github prowler-cloud/prowler 3.1.0
Prowler 3.1.0 - Revelations

latest releases: 4.5.2, 4.5.1, 4.5.0...
22 months ago

"The swords of scorn divide,
Take not thy thunder from us,
But take away our pride."

Revelations is the second song of the Peace of Mind album of Iron Maiden that was written by Bruce Dickinson.

This last month has been a real revelation for us and we realize how big is our community and how well accepted has been version 3. We have passed the number of 2 Million of downloads 🚀 since the project started (not counting forks). As a reference see OSS Insight stats in the last month https://ossinsight.io/collections/security-tool, we became the Top 1 tool thanks to all of you!

What's Changed:

New AWS check iam_role_cross_service_confused_deputy_prevention:

Ensure IAM Service Roles prevents against a cross-service confused deputy attack. Use the aws:SourceArn and aws:SourceAccount global condition context keys in trust relationship policies to limit the permissions that a service has to a specific resource. More information at https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention.

  • feat(check): add iam_role_cross_service_confused_deputy_prevention check by @Fennerr and @sergargar in #1710
  • feat(report): Support to custom report interface by @n4ch04 in #1702
  • feat(ecs_task_definitions_no_environment_secrets): Update resource_id by @Fennerr in #1665
  • feat(iam): Add IAM Role Class by @sergargar in #1709
  • feat(only_logs): New logging flag to only show execution logs by @jfagoagas in #1708
  • feat(regions_update): Changes in regions for AWS services by @github-actions

Fixes:

  • fix(trustedadvisor_errors_and_warnings): add region by @sergargar in #1662
  • fix(docs): Include a comma in the permissions paragraph #HSFDPMUW by @Leon114m in #1668
  • fix(s3): Add S3 ResourceArn by @gabrielsoltz in #1666
  • fix(shub): associate resource_arn as resourceId in Security Hub by @sergargar in #1672
  • fix(compliance): Security Hub working with compliance by @sergargar in #1673
  • fix(config): path error in Windows environment by @sergargar in #1684
  • docs: Edit troubleshooting page by @n4ch04 in #1685
  • fix: remove unnecessary print by @sergargar in #1686
  • fix(services): Handle KeyErrors from AWS by @sergargar in #1690
  • fix(path): aws_regions_by_service.json: FileNotFoundError[13] by @sergargar in #1689
  • fix: deleted test exclusion in name loading checks by @n4ch04 in #1694
  • fix(docs): Add security section and solve images location by @sergargar in #1696
  • fix(cloudwatch_service): set default region in CloudWatch by @sergargar in #1693
  • fix: VPC Key Error by @sergargar in #1695
  • fix: Solve IAM policy Errors by @sergargar in #1692
  • fix(quick_inventory): Prowler quick inventory for US GovCloud and China by @toniblyx in #1698
  • fix(docs): correct permissions links by @sergargar in #1701
  • fix(docs): Include a new comma in the Basic Usage paragraph #HSFDPMUW by @Leon114m in #1705
  • fix(docs): Include multiple commas in the troubleshooting file #HSFDPMUW by @Leon114m in #1706
  • fix(apigateway): Add ApiGateway ResourceArn and check fixes by @gabrielsoltz in #1707
  • fix(ec2_elastic_ip_unassgined): Incorrect ResourceType for check ec2_elastic_ip_unassgined by @gabrielsoltz in #1711
  • fix(action): add permissions to Github action by @sergargar in #1712
  • fix(fill_html_overview_statistics): Handle if file exists by @jfagoagas in #1718
  • fix(error): ecr_repositories_scan_vulnerabilities_in_latest_image report not found by @sergargar in #1719
  • build(deps-dev): bump pytest from 7.2.0 to 7.2.1 by @dependabot in #1715
  • build(deps-dev): bump pylint from 2.15.9 to 2.15.10 by @dependabot in #1676
  • build(deps-dev): bump moto from 4.0.13 to 4.1.0 by @dependabot in #1675
  • build(deps-dev): bump coverage from 7.0.3 to 7.0.4 by @dependabot in #1678
  • build(deps-dev): bump vulture from 2.6 to 2.7 by @dependabot in #1677
  • build(deps-dev): bump coverage from 7.0.4 to 7.0.5 by @dependabot in #1688
  • build(deps-dev): bump openapi-spec-validator from 0.5.1 to 0.5.2 by @dependabot in #1716
  • docs: Placed a comma in the Service Principal authentication paragraph by @Ozan-Ekinci in #1713
  • docs(SECURITY.md): Include Security Policy by @toniblyx in #1697

New Contributors:

Full Changelog: 3.0.2...3.1.0

Don't miss a new prowler release

NewReleases is sending notifications on new releases.