocs.yml
-            .backportrc.json
       - name: Install poetry
         if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
         run: |

.github/workflows/refresh_aws_services_regions.yml

@@ -52,11 +52,11 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v7
         with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          commit-message: "feat(regions_update): Update regions for AWS services"
+          token: ${{ secrets.PROWLER_ACCESS_TOKEN }}
+          commit-message: "feat(regions_update): Update regions for AWS services."
           branch: "aws-services-regions-updated-${{ github.sha }}"
-          labels: "status/waiting-for-revision, severity/low, provider/aws, backport-to-v3"
-          title: "chore(regions_update): Changes in regions for AWS services"
+          labels: "status/waiting-for-revision, severity/low, provider/aws"
+          title: "chore(regions_update): Changes in regions for AWS services."
           body: |
             ### Description
 

.gitignore

@@ -9,9 +9,8 @@
 __pycache__
 venv/
 build/
-/dist/
+dist/
 *.egg-info/
-*/__pycache__/*.pyc
 
 # Session
 Session.vim
@@ -52,6 +51,3 @@ junit-reports/
 .coverage*
 .coverage
 coverage*
-
-# Node
-node_modules

.pre-commit-config.yaml

@@ -1,7 +1,7 @@
 repos:
   ## GENERAL
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v4.5.0
     hooks:
       - id: check-merge-conflict
       - id: check-yaml
@@ -15,7 +15,7 @@ repos:
 
   ## TOML
   - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
-    rev: v2.13.0
+    rev: v2.12.0
     hooks:
       - id: pretty-format-toml
         args: [--autofix]
@@ -23,13 +23,12 @@ repos:
 
   ## BASH
   - repo: https://github.com/koalaman/shellcheck-precommit
-    rev: v0.10.0
+    rev: v0.9.0
     hooks:
       - id: shellcheck
-        exclude: contrib
   ## PYTHON
   - repo: https://github.com/myint/autoflake
-    rev: v2.3.1
+    rev: v2.2.1
     hooks:
       - id: autoflake
         args:
@@ -46,7 +45,7 @@ repos:
         args: ["--profile", "black"]
 
   - repo: https://github.com/psf/black
-    rev: 24.4.2
+    rev: 24.1.1
     hooks:
       - id: black
 
@@ -58,14 +57,14 @@ repos:
         args: ["--ignore=E266,W503,E203,E501,W605"]
 
   - repo: https://github.com/python-poetry/poetry
-    rev: 1.8.0
+    rev: 1.7.0
     hooks:
       - id: poetry-check
       - id: poetry-lock
         args: ["--no-update"]
 
   - repo: https://github.com/hadolint/hadolint
-    rev: v2.13.0-beta
+    rev: v2.12.1-beta
     hooks:
       - id: hadolint
         args: ["--ignore=DL3013"]
@@ -85,7 +84,7 @@ repos:
         # For running trufflehog in docker, use the following entry instead:
         # entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --only-verified --fail'
         language: system
-        stages: ["pre-commit", "pre-push"]
+        stages: ["commit", "push"]
 
       - id: bandit
         name: bandit

Dockerfile

@@ -1,35 +1,31 @@
-FROM python:3.12.10-alpine3.20
+FROM python:3.12.8-alpine3.20
 
 LABEL maintainer="https://github.com/prowler-cloud/prowler"
 
-# Update system dependencies and install essential tools
+# Update system dependencies
 #hadolint ignore=DL3018
-RUN apk --no-cache upgrade && apk --no-cache add curl git
+RUN apk --no-cache upgrade && apk --no-cache add curl
 
-# Create non-root user
+# Create nonroot user
 RUN mkdir -p /home/prowler && \
     echo 'prowler:x:1000:1000:prowler:/home/prowler:' > /etc/passwd && \
     echo 'prowler:x:1000:' > /etc/group && \
     chown -R prowler:prowler /home/prowler
 USER prowler
 
-# Copy necessary files
+# Copy necessary files
 WORKDIR /home/prowler
-COPY prowler/  /home/prowler/prowler/
-COPY dashboard/ /home/prowler/dashboard/
+COPY prowler/ /home/prowler/prowler/
 COPY pyproject.toml /home/prowler
 COPY README.md /home/prowler
 
-# Install Python dependencies
+# Install dependencies
 ENV HOME='/home/prowler'
 ENV PATH="$HOME/.local/bin:$PATH"
-RUN pip install --no-cache-dir --upgrade pip setuptools wheel && \
+#hadolint ignore=DL3013
+RUN pip install --no-cache-dir --upgrade pip && \
     pip install --no-cache-dir .
 
-# Remove deprecated dash dependencies
-RUN pip uninstall dash-html-components -y && \
-    pip uninstall dash-core-components -y
-
 # Remove Prowler directory and build files
 USER 0
 RUN rm -rf /home/prowler/prowler /home/prowler/pyproject.toml /home/prowler/README.md /home/prowler/build /home/prowler/prowler.egg-info

Makefile

@@ -27,7 +27,7 @@ lint: ## Lint Code
 	@echo "Running black... "
 	black --check .
 	@echo "Running pylint..."
-	pylint --disable=W,C,R,E -j 0 prowler util
+	pylint --disable=W,C,R,E -j 0 providers lib util config
 
 ##@ PyPI
 pypi-clean: ## Delete the distribution files

README.md

@@ -1,6 +1,6 @@
 <p align="center">
-  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-black.png#gh-light-mode-only" width="50%" height="50%">
-  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-white.png#gh-dark-mode-only" width="50%" height="50%">
+  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-black.png?raw=True#gh-light-mode-only" width="350" height="115">
+  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-white.png?raw=True#gh-dark-mode-only" width="350" height="115">
 </p>
 <p align="center">
   <b><i>Prowler SaaS </b> and <b>Prowler Open Source</b> are as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
@@ -10,13 +10,14 @@
 </p>
 
 <p align="center">
-<a href="https://goto.prowler.com/slack"><img width="30" height="30" alt="Prowler community on Slack" src="https://github.com/prowler-cloud/prowler/assets/38561120/3c8b4ec5-6849-41a5-b5e1-52bbb94af73a"></a>
+<a href="https://join.slack.com/t/prowler-workspace/shared_invite/zt-1hix76xsl-2uq222JIXrC7Q8It~9ZNog"><img width="30" height="30" alt="Prowler community on Slack" src="https://github.com/prowler-cloud/prowler/assets/3985464/3617e470-670c-47c9-9794-ce895ebdb627"></a>
   <br>
-  <a href="https://goto.prowler.com/slack">Join our Prowler community!</a>
+<a href="https://join.slack.com/t/prowler-workspace/shared_invite/zt-1hix76xsl-2uq222JIXrC7Q8It~9ZNog">Join our Prowler community!</a>
 </p>
+
 <hr>
 <p align="center">
-  <a href="https://goto.prowler.com/slack"><img alt="Slack Shield" src="https://img.shields.io/badge/slack-prowler-brightgreen.svg?logo=slack"></a>
+  <a href="https://join.slack.com/t/prowler-workspace/shared_invite/zt-1hix76xsl-2uq222JIXrC7Q8It~9ZNog"><img alt="Slack Shield" src="https://img.shields.io/badge/slack-prowler-brightgreen.svg?logo=slack"></a>
   <a href="https://pypi.org/project/prowler/"><img alt="Python Version" src="https://img.shields.io/pypi/v/prowler.svg"></a>
   <a href="https://pypi.python.org/pypi/prowler/"><img alt="Python Version" src="https://img.shields.io/pypi/pyversions/prowler.svg"></a>
   <a href="https://pypistats.org/packages/prowler"><img alt="PyPI Prowler Downloads" src="https://img.shields.io/pypi/dw/prowler.svg?label=prowler%20downloads"></a>
@@ -37,38 +38,28 @@
   <a href="https://twitter.com/prowlercloud"><img alt="Twitter" src="https://img.shields.io/twitter/follow/prowlercloud?style=social"></a>
 </p>
 <hr>
-<p align="center">
-  <img align="center" src="/docs/img/prowler-cli-quick.gif" width="100%" height="100%">
-</p>
 
 # Description
 
-**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler SaaS</a>.
-
-## Prowler CLI
-
-```console
-prowler <provider>
-```
-![Prowler CLI Execution](docs/img/short-display.png)
-
-## Prowler Dashboard
-
-```console
-prowler dashboard
-```
-![Prowler Dashboard](docs/img/dashboard.png)
+`Prowler` is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
 
 It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
 
 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
-| AWS | 553 | 77 -> `prowler aws --list-services` | 30 -> `prowler aws --list-compliance` | 9 -> `prowler aws --list-categories` |
-| GCP | 77 | 13 -> `prowler gcp --list-services` | 3 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
-| Azure | 138 | 17 -> `prowler azure --list-services` | 4 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
-| Kubernetes | 83 | 7 -> `prowler kubernetes --list-services` | 1 -> `prowler kubernetes --list-compliance` | 7 -> `prowler kubernetes --list-categories` |
+| AWS | 304 | 61 -> `prowler aws --list-services` | 28 -> `prowler aws --list-compliance` | 6 -> `prowler aws --list-categories` |
+| GCP | 75 | 11 -> `prowler gcp --list-services` | 1 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
+| Azure | 127 | 16 -> `prowler azure --list-services` | 2 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
+| Kubernetes | Work In Progress | - | CIS soon | - |
 
-# 💻 Installation
+# 📖 Documentation
+
+The full documentation can now be found at [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/)
+
+## Looking for Prowler v2 documentation?
+For Prowler v2 Documentation, please go to https://github.com/prowler-cloud/prowler/tree/2.12.1.
+
+# ⚙️ Install
 
 ## Pip package
 Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python >= 3.9, < 3.13:
@@ -77,24 +68,22 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-clo
 pip install prowler
 prowler -v
 ```
->More details at [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/)
+More details at [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/)
 
 ## Containers
 
 The available versions of Prowler are the following:
 
-- `latest`: in sync with `master` branch (bear in mind that it is not a stable version)
-- `v3-latest`: in sync with `v3` branch (bear in mind that it is not a stable version)
+- `latest`: in sync with master branch (bear in mind that it is not a stable version)
 - `<x.y.z>` (release): you can find the releases [here](https://github.com/prowler-cloud/prowler/releases), those are stable releases.
 - `stable`: this tag always point to the latest release.
-- `v3-stable`: this tag always point to the latest release for v3.
 
 The container images are available here:
 
 - [DockerHub](https://hub.docker.com/r/toniblyx/prowler/tags)
 - [AWS Public ECR](https://gallery.ecr.aws/prowler-cloud/prowler)
 
-## From GitHub
+## From Github
 
 Python >= 3.9, < 3.13 is required with pip and poetry:
 
@@ -105,32 +94,184 @@ poetry shell
 poetry install
 python prowler.py -v
 ```
-> If you want to clone Prowler from Windows, use `git config core.longpaths true` to allow long file paths.
+
 # 📐✏️ High level architecture
 
-You can run Prowler from your workstation, a Kubernetes Job, a Google Compute Engine, an Azure VM, an EC2 instance, Fargate or any other container, CloudShell and many more.
+You can run Prowler from your workstation, an EC2 instance, Fargate or any other container, Codebuild, CloudShell and Cloud9.
 
-![Architecture](docs/img/architecture.png)
+![Architecture](https://github.com/prowler-cloud/prowler/assets/38561120/080261d9-773d-4af1-af79-217a273e3176)
 
-# Deprecations from v3
+# 📝 Requirements
 
-## General
-- `Allowlist` now is called `Mutelist`.
-- The `--quiet` option has been deprecated, now use the `--status` flag to select the finding's status you want to get from PASS, FAIL or MANUAL.
-- All `INFO` finding's status has changed to `MANUAL`.
-- The CSV output format is common for all the providers.
+Prowler has been written in Python using the [AWS SDK (Boto3)](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html#), [Azure SDK](https://azure.github.io/azure-sdk-for-python/) and [GCP API Python Client](https://github.com/googleapis/google-api-python-client/).
+## AWS
 
-We have deprecated some of our outputs formats:
-- The native JSON is replaced for the JSON [OCSF](https://schema.ocsf.io/) v1.1.0, common for all the providers.
+Since Prowler uses AWS Credentials under the hood, you can follow any authentication method as described [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-precedence).
+Make sure you have properly configured your AWS-CLI with a valid Access Key and Region or declare AWS variables properly (or instance profile/role):
+
+  ```console
+  aws configure
+  ```
+
+  or
+
+  ```console
+  export AWS_ACCESS_KEY_ID="ASXXXXXXX"
+  export AWS_SECRET_ACCESS_KEY="XXXXXXXXX"
+  export AWS_SESSION_TOKEN="XXXXXXXXX"
+  ```
+
+Those credentials must be associated to a user or role with proper permissions to do all checks. To make sure, add the following AWS managed policies to the user or role being used:
+
+  - `arn:aws:iam::aws:policy/SecurityAudit`
+  - `arn:aws:iam::aws:policy/job-function/ViewOnlyAccess`
+
+  > Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-additions-policy.json) to the role you are using.
+
+  > If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json).
+
+  ## Azure
+
+  Prowler for Azure supports the following authentication types:
+
+- Service principal authentication by environment variables (Enterprise Application)
+- Current az cli credentials stored
+- Interactive browser authentication
+- Managed identity authentication
+
+### Service Principal authentication
+
+To allow Prowler assume the service principal identity to start the scan, it is needed to configure the following environment variables:
+
+```console
+export AZURE_CLIENT_ID="XXXXXXXXX"
+export AZURE_TENANT_ID="XXXXXXXXX"
+export AZURE_CLIENT_SECRET="XXXXXXX"
+```
+
+If you try to execute Prowler with the `--sp-env-auth` flag and those variables are empty or not exported, the execution is going to fail.
+### AZ CLI / Browser / Managed Identity authentication
+
+The other three cases do not need additional configuration, `--az-cli-auth` and `--managed-identity-auth` are automated options, `--browser-auth` needs the user to authenticate using the default browser to start the scan. Also `--browser-auth` needs the tenant id to be specified with `--tenant-id`.
+
+### Permissions
+
+To use each one, you need to pass the proper flag to the execution. Prowler for Azure handles two types of permission scopes, which are:
+
+- **Azure Active Directory permissions**: Used to retrieve metadata from the identity assumed by Prowler and future AAD checks (not mandatory to have access to execute the tool)
+- **Subscription scope permissions**: Required to launch the checks against your resources, mandatory to launch the tool.
+
+
+#### Azure Active Directory scope
+
+Azure Active Directory (AAD) permissions required by the tool are the following:
+
+- `Directory.Read.All`
+- `Policy.Read.All`
+
+
+#### Subscriptions scope
+
+Regarding the subscription scope, Prowler by default scans all the subscriptions that is able to list, so it is required to add the following RBAC builtin roles per subscription  to the entity that is going to be assumed by the tool:
+
+- `Security Reader`
+- `Reader`
+
+
+## Google Cloud Platform
+
+Prowler will follow the same credentials search as [Google authentication libraries](https://cloud.google.com/docs/authentication/application-default-credentials#search_order):
+
+1. [GOOGLE_APPLICATION_CREDENTIALS environment variable](https://cloud.google.com/docs/authentication/application-default-credentials#GAC)
+2. [User credentials set up by using the Google Cloud CLI](https://cloud.google.com/docs/authentication/application-default-credentials#personal)
+3. [The attached service account, returned by the metadata server](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa)
+
+Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the `Viewer` role to the member associated with the credentials.
+
+> By default, `prowler` will scan all accessible GCP Projects, use flag `--project-ids` to specify the projects to be scanned.
+
+# 💻 Basic Usage
+
+To run prowler, you will need to specify the provider (e.g aws or azure):
+
+```console
+prowler <provider>
+```
+
+![Prowler Execution](https://github.com/prowler-cloud/prowler/blob/b91b0103ff38e66a915c8a0ed84905a07e4aae1d/docs/img/short-display.png?raw=True)
+
+> Running the `prowler` command without options will use your environment variable credentials.
+
+By default, prowler will generate a CSV, a JSON and a HTML report, however you can generate JSON-ASFF (only for AWS Security Hub) report with `-M` or `--output-modes`:
+
+```console
+prowler <provider> -M csv json json-asff html
+```
+
+The html report will be located in the `output` directory as the other files and it will look like:
+
+![Prowler Execution](https://github.com/prowler-cloud/prowler/blob/62c1ce73bbcdd6b9e5ba03dfcae26dfd165defd9/docs/img/html-output.png?raw=True)
+
+You can use `-l`/`--list-checks` or `--list-services` to list all available checks or services within the provider.
+
+```console
+prowler <provider> --list-checks
+prowler <provider> --list-services
+```
+
+For executing specific checks or services you can use options `-c`/`--checks` or `-s`/`--services`:
+
+```console
+prowler aws --checks s3_bucket_public_access
+prowler aws --services s3 ec2
+```
+
+Also, checks and services can be excluded with options `-e`/`--excluded-checks` or `--excluded-services`:
+
+```console
+prowler aws --excluded-checks s3_bucket_public_access
+prowler aws --excluded-services s3 ec2
+```
+
+You can always use `-h`/`--help` to access to the usage information and all the possible options:
+
+```console
+prowler -h
+```
+
+## Checks Configurations
+Several Prowler's checks have user configurable variables that can be modified in a common **configuration file**.
+This file can be found in the following path:
+```
+prowler/config/config.yaml
+```
 
 ## AWS
-- Deprecate the AWS flag --sts-endpoint-region since we use AWS STS regional tokens.
-- To send only FAILS to AWS Security Hub, now use either `--send-sh-only-fails` or `--security-hub --status FAIL`.
 
+Use a custom AWS profile with `-p`/`--profile` and/or AWS regions which you want to audit with `-f`/`--filter-region`:
 
-# 📖 Documentation
+```console
+prowler aws --profile custom-profile -f us-east-1 eu-south-2
+```
+> By default, `prowler` will scan all AWS regions.
 
-Install, Usage, Tutorials and Developer Guide is at https://docs.prowler.com/
+## Azure
+
+With Azure you need to specify which auth method is going to be used:
+
+```console
+prowler azure [--sp-env-auth, --az-cli-auth, --browser-auth, --managed-identity-auth]
+```
+> By default, `prowler` will scan all Azure subscriptions.
+
+## Google Cloud Platform
+
+Optionally, you can provide the location of an application credential JSON file with the following argument:
+
+```console
+prowler gcp --credentials-file path
+```
+> By default, `prowler` will scan all accessible GCP Projects, use flag `--project-ids` to specify the projects to be scanned.
 
 # 📃 License
 

SECURITY.md

@@ -12,7 +12,7 @@ As an **AWS Partner** and we have passed the [AWS Foundation Technical Review (F
 
 ## Reporting a Vulnerability
 
-If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or ProwlerPro service, please submit the information by contacting to https://support.prowler.com.
+If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or ProwlerPro service, please submit the information by contacting to help@prowler.pro.
 
 The information you share with ProwlerPro as part of this process is kept confidential within ProwlerPro. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.
 

contrib/aws/cloudshell/cloudshell-installation.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-
-sudo bash
-adduser prowler
-su prowler
-pip install prowler
-cd /tmp
-prowler aws

contrib/cloud9/cloud9-installation.sh

@@ -14,4 +14,4 @@ cd ~ || exit
 python3.9 -m pip install prowler-cloud
 prowler -v
 # Run Prowler
-prowler aws
+prowler

contrib/cloudshell/cloudshell-installation.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Install system dependencies
+sudo yum -y install openssl-devel bzip2-devel libffi-devel gcc
+# Upgrade to Python 3.9
+cd /tmp && wget https://www.python.org/ftp/python/3.9.13/Python-3.9.13.tgz
+tar zxf Python-3.9.13.tgz
+cd Python-3.9.13/ || exit
+./configure --enable-optimizations
+sudo make altinstall
+python3.9 --version
+# Install Prowler
+cd ~ || exit
+python3.9 -m pip install prowler-cloud
+prowler -v
+# Run Prowler
+prowler

contrib/codebuild/codebuild-prowlerv3-audit-account-cfn.yaml

@@ -212,7 +212,6 @@ Resources:
                 - appstream:Describe*
                 - codeartifact:List*
                 - codebuild:BatchGet*
-                - cognito-idp:GetUserPoolMfaConfig
                 - ds:Get*
                 - ds:Describe*
                 - ds:List*

contrib/gcp/enable_apis_in_projects.sh

@@ -1,47 +0,0 @@
-#!/bin/bash
-
-# List of project IDs
-PROJECT_IDS=(
-    "project-id-1"
-    "project-id-2"
-    "project-id-3"
-    # Add more project IDs as needed
-)
-
-# List of Prowler APIs to enable
-APIS=(
-    "apikeys.googleapis.com"
-    "artifactregistry.googleapis.com"
-    "bigquery.googleapis.com"
-    "sqladmin.googleapis.com"  # Cloud SQL
-    "storage.googleapis.com"  # Cloud Storage
-    "compute.googleapis.com"
-    "dataproc.googleapis.com"
-    "dns.googleapis.com"
-    "containerregistry.googleapis.com"  # GCR (Google Container Registry)
-    "container.googleapis.com"  # GKE (Google Kubernetes Engine)
-    "iam.googleapis.com"
-    "cloudkms.googleapis.com"  # KMS (Key Management Service)
-    "logging.googleapis.com"
-)
-
-# Function to enable APIs for a given project
-enable_apis_for_project() {
-    local PROJECT_ID=$1
-
-    echo "Enabling APIs for project: ${PROJECT_ID}"
-
-    for API in "${APIS[@]}"; do
-        echo "Enabling API: $API for project: ${PROJECT_ID}"
-        if gcloud services enable "${API}" --project="${PROJECT_ID}"; then
-            echo "Successfully enabled API $API for project ${PROJECT_ID}."
-        else
-            echo "Failed to enable API $API for project ${PROJECT_ID}."
-        fi
-    done
-}
-
-# Loop over each project and enable the APIs
-for PROJECT_ID in "${PROJECT_IDS[@]}"; do
-    enable_apis_for_project "${PROJECT_ID}"
-done

contrib/k8s/helm/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

contrib/k8s/helm/Chart.yaml

@@ -1,24 +0,0 @@
-apiVersion: v2
-name: prowler
-description: Prowler Security Tool Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

contrib/k8s/helm/README.md

@@ -1,78 +0,0 @@
-# prowler
-
-![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square)
-
-Prowler Security Tool Helm chart for Kubernetes
-
-# Prowler Helm Chart Deployment
-
-This guide provides step-by-step instructions for deploying the Prowler Helm chart.
-
-## Prerequisites
-
-Before you begin, ensure you have the following:
-
-1. A running Kubernetes cluster.
-2. Helm installed on your local machine. If you don't have Helm installed, you can follow the [Helm installation guide](https://helm.sh/docs/intro/install/).
-3. Proper access to your Kubernetes cluster (e.g., `kubectl` is configured and working).
-
-## Deployment Steps
-
-### 1. Clone the Repository
-
-Clone the repository containing the Helm chart to your local machine.
-
-```sh
-git clone git@github.com:prowler-cloud/prowler.git
-cd prowler/contrib/k8s/helm
-```
-
-### 2. Deploy the helm chart
-
-```
-helm install prowler .
-```
-
-### 3. Verify the deployment
-
-```
-helm status prowler
-kubectl get all -n prowler-ns
-```
-
-### 4. Clean Up
-To uninstall the Helm release and clean up the resources, run:
-
-```helm uninstall prowler
-kubectl delete namespace prowler-ns
-```
-
-## Values
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| clusterRole.name | string | `"prowler-read-cluster"` |  |
-| clusterRoleBinding.name | string | `"prowler-read-cluster-binding"` |  |
-| configMap.name | string | `"prowler-hostpaths"` |  |
-| configMapData.etcCniNetd | string | `"/etc/cni/net.d"` |  |
-| configMapData.etcKubernetes | string | `"/etc/kubernetes"` |  |
-| configMapData.etcSystemd | string | `"/etc/systemd"` |  |
-| configMapData.libSystemd | string | `"/lib/systemd"` |  |
-| configMapData.optCniBin | string | `"/opt/cni/bin"` |  |
-| configMapData.usrBin | string | `"/usr/bin"` |  |
-| configMapData.varLibCni | string | `"/var/lib/cni"` |  |
-| configMapData.varLibEtcd | string | `"/var/lib/etcd"` |  |
-| configMapData.varLibKubeControllerManager | string | `"/var/lib/kube-controller-manager"` |  |
-| configMapData.varLibKubeScheduler | string | `"/var/lib/kube-scheduler"` |  |
-| configMapData.varLibKubelet | string | `"/var/lib/kubelet"` |  |
-| cronjob.hostPID | bool | `true` |  |
-| cronjob.name | string | `"prowler"` |  |
-| cronjob.schedule | string | `"0 0 * * *"` |  |
-| image.pullPolicy | string | `"Always"` |  |
-| image.repository | string | `"toniblyx/prowler"` |  |
-| image.tag | string | `"stable"` |  |
-| namespace.name | string | `"prowler"` |  |
-| serviceAccount.name | string | `"prowler"` |  |
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)

contrib/k8s/helm/templates/cluster-role.yaml

@@ -1,11 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ .Values.clusterRole.name }}
-rules:
-- apiGroups: [""]
-  resources: ["pods", "configmaps", "nodes", "namespaces"]
-  verbs: ["get", "list", "watch"]
-- apiGroups: ["rbac.authorization.k8s.io"]
-  resources: ["clusterrolebindings", "rolebindings", "clusterroles", "roles"]
-  verbs: ["get", "list", "watch"]

contrib/k8s/helm/templates/cm.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Values.configMap.name }}
-  namespace: {{ .Values.namespace.name }}
-data:
-  varLibCni: "{{ .Values.configMap.data.varLibCni }}"
-  varLibEtcd: "{{ .Values.configMap.data.varLibEtcd }}"
-  varLibKubelet: "{{ .Values.configMap.data.varLibKubelet }}"
-  varLibKubeScheduler: "{{ .Values.configMap.data.varLibKubeScheduler }}"
-  varLibKubeControllerManager: "{{ .Values.configMap.data.varLibKubeControllerManager }}"
-  etcSystemd: "{{ .Values.configMap.data.etcSystemd }}"
-  libSystemd: "{{ .Values.configMap.data.libSystemd }}"
-  etcKubernetes: "{{ .Values.configMap.data.etcKubernetes }}"
-  usrBin: "{{ .Values.configMap.data.usrBin }}"
-  etcCniNetd: "{{ .Values.configMap.data.etcCniNetd }}"
-  optCniBin: "{{ .Values.configMap.data.optCniBin }}"
-  srvKubernetes: "{{ .Values.configMap.data.srvKubernetes }}"

contrib/k8s/helm/templates/job.yaml

@@ -1,42 +0,0 @@
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: {{ .Values.cronjob.name }}
-  namespace: {{ .Values.namespace.name }}
-spec:
-  schedule: "{{ .Values.cronjob.schedule }}"
-  jobTemplate:
-    spec:
-      template:
-        metadata:
-          labels:
-            app: prowler
-        spec:
-          serviceAccountName: {{ .Values.serviceAccount.name }}
-          containers:
-          - name: prowler
-            image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-            command: ["prowler"]
-            args: ["kubernetes", "-z", "-b"]
-            imagePullPolicy: {{ .Values.image.pullPolicy }}
-            volumeMounts:
-            {{- range $key, $value := .Values.configMap.data }}
-              {{- if and (eq $.Values.clusterType "gke") (eq $key "srvKubernetes") }}
-              {{- else }}
-              - name: {{ $key | lower }}
-                mountPath: {{ $value }}
-                readOnly: true
-              {{- end }}
-            {{- end }}
-          hostPID: {{ .Values.cronjob.hostPID }}
-          restartPolicy: Never
-          volumes:
-          {{- range $key, $value := .Values.configMap.data }}
-            {{- if and (eq $.Values.clusterType "gke") (eq $key "srvKubernetes") }}
-            {{- else }}
-            - name: {{ $key | lower }}
-              hostPath:
-                path: {{ $value }}
-            {{- end }}
-          {{- end }}
-

contrib/k8s/helm/templates/namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: {{ .Values.namespace.name }}

contrib/k8s/helm/templates/role-binding.yaml

@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Values.clusterRoleBinding.name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Values.clusterRole.name }}
-subjects:
-- kind: ServiceAccount
-  name: {{ .Values.serviceAccount.name }}
-  namespace: {{ .Values.namespace.name }}

contrib/k8s/helm/templates/sa.yaml

@@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Values.serviceAccount.name }}
-  namespace: {{ .Values.namespace.name }}

contrib/k8s/helm/values.yaml

@@ -1,40 +0,0 @@
-namespace:
-  name: prowler-ns
-
-cronjob:
-  name: prowler
-  schedule: "0 0 * * *"
-  hostPID: true
-
-serviceAccount:
-  name: prowler-sa
-
-image:
-  repository: toniblyx/prowler
-  tag: stable
-  pullPolicy: Always
-
-clusterType:
-
-configMap:
-  name: prowler-config
-  data:
-    varLibCni: "/var/lib/cni"
-    varLibEtcd: "/var/lib/etcd"
-    varLibKubelet: "/var/lib/kubelet"
-    varLibKubeScheduler: "/var/lib/kube-scheduler"
-    varLibKubeControllerManager: "/var/lib/kube-controller-manager"
-    etcSystemd: "/etc/systemd"
-    libSystemd: "/lib/systemd"
-    etcKubernetes: "/etc/kubernetes"
-    usrBin: "/usr/bin"
-    etcCniNetd: "/etc/cni/net.d"
-    optCniBin: "/opt/cni/bin"
-    srvKubernetes: "/srv/kubernetes"
-
-clusterRole:
-  name: prowler-read-cluster
-
-clusterRoleBinding:
-  name: prowler-read-cluster-binding
-  roleName: prowler-read-cluster

contrib/multi-account-securityhub/README.md

@@ -12,11 +12,7 @@ Originally based on [org-multi-account](https://github.com/prowler-cloud/prowler
 
 ## Architecture Explanation
 
-The solution is designed to be very simple. Prowler is run via an ECS Task definition that launches a single Fargate container. This Task Definition is executed on a schedule using an EventBridge Rule.
-
-## Prerequisites
-
-This solution assumes that you have a VPC architecture with two redundant subnets that can reach the AWS API endpoints (e.g. PrivateLink, NAT Gateway, etc.).
+ The solution is designed to be very simple. Prowler is run via an ECS Task definition that launches a single Fargate container. This Task Definition is executed on a schedule using an EventBridge Rule.
 
 ## CloudFormation Templates
 
@@ -63,9 +59,9 @@ The logs that are generated and sent to Cloudwatch are error logs, and assessmen
 
 ## Instructions
  1. Create a Private ECR Repository in the account that will host the Prowler container. The Audit account is recommended, but any account can be used.
- 2. Configure the .awsvariables file. Note the ROLE name chosen as it will be the CrossAccountRole.
- 3. Follow the steps from "View Push Commands" to build and upload the container image. Substitute step 2 with the build command provided in the Dockerfile. You need to have Docker and AWS CLI installed, and use the cli to login to the account first.  After upload note the Image URI, as it is required for the CF-Prowler-ECS template. Ensure that you pay attention to the architecture while performing the docker build command. A common mistake is not specifying the architecture and then building on Apple silicon. Your task will fail with  *exec /home/prowler/.local/bin/prowler: exec format error*. 
- 4. Make sure SecurityHub is enabled in every account in AWS Organizations, and that the SecurityHub integration is enabled as explained in [Prowler - Security Hub Integration](https://github.com/prowler-cloud/prowler#security-hub-integration)
+ 2.  Configure the .awsvariables file. Note the ROLE name chosen as it will be the CrossAccountRole.
+ 3. Follow the steps from "View Push Commands" to build and upload the container image. You need to have Docker and AWS CLI installed, and use the cli to login to the account first.  After upload note the Image URI, as it is required for the CF-Prowler-ECS template.
+ 4.  Make sure SecurityHub is enabled in every account in AWS Organizations, and that the SecurityHub integration is enabled as explained in [Prowler - Security Hub Integration](https://github.com/prowler-cloud/prowler#security-hub-integration)
  5. Deploy **CF-Prowler-CrossAccountRole.yml** in the Master Account as a single stack. You will have to choose the CrossAccountRole name (ProwlerXA-Role by default) and the ProwlerTaskRoleName (ProwlerECSTask-Role by default)
  6. Deploy **CF-Prowler-CrossAccountRole.yml** in every Member Account as a StackSet. Choose the same CrossAccountName and ProwlerTaskRoleName as the previous step.
  7. Deploy **CF-Prowler-IAM.yml** in the account that will host the Prowler container (the same from step 1).  The following template parameters must be provided:
@@ -95,4 +91,4 @@ If you permission find errors in the CloudWatch logs, the culprit might be a [Se
 ## Upgrading Prowler
 
 Prowler version is controlled by the PROWLERVER argument in the Dockerfile, change it to the desired version and follow the ECR Push Commands to update the container image.
-Old images can be deleted from the ECR Repository after the new image is confirmed to work. They will show as "untagged" as only one image can hold the "latest" tag.
+Old images can be deleted from the ECR Repository after the new image is confirmed to work. They will show as "untagged" as only one image can hold the "latest" tag.

contrib/multi-account-securityhub/run-prowler-securityhub.sh

@@ -68,7 +68,7 @@ for accountId in ${ACCOUNTS_IN_ORGS}; do
         # Run Prowler
         echo -e "Assessing AWS Account: ${accountId}, using Role: ${ROLE} on $(date)"
         # Pipe stdout to /dev/null to reduce unnecessary Cloudwatch logs
-        prowler aws -R arn:"${PARTITION}":iam::"${accountId}":role/"${ROLE}" --security-hub --send-sh-only-fails -f "${REGION}" > /dev/null
+        prowler aws -R arn:"${PARTITION}":iam::"${accountId}":role/"${ROLE}" -q -S -f "${REGION}" > /dev/null
         TOTAL_SEC=$((SECONDS - START_TIME))
         printf "Completed AWS Account: ${accountId} in %02dh:%02dm:%02ds" $((TOTAL_SEC / 3600)) $((TOTAL_SEC % 3600 / 60)) $((TOTAL_SEC % 60))
         echo ""

contrib/multi-account-securityhub/templates/CF-Prowler-CrossAccountRole.yml

@@ -60,42 +60,24 @@ Resources:
                 Effect: Allow
                 Resource: "*"
                 Action:
-                  - account:Get*
-                  - appstream:Describe*
-                  - appstream:List*
-                  - backup:List*
-                  - cloudtrail:GetInsightSelectors
-                  - codeartifact:List*
-                  - codebuild:BatchGet*
-                  - cognito-idp:GetUserPoolMfaConfig
-                  - dlm:Get*
-                  - drs:Describe*
-                  - ds:Describe*
-                  - ds:Get*
-                  - ds:List*
-                  - dynamodb:GetResourcePolicy
+                  - ds:ListAuthorizedApplications
                   - ec2:GetEbsEncryptionByDefault
-                  - ec2:GetSnapshotBlockPublicAccessState
-                  - ec2:GetInstanceMetadataDefaults
                   - ecr:Describe*
-                  - ecr:GetRegistryScanningConfiguration
                   - elasticfilesystem:DescribeBackupPolicy
                   - glue:GetConnections
-                  - glue:GetSecurityConfiguration*
+                  - glue:GetSecurityConfiguration
                   - glue:SearchTables
-                  - lambda:GetFunction*
-                  - logs:FilterLogEvents
-                  - lightsail:GetRelationalDatabases
-                  - macie2:GetMacieSession
+                  - lambda:GetFunction
                   - s3:GetAccountPublicAccessBlock
                   - shield:DescribeProtection
                   - shield:GetSubscriptionState
                   - ssm:GetDocument
-                  - ssm-incidents:List*
                   - support:Describe*
                   - tag:GetTagKeys
-                  - wellarchitected:List*
-
+        - PolicyName: Prowler-Security-Hub
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
               - Sid: AllowProwlerSecurityHub
                 Effect: Allow
                 Resource: "*"

contrib/multi-account-securityhub/templates/CF-Prowler-ECS.yml

@@ -62,7 +62,7 @@ Resources:
               awslogs-stream-prefix: ecs
       Cpu: 1024
       ExecutionRoleArn: !Ref ECSExecutionRole
-      Memory: 8192
+      Memory: 2048
       NetworkMode: awsvpc
       TaskRoleArn: !Ref ProwlerTaskRole
       Family: SecurityHubProwlerTask

contrib/multi-account-securityhub/templates/CF-Prowler-IAM.yml

@@ -97,15 +97,9 @@ Outputs:
   ECSExecutionRoleARN:
     Description: ARN of the ECS Task Execution Role
     Value: !GetAtt ECSExecutionRole.Arn
-    Export:
-      Name: ECSExecutionRoleArn
   ProwlerTaskRoleARN:
     Description: ARN of the ECS Prowler Task Role
     Value: !GetAtt ProwlerTaskRole.Arn
-    Export:
-      Name: ProwlerTaskRoleArn
   ECSEventRoleARN:
     Description: ARN of the Eventbridge Task Role
     Value: !GetAtt ECSEventRole.Arn
-    Export:
-      Name: ECSEventRoleARN

dashboard/__init__.py

@@ -1,2 +0,0 @@
-DASHBOARD_PORT = 11666
-DASHBOARD_ARGS = {"debug": True, "port": DASHBOARD_PORT, "use_reloader": False}

dashboard/__main__.py

@@ -1,179 +0,0 @@
-# Importing Packages
-import sys
-import warnings
-
-import click
-import dash
-import dash_bootstrap_components as dbc
-from colorama import Fore, Style
-from dash import dcc, html
-from dash.dependencies import Input, Output
-
-from dashboard.config import folder_path_overview
-from prowler.config.config import orange_color
-from prowler.lib.banner import print_banner
-
-warnings.filterwarnings("ignore")
-
-cli = sys.modules["flask.cli"]
-print_banner()
-print(
-    f"{Fore.GREEN}Loading all CSV files from the folder {folder_path_overview} ...\n{Style.RESET_ALL}"
-)
-cli.show_server_banner = lambda *x: click.echo(
-    f"{Fore.YELLOW}NOTE:{Style.RESET_ALL} If you are using {Fore.GREEN}{Style.BRIGHT}Prowler SaaS{Style.RESET_ALL} with the S3 integration or that integration \nfrom {Fore.CYAN}{Style.BRIGHT}Prowler Open Source{Style.RESET_ALL} and you want to use your data from your S3 bucket,\nrun: `{orange_color}aws s3 cp s3://<your-bucket>/output/csv ./output --recursive{Style.RESET_ALL}`\nand then run `prowler dashboard` again to load the new files."
-)
-
-# Initialize the app - incorporate css
-dashboard = dash.Dash(
-    __name__,
-    external_stylesheets=[dbc.themes.FLATLY],
-    use_pages=True,
-    suppress_callback_exceptions=True,
-    title="Prowler Dashboard",
-)
-
-# Logo
-prowler_logo = html.Img(
-    src="https://prowler.com/wp-content/uploads/logo-dashboard.png", alt="Prowler Logo"
-)
-
-menu_icons = {
-    "overview": "/assets/images/icons/overview.svg",
-    "compliance": "/assets/images/icons/compliance.svg",
-}
-
-
-# Function to generate navigation links
-def generate_nav_links(current_path):
-    nav_links = []
-    for page in dash.page_registry.values():
-        # Gets the icon URL based on the page name
-        icon_url = menu_icons.get(page["name"].lower())
-        is_active = (
-            " bg-prowler-stone-950 border-r-4 border-solid border-prowler-lime"
-            if current_path == page["relative_path"]
-            else ""
-        )
-        link_class = f"block hover:bg-prowler-stone-950 hover:border-r-4 hover:border-solid hover:border-prowler-lime{is_active}"
-
-        link_content = html.Span(
-            [
-                html.Img(src=icon_url, className="w-5"),
-                html.Span(
-                    page["name"], className="font-medium text-base leading-6 text-white"
-                ),
-            ],
-            className="flex justify-center lg:justify-normal items-center gap-x-3 py-2 px-3",
-        )
-
-        nav_link = html.Li(
-            dcc.Link(link_content, href=page["relative_path"], className=link_class)
-        )
-        nav_links.append(nav_link)
-    return nav_links
-
-
-def generate_help_menu():
-    help_links = [
-        {
-            "title": "Help",
-            "url": "https://github.com/prowler-cloud/prowler/issues",
-            "icon": "/assets/images/icons/help.png",
-        },
-        {
-            "title": "Docs",
-            "url": "https://docs.prowler.com",
-            "icon": "/assets/images/icons/docs.png",
-        },
-    ]
-
-    link_class = "block hover:bg-prowler-stone-950 hover:border-r-4 hover:border-solid hover:border-prowler-lime"
-
-    menu_items = []
-    for link in help_links:
-        menu_item = html.Li(
-            html.A(
-                html.Span(
-                    [
-                        html.Img(src=link["icon"], className="w-5"),
-                        html.Span(
-                            link["title"],
-                            className="font-medium text-base leading-6 text-white",
-                        ),
-                    ],
-                    className="flex items-center gap-x-3 py-2 px-3",
-                ),
-                href=link["url"],
-                target="_blank",
-                className=link_class,
-            )
-        )
-        menu_items.append(menu_item)
-
-    return menu_items
-
-
-# Layout
-dashboard.layout = html.Div(
-    [
-        dcc.Location(id="url", refresh=False),
-        html.Link(rel="icon", href="assets/favicon.ico"),
-        # Placeholder for dynamic navigation bar
-        html.Div(
-            [
-                html.Div(
-                    id="navigation-bar", className="bg-prowler-stone-900 min-w-36 z-10"
-                ),
-                html.Div(
-                    [
-                        dash.page_container,
-                    ],
-                    id="content_select",
-                    className="bg-prowler-white w-full col-span-11 h-screen mx-auto overflow-y-scroll no-scrollbar px-10 py-7",
-                ),
-            ],
-            className="grid custom-grid 2xl:custom-grid-large h-screen",
-        ),
-    ],
-    className="h-screen mx-auto",
-)
-
-
-# Callback to update navigation bar
-@dashboard.callback(Output("navigation-bar", "children"), [Input("url", "pathname")])
-def update_nav_bar(pathname):
-    return html.Div(
-        [
-            html.Div([prowler_logo], className="mb-8 px-3"),
-            html.H6(
-                "Dashboards",
-                className="px-3 text-prowler-stone-500 text-sm opacity-90 font-regular mb-2",
-            ),
-            html.Nav(
-                [html.Ul(generate_nav_links(pathname), className="")],
-                className="flex flex-col gap-y-6",
-            ),
-            html.Nav(
-                [
-                    html.A(
-                        [
-                            html.Span(
-                                [
-                                    html.Img(src="assets/favicon.ico", className="w-5"),
-                                    "Subscribe to prowler SaaS",
-                                ],
-                                className="flex items-center gap-x-3 text-white",
-                            ),
-                        ],
-                        href="https://prowler.com/",
-                        target="_blank",
-                        className="block p-3 uppercase text-xs hover:bg-prowler-stone-950 hover:border-r-4 hover:border-solid hover:border-prowler-lime",
-                    ),
-                    html.Ul(generate_help_menu(), className=""),
-                ],
-                className="flex flex-col gap-y-6 mt-auto",
-            ),
-        ],
-        className="flex flex-col bg-prowler-stone-900 py-7 h-full",
-    )

dashboard/assets/images/icons/arrows.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" shape-rendering="geometricPrecision" text-rendering="geometricPrecision" image-rendering="optimizeQuality" fill-rule="evenodd" clip-rule="evenodd" viewBox="0 0 443 511.62"><path fill-rule="nonzero" d="M152.93 286.97c0 17.1-13.87 30.97-30.97 30.97-17.11 0-30.98-13.87-30.98-30.97v-177.4l-37.45 40.31c-11.63 12.5-31.19 13.2-43.68 1.57-12.49-11.62-13.19-31.18-1.57-43.68L99.33 9.79l2.06-1.94c12.69-11.35 32.2-10.26 43.55 2.43l91.05 101.47c11.35 12.69 10.26 32.2-2.43 43.55-12.68 11.36-32.19 10.27-43.55-2.42l-37.08-41.33v175.42zm236.24 71.77c11.35-12.69 30.86-13.78 43.55-2.43 12.69 11.36 13.78 30.87 2.42 43.56L344.1 501.34c-11.36 12.69-30.87 13.78-43.55 2.42l-2.02-1.97-91.09-97.95c-11.63-12.49-10.93-32.05 1.57-43.67 12.49-11.63 32.05-10.93 43.67 1.57l37.46 40.31V231.53c0-17.11 13.87-30.97 30.97-30.97s30.97 13.86 30.97 30.97v168.54l37.09-41.33z"/></svg>

dashboard/assets/images/icons/compliance.svg

@@ -1,4 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" fill="#FFF" aria-hidden="true" class="h-5 w-5" viewBox="0 0 24 24">
-  <path fill-rule="evenodd" d="M9 1.5H5.625c-1.036 0-1.875.84-1.875 1.875v17.25c0 1.035.84 1.875 1.875 1.875h12.75c1.035 0 1.875-.84 1.875-1.875V12.75A3.75 3.75 0 0 0 16.5 9h-1.875a1.875 1.875 0 0 1-1.875-1.875V5.25A3.75 3.75 0 0 0 9 1.5zm6.61 10.936a.75.75 0 1 0-1.22-.872l-3.236 4.53L9.53 14.47a.75.75 0 0 0-1.06 1.06l2.25 2.25a.75.75 0 0 0 1.14-.094l3.75-5.25z" clip-rule="evenodd"/>
-  <path d="M12.971 1.816A5.23 5.23 0 0 1 14.25 5.25v1.875c0 .207.168.375.375.375H16.5a5.23 5.23 0 0 1 3.434 1.279 9.768 9.768 0 0 0-6.963-6.963z"/>
-</svg>

dashboard/assets/images/icons/dropdown.svg

@@ -1 +0,0 @@
-<svg class="svg-icon" style="width: 1.001953125em; height: 1em;vertical-align: middle;fill: currentColor;overflow: hidden;" viewBox="0 0 1026 1024" version="1.1" xmlns="http://www.w3.org/2000/svg"><path d="M1013.7 90.8C997.8 75.5 972.4 76 957.1 92L510.9 557.1 73.2 90.8C58 74.7 32.7 73.9 16.6 89 0.5 104.1-0.3 129.4 14.8 145.5l466.6 497.1 1.5 1.5c0.2 0.2 0.4 0.4 0.7 0.6 0.3 0.3 0.6 0.5 0.9 0.8 0.3 0.3 0.6 0.5 0.9 0.7 0.2 0.2 0.4 0.4 0.7 0.6 0.3 0.2 0.6 0.5 0.9 0.7 0.2 0.2 0.5 0.4 0.7 0.5l0.9 0.6c0.3 0.2 0.5 0.4 0.8 0.5 0.3 0.2 0.6 0.3 0.9 0.5 0.3 0.2 0.6 0.3 0.9 0.5 0.3 0.2 0.5 0.3 0.8 0.4 0.3 0.2 0.6 0.3 1 0.5 0.3 0.1 0.5 0.3 0.8 0.4 0.3 0.2 0.7 0.3 1 0.5 0.2 0.1 0.5 0.2 0.7 0.3 0.4 0.2 0.7 0.3 1.1 0.4 0.2 0.1 0.5 0.2 0.7 0.3 0.4 0.1 0.8 0.3 1.2 0.4 0.2 0.1 0.5 0.1 0.7 0.2l1.2 0.3c0.2 0.1 0.4 0.1 0.7 0.2 0.4 0.1 0.8 0.2 1.3 0.3 0.2 0 0.4 0.1 0.6 0.1 0.4 0.1 0.9 0.2 1.3 0.2 0.2 0 0.4 0.1 0.6 0.1 0.5 0.1 0.9 0.1 1.4 0.2 0.2 0 0.4 0 0.6 0.1 0.5 0 1 0.1 1.5 0.1h4.6c0.5 0 1-0.1 1.5-0.1 0.2 0 0.4 0 0.5-0.1 0.5 0 0.9-0.1 1.4-0.2 0.2 0 0.4-0.1 0.6-0.1 0.4-0.1 0.9-0.1 1.3-0.2 0.2 0 0.4-0.1 0.6-0.1l1.2-0.3c0.2-0.1 0.4-0.1 0.7-0.2l1.2-0.3c0.2-0.1 0.5-0.1 0.7-0.2 0.4-0.1 0.8-0.2 1.1-0.4 0.2-0.1 0.5-0.2 0.7-0.3 0.4-0.1 0.7-0.3 1.1-0.4 0.3-0.1 0.5-0.2 0.8-0.3 0.3-0.1 0.7-0.3 1-0.5 0.3-0.1 0.5-0.2 0.8-0.4 0.3-0.2 0.6-0.3 0.9-0.5 0.3-0.1 0.6-0.3 0.8-0.4 0.3-0.2 0.6-0.3 0.8-0.5 0.3-0.2 0.6-0.3 0.9-0.5 0.3-0.2 0.5-0.3 0.8-0.5l0.9-0.6c0.2-0.2 0.4-0.3 0.7-0.5 0.3-0.2 0.6-0.5 1-0.7 0.2-0.1 0.4-0.3 0.6-0.5 0.3-0.3 0.7-0.5 1-0.8 0.2-0.1 0.3-0.3 0.5-0.5 0.5-0.5 1-0.9 1.5-1.4l0.9-0.9 475.4-495.6c15.3-15.7 14.7-41.1-1.2-56.3z" fill="#898989" /></svg>

dashboard/assets/images/icons/overview.svg

@@ -1,4 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" fill="#FFF" aria-hidden="true" class="h-5 w-5" viewBox="0 0 24 24">
-  <path fill-rule="evenodd" d="M2.25 13.5a8.25 8.25 0 0 1 8.25-8.25.75.75 0 0 1 .75.75v6.75H18a.75.75 0 0 1 .75.75 8.25 8.25 0 0 1-16.5 0z" clip-rule="evenodd"/>
-  <path fill-rule="evenodd" d="M12.75 3a.75.75 0 0 1 .75-.75 8.25 8.25 0 0 1 8.25 8.25.75.75 0 0 1-.75.75h-7.5a.75.75 0 0 1-.75-.75V3z" clip-rule="evenodd"/>
-</svg>

dashboard/compliance/aws_account_security_onboarding_aws.py

@@ -1,23 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format2
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_format2(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/aws_audit_manager_control_tower_guardrails_aws.py

@@ -1,23 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format1
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_format1(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/aws_foundational_security_best_practices_aws.py

@@ -1,23 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format1
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_format1(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/aws_foundational_technical_review_aws.py

@@ -1,23 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format1
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_format1(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/aws_well_architected_framework_reliability_pillar_aws.py

@@ -1,22 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format2
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ATTRIBUTES_NAME",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ]
-    return get_section_containers_format2(
-        aux, "REQUIREMENTS_ATTRIBUTES_NAME", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )

dashboard/compliance/aws_well_architected_framework_security_pillar_aws.py

@@ -1,23 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format2
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ATTRIBUTES_NAME",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ]
-
-    return get_section_containers_format2(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ATTRIBUTES_NAME"
-    )

dashboard/compliance/cis_1_4_aws.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )

dashboard/compliance/cis_1_5_aws.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )

dashboard/compliance/cis_1_8_kubernetes.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )

dashboard/compliance/cis_2_0_aws.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )

dashboard/compliance/cis_2_0_azure.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )

dashboard/compliance/cis_2_0_gcp.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )

dashboard/compliance/cis_2_1_azure.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )

dashboard/compliance/cis_3_0_aws.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )

dashboard/compliance/cisa_aws.py

@@ -1,23 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format1
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_format1(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/ens_rd2022_aws.py

@@ -1,36 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_ens
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    # append the requirements_description to idgrupocontrol
-    data["REQUIREMENTS_ATTRIBUTES_IDGRUPOCONTROL"] = (
-        data["REQUIREMENTS_ATTRIBUTES_IDGRUPOCONTROL"]
-        + " - "
-        + data["REQUIREMENTS_DESCRIPTION"]
-    )
-
-    aux = data[
-        [
-            "REQUIREMENTS_ATTRIBUTES_MARCO",
-            "REQUIREMENTS_ATTRIBUTES_CATEGORIA",
-            "REQUIREMENTS_ATTRIBUTES_IDGRUPOCONTROL",
-            "REQUIREMENTS_ATTRIBUTES_TIPO",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ]
-
-    return get_section_containers_ens(
-        aux,
-        "REQUIREMENTS_ATTRIBUTES_MARCO",
-        "REQUIREMENTS_ATTRIBUTES_CATEGORIA",
-        "REQUIREMENTS_ATTRIBUTES_IDGRUPOCONTROL",
-        "REQUIREMENTS_ATTRIBUTES_TIPO",
-    )

dashboard/compliance/ens_rd2022_azure.py

@@ -1,36 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_ens
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    # append the requirements_description to idgrupocontrol
-    data["REQUIREMENTS_ATTRIBUTES_IDGRUPOCONTROL"] = (
-        data["REQUIREMENTS_ATTRIBUTES_IDGRUPOCONTROL"]
-        + " - "
-        + data["REQUIREMENTS_DESCRIPTION"]
-    )
-
-    aux = data[
-        [
-            "REQUIREMENTS_ATTRIBUTES_MARCO",
-            "REQUIREMENTS_ATTRIBUTES_CATEGORIA",
-            "REQUIREMENTS_ATTRIBUTES_IDGRUPOCONTROL",
-            "REQUIREMENTS_ATTRIBUTES_TIPO",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ]
-
-    return get_section_containers_ens(
-        aux,
-        "REQUIREMENTS_ATTRIBUTES_MARCO",
-        "REQUIREMENTS_ATTRIBUTES_CATEGORIA",
-        "REQUIREMENTS_ATTRIBUTES_IDGRUPOCONTROL",
-        "REQUIREMENTS_ATTRIBUTES_TIPO",
-    )

dashboard/compliance/ens_rd2022_gcp.py

@@ -1,36 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_ens
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    # append the requirements_description to idgrupocontrol
-    data["REQUIREMENTS_ATTRIBUTES_IDGRUPOCONTROL"] = (
-        data["REQUIREMENTS_ATTRIBUTES_IDGRUPOCONTROL"]
-        + " - "
-        + data["REQUIREMENTS_DESCRIPTION"]
-    )
-
-    aux = data[
-        [
-            "REQUIREMENTS_ATTRIBUTES_MARCO",
-            "REQUIREMENTS_ATTRIBUTES_CATEGORIA",
-            "REQUIREMENTS_ATTRIBUTES_IDGRUPOCONTROL",
-            "REQUIREMENTS_ATTRIBUTES_TIPO",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ]
-
-    return get_section_containers_ens(
-        aux,
-        "REQUIREMENTS_ATTRIBUTES_MARCO",
-        "REQUIREMENTS_ATTRIBUTES_CATEGORIA",
-        "REQUIREMENTS_ATTRIBUTES_IDGRUPOCONTROL",
-        "REQUIREMENTS_ATTRIBUTES_TIPO",
-    )

dashboard/compliance/fedramp_low_revision_4_aws.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format3
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "REQUIREMENTS_DESCRIPTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_format3(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/fedramp_moderate_revision_4_aws.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format3
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "REQUIREMENTS_DESCRIPTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_format3(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/ffiec_aws.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format3
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "REQUIREMENTS_DESCRIPTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_format3(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/gdpr_aws.py

@@ -1,23 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format1
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_format1(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/gxp_21_cfr_part_11_aws.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format3
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "REQUIREMENTS_DESCRIPTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_format3(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/gxp_eu_annex_11_aws.py

@@ -1,23 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format1
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_format1(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/hipaa_aws.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_format3
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "REQUIREMENTS_DESCRIPTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_format3(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/iso27001_2013_aws.py

@@ -1,23 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_container_iso
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ATTRIBUTES_CATEGORY",
-            "REQUIREMENTS_ATTRIBUTES_OBJETIVE_ID",
-            "REQUIREMENTS_ATTRIBUTES_OBJETIVE_NAME",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ]
-    return get_section_container_iso(
-        aux, "REQUIREMENTS_ATTRIBUTES_CATEGORY", "REQUIREMENTS_ATTRIBUTES_OBJETIVE_ID"
-    )