diff --git a/docs/about.md b/docs/about.md
index 69cac351..0bc36e65 100644
--- a/docs/about.md
+++ b/docs/about.md
@@ -5,20 +5,20 @@ hide:
# About
## Author
-Prowler was created by **Toni de la Fuente** in 2016.
+Prowler was created by **Toni de la Fuente** in 2016.
-| 
[](https://twitter.com/toniblyx) [](https://twitter.com/prowlercloud)|
+| 
[](https://twitter.com/toniblyx) [](https://twitter.com/prowlercloud)|
|:--:|
| Toni de la Fuente |
## Maintainers
Prowler is maintained by the Engineers of the **Prowler Team** :
-| [](https://twitter.com/NachoRivCor) | [](https://twitter.com/sergargar1) |[](https://twitter.com/jfagoagas) |
+| [](https://twitter.com/NachoRivCor) | [](https://twitter.com/sergargar1) |[](https://twitter.com/jfagoagas) |
|:--:|:--:|:--:
| Nacho Rivera| Sergio Garcia| Pepe Fagoaga|
## License
Prowler is licensed as **Apache License 2.0** as specified in each file. You may obtain a copy of the License at
-
\ No newline at end of file
+
diff --git a/docs/security.md b/docs/security.md
new file mode 100644
index 00000000..e0dcf263
--- /dev/null
+++ b/docs/security.md
@@ -0,0 +1,24 @@
+# Security
+
+## Software Security
+
+As an **AWS Partner** and we have passed the [AWS Foundation Technical Review (FTR)](https://aws.amazon.com/partners/foundational-technical-review/) and we use the following tools and automation to make sure our code is secure and dependencies up-to-dated:
+
+- `bandit` for code security review.
+- `safety` and `dependabot` for dependencies.
+- `hadolint` and `dockle` for our containers security.
+- `snyk` in Docker Hub.
+- `clair` in Amazon ECR.
+- `vulture`, `flake8`, `black` and `pylint` for formatting and best practices.
+
+## Reporting Vulnerabilities
+
+If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or ProwlerPro service, please submit the information by contacting to help@prowler.pro.
+
+The information you share with Verica as part of this process is kept confidential within Verica and the Prowler team. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.
+
+We will review the submitted report, and assign it a tracking number. We will then respond to you, acknowledging receipt of the report, and outline the next steps in the process.
+
+You will receive a non-automated response to your initial contact within 24 hours, confirming receipt of your reported vulnerability.
+
+We will coordinate public notification of any validated vulnerability with you. Where possible, we prefer that our respective public disclosures be posted simultaneously.
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 7dfca440..63f218f9 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -1,6 +1,6 @@
# Troubleshooting
-- Running `prowler` I get `[File: utils.py:15] [Module: utils] CRITICAL: path/redacted: OSError[13]`:
+- **Running `prowler` I get `[File: utils.py:15] [Module: utils] CRITICAL: path/redacted: OSError[13]`**:
That is an error related to file descriptors or opened files allowed by your operating system.
@@ -11,4 +11,4 @@
This error is also related with a lack of system requirements. To improve performance Prowler stores information in memory so it may need to be run in a system with more than 1GB of memory.
-See section [Logging](/tutorials/logging/) for further information or [conctact us](/contact/).
+See section [Logging](/tutorials/logging/) for further information or [contact us](/contact/).
diff --git a/docs/tutorials/allowlist.md b/docs/tutorials/allowlist.md
index 95d1fe21..982d383b 100644
--- a/docs/tutorials/allowlist.md
+++ b/docs/tutorials/allowlist.md
@@ -63,7 +63,7 @@ prowler aws -w arn:aws:dynamodb:::table/
```
1. The DynamoDB Table must have the following String keys:
-
+
- The Allowlist Table must have the following columns:
- Accounts (String): This field can contain either an Account ID or an `*` (which applies to all the accounts that use this table as an allowlist).
@@ -71,6 +71,6 @@ prowler aws -w arn:aws:dynamodb:::table/
- Regions (List): This field contains a list of regions where this allowlist rule is applied (it can also contains an `*` to apply all scanned regions).
- Resources (List): This field contains a list of regex expressions that applies to the resources that are wanted to be allowlisted.
-
+
> Make sure that the used AWS credentials have `dynamodb:PartiQLSelect` permissions in the table.
diff --git a/docs/tutorials/compliance.md b/docs/tutorials/compliance.md
index ef50077b..d5e10ab6 100644
--- a/docs/tutorials/compliance.md
+++ b/docs/tutorials/compliance.md
@@ -59,7 +59,7 @@ prowler --compliance
```
Standard results will be shown and additionally the framework information as the sample below for CIS AWS 1.5. For details a CSV file has been generated as well.
-
+
## Create and contribute adding other Security Frameworks
@@ -72,7 +72,7 @@ Each file version of a framework will have the following structure at high level
- `Version`: string. Version of the framework itself, like 1.4 for CIS.
- `Requirements`: array of objects. Include all requirements or controls with the mapping to Prowler.
- `Requirements_Id`: string. Unique identifier per each requirement in the specific framework
-- `Requirements_Description`: string. Description as in the framework.
+- `Requirements_Description`: string. Description as in the framework.
- `Requirements_Attributes`: array of objects. Includes all needed attributes per each requirement, like levels, sections, etc. Whatever helps to create a dedicated report with the result of the findings. Attributes would be taken as closely as possible from the framework's own terminology directly.
- `Requirements_Checks`: array. Prowler checks that are needed to prove this requirement. It can be one or multiple checks. In case of no automation possible this can be empty.
diff --git a/docs/img/allowlist-keys.png b/docs/tutorials/img/allowlist-keys.png
similarity index 100%
rename from docs/img/allowlist-keys.png
rename to docs/tutorials/img/allowlist-keys.png
diff --git a/docs/img/allowlist-row.png b/docs/tutorials/img/allowlist-row.png
similarity index 100%
rename from docs/img/allowlist-row.png
rename to docs/tutorials/img/allowlist-row.png
diff --git a/docs/img/compliance-cis-sample1.png b/docs/tutorials/img/compliance-cis-sample1.png
similarity index 100%
rename from docs/img/compliance-cis-sample1.png
rename to docs/tutorials/img/compliance-cis-sample1.png
diff --git a/mkdocs.yml b/mkdocs.yml
index 23876dac..f23cb2f6 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -46,6 +46,7 @@ nav:
- Azure:
- Authentication: tutorials/azure/authentication.md
- Subscriptions: tutorials/azure/subscriptions.md
+ - Security: security.md
- Contact Us: contact.md
- Troubleshooting: troubleshooting.md
- About: about.md
@@ -73,7 +74,7 @@ extra:
link: https://twitter.com/prowlercloud
# Copyright
-copyright: Copyright © 2022 Toni de la Fuente, Maintained by the Prowler Team at Verica, Inc..
+copyright: Copyright © 2022 Toni de la Fuente, Maintained by the Prowler Team at Verica, Inc.
markdown_extensions:
- abbr
@@ -112,4 +113,4 @@ markdown_extensions:
alternate_style: true
- pymdownx.tasklist:
custom_checkbox: true
- - pymdownx.tilde
\ No newline at end of file
+ - pymdownx.tilde