fix(docs): Add security section and solve images location (#1696)

Co-authored-by: Pepe Fagoaga <pepe@verica.io> Co-authored-by: Toni de la Fuente <toni@blyx.com>
2026-02-10 06:45:08 +00:00 · 2023-01-12 17:16:34 +01:00
parent cbdda22a33
commit e9fb4410cd
9 changed files with 37 additions and 12 deletions
--- a/docs/about.md
+++ b/docs/about.md
@@ -5,20 +5,20 @@ hide:
 # About

 ## Author
-Prowler was created by **Toni de la Fuente** in 2016. 
+Prowler was created by **Toni de la Fuente** in 2016.

-| ![](/img/toni.png)<br>[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/toniblyx.svg?style=social&label=Follow%20%40toniblyx)](https://twitter.com/toniblyx) [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/prowlercloud.svg?style=social&label=Follow%20%40prowlercloud)](https://twitter.com/prowlercloud)|
+| ![](img/toni.png)<br>[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/toniblyx.svg?style=social&label=Follow%20%40toniblyx)](https://twitter.com/toniblyx) [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/prowlercloud.svg?style=social&label=Follow%20%40prowlercloud)](https://twitter.com/prowlercloud)|
 |:--:|
 | <b>Toni de la Fuente </b>|

 ## Maintainers
 Prowler is maintained by the Engineers of the **Prowler Team** :

-| ![](/img/nacho.png)[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/NachoRivCor.svg?style=social&label=Follow%20%40NachoRivCor)](https://twitter.com/NachoRivCor) | ![](/img/sergio.png)[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/sergargar1.svg?style=social&label=Follow%20%40sergargar1)](https://twitter.com/sergargar1) |![](/img/pepe.png)[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/jfagoagas.svg?style=social&label=Follow%20%40jfagoagas)](https://twitter.com/jfagoagas) |
+| ![](img/nacho.png)[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/NachoRivCor.svg?style=social&label=Follow%20%40NachoRivCor)](https://twitter.com/NachoRivCor) | ![](img/sergio.png)[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/sergargar1.svg?style=social&label=Follow%20%40sergargar1)](https://twitter.com/sergargar1) |![](img/pepe.png)[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/jfagoagas.svg?style=social&label=Follow%20%40jfagoagas)](https://twitter.com/jfagoagas) |
 |:--:|:--:|:--:
 | <b>Nacho Rivera</b>| <b>Sergio Garcia</b>| <b>Pepe Fagoaga</b>|

 ## License

 Prowler is licensed as **Apache License 2.0** as specified in each file. You may obtain a copy of the License at
-<http://www.apache.org/licenses/LICENSE-2.0>
+<http://www.apache.org/licenses/LICENSE-2.0>
--- a/docs/security.md
+++ b/docs/security.md
@@ -0,0 +1,24 @@
+# Security
+
+## Software Security
+
+As an **AWS Partner** and we have passed the [AWS Foundation Technical Review (FTR)](https://aws.amazon.com/partners/foundational-technical-review/) and we use the following tools and automation to make sure our code is secure and dependencies up-to-dated:
+
+- `bandit` for code security review.
+- `safety` and `dependabot` for dependencies.
+- `hadolint` and `dockle` for our containers security.
+- `snyk` in Docker Hub.
+- `clair` in Amazon ECR.
+- `vulture`, `flake8`, `black` and `pylint` for formatting and best practices.
+
+## Reporting Vulnerabilities
+
+If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or ProwlerPro service, please submit the information by contacting to help@prowler.pro.
+
+The information you share with Verica as part of this process is kept confidential within Verica and the Prowler team. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.
+
+We will review the submitted report, and assign it a tracking number. We will then respond to you, acknowledging receipt of the report, and outline the next steps in the process.
+
+You will receive a non-automated response to your initial contact within 24 hours, confirming receipt of your reported vulnerability.
+
+We will coordinate public notification of any validated vulnerability with you. Where possible, we prefer that our respective public disclosures be posted simultaneously.
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -1,6 +1,6 @@
 # Troubleshooting

- Running `prowler` I get `[File: utils.py:15] [Module: utils]	CRITICAL: path/redacted: OSError[13]`:
+- **Running `prowler` I get `[File: utils.py:15] [Module: utils]	CRITICAL: path/redacted: OSError[13]`**:

    That is an error related to file descriptors or opened files allowed by your operating system.

@@ -11,4 +11,4 @@
    This error is also related with a lack of system requirements. To improve performance Prowler stores information in memory so it may need to be run in a system with more than 1GB of memory.


-See section [Logging](/tutorials/logging/) for further information or [conctact us](/contact/).
+See section [Logging](/tutorials/logging/) for further information or [contact us](/contact/).
--- a/docs/tutorials/allowlist.md
+++ b/docs/tutorials/allowlist.md
@@ -63,7 +63,7 @@ prowler aws -w arn:aws:dynamodb:<region_name>:<account_id>:table/<table_name>
 ```

 1. The DynamoDB Table must have the following String keys:
-<img src="/img/allowlist-keys.png"/>
+<img src="../img/allowlist-keys.png"/>

 - The Allowlist Table must have the following columns:
    - Accounts (String): This field can contain either an Account ID or an `*` (which applies to all the accounts that use this table as an allowlist).
@@ -71,6 +71,6 @@ prowler aws -w arn:aws:dynamodb:<region_name>:<account_id>:table/<table_name>
    - Regions (List): This field contains a list of regions where this allowlist rule is applied (it can also contains an `*` to apply all scanned regions).
    - Resources (List): This field contains a list of regex expressions that applies to the resources that are wanted to be allowlisted.

-<img src="/img/allowlist-row.png"/>
+<img src="../img/allowlist-row.png"/>

 > Make sure that the used AWS credentials have `dynamodb:PartiQLSelect` permissions in the table.
--- a/docs/tutorials/compliance.md
+++ b/docs/tutorials/compliance.md
@@ -59,7 +59,7 @@ prowler <provider> --compliance <compliance_framework>
 ```
 Standard results will be shown and additionally the framework information as the sample below for CIS AWS 1.5. For details a CSV file has been generated as well.

-<img src="/img/compliance-cis-sample1.png"/>
+<img src="../img/compliance-cis-sample1.png"/>

 ## Create and contribute adding other Security Frameworks

@@ -72,7 +72,7 @@ Each file version of a framework will have the following structure at high level
 - `Version`: string. Version of the framework itself, like 1.4 for CIS.
 - `Requirements`: array of objects. Include all requirements or controls with the mapping to Prowler.
 - `Requirements_Id`: string. Unique identifier per each requirement in the specific framework
- `Requirements_Description`: string. Description as in the framework. 
+- `Requirements_Description`: string. Description as in the framework.
 - `Requirements_Attributes`: array of objects. Includes all needed attributes per each requirement, like levels, sections, etc. Whatever helps to create a dedicated report with the result of the findings. Attributes would be taken as closely as possible from the framework's own terminology directly.
 - `Requirements_Checks`: array. Prowler checks that are needed to prove this requirement. It can be one or multiple checks. In case of no automation possible this can be empty.

--- a/docs/tutorials/img/allowlist-keys.png
+++ b/docs/tutorials/img/allowlist-keys.png
--- a/docs/tutorials/img/allowlist-row.png
+++ b/docs/tutorials/img/allowlist-row.png
--- a/docs/tutorials/img/compliance-cis-sample1.png
+++ b/docs/tutorials/img/compliance-cis-sample1.png