ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 07:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,327 Commits 1 Branch 0 Tags
41da560b6440ea2c02e648a229f68cf48314490f
Commit Graph

41 Commits

Author SHA1 Message Date
Johnny Lu
9205ef30f8 fix(securityhub): findings not being imported or archived in non-aws partitions (#3040) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-11-16 11:27:28 +01:00
Pepe Fagoaga
573f1eba56 fix(securityhub): Use enabled_regions instead of audited_regions (#3029) 2023-11-14 12:57:54 +01:00
Pepe Fagoaga
2220cf9733 refactor(allowlist): Simplify and handle corner cases (#3019) 2023-11-10 09:11:52 +01:00
John Mastron
ec01b62a82 fix(aws): check all conditions in IAM policy parser (#3006) 
Co-authored-by: John Mastron <jmastron@jpl.nasa.gov>
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
 2023-11-07 10:40:34 +01:00
Pepe Fagoaga
fcc56ad6f7 chore(allowlist): Extract allowlist from report (#2975) 2023-10-30 09:52:59 +01:00
Sergio Garcia
4c5e85f7ba fix(sts): force v2 STS tokens (#2956) 2023-10-24 10:15:41 +02:00
Sergio Garcia
02a3c750f8 chore(release): update Prowler Version to 3.10.0 (#2926) 
Co-authored-by: github-actions <noreply@github.com>
 2023-10-11 17:56:14 +02:00
Sergio Garcia
e610c2514d feat(iam): improve disable credentials checks (#2909) 2023-10-06 11:41:04 +02:00
Sergio Garcia
3955450245 fix(securityhub): archive SecurityHub findings in empty regions (#2908) 2023-10-05 15:49:43 +02:00
Pepe Fagoaga
6687f76736 refactor(security_hub): Send findings in batches (#2868) 
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
 2023-09-26 14:10:25 +02:00
Nacho Rivera
2891bc0b96 fix(policy_condition_parser): add StringEquals aws:SourceArn condition (#2793) 2023-08-31 11:54:48 +02:00
Nacho Rivera
7e44116d51 fix(is_valid_arn): include . into resource name (#2789) 2023-08-30 16:11:46 +02:00
Pepe Fagoaga
cb76e5a23c chore(s3): Move lib to the AWS provider and include tests (#2664) 2023-08-23 16:12:48 +02:00
Pepe Fagoaga
ac11c6729b chore(tests): Replace sure with standard assert (#2738) 2023-08-17 11:36:45 +02:00
christiandavilakoobin
9f2e87e9fb fix(is_account_only_allowed_in_condition): Context name on conditions are case-insensitive (#2726) 2023-08-16 08:27:24 +02:00
christiandavilakoobin
ade511df28 fix(sns): allow default SNS policy with SourceOwner (#2698) 
Co-authored-by: Azure Pipeplines CI <monitor@koobin.com>
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-08-10 12:13:57 +02:00
Sergio Garcia
36e095c830 fix(iam_role_cross_service_confused_deputy_prevention): add ResourceAccount and PrincipalAccount conditions (#2689) 2023-08-09 10:41:48 +02:00
Pepe Fagoaga
5bf3f70717 fix(vpc_endpoint_connections_trust_boundaries): Handle AWS Account ID as Principal (#2611) 2023-08-03 09:16:58 +02:00
Pepe Fagoaga
e3d4e38a59 feat(aws): New AWSService class as parent (#2638) 2023-07-31 11:18:54 +02:00
Pepe Fagoaga
02519a4429 fix(assume_role): Set the AWS STS endpoint region (#2587) 2023-07-17 10:09:48 +02:00
Nacho Rivera
8f015d0672 fix(allowlist): single account checks handling (#2585) 
Co-authored-by: thomscode <thomscode@gmail.com>
 2023-07-14 09:55:27 +02:00
Nacho Rivera
d1c91093e2 feat(cond parser): add policy cond parser & apply in sqs public check (#2575) 2023-07-12 15:39:01 +02:00
Nacho Rivera
66fe101ccd fix(allowlist): handle wildcard in account field (#2577) 2023-07-12 14:22:42 +02:00
Nacho Rivera
b1968f3f8b fix(allowlist): reformat allowlist logic (#2555) 
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
 2023-07-06 15:33:32 +02:00
Nacho Rivera
7097ca401d feat(lambda allowlist): mapping lambda/awslambda in allowlist (#2554) 2023-07-05 11:49:42 +02:00
Sergio Garcia
fa99ee9d5b feat(allowlist): add exceptions to allowlist (#2527) 2023-06-27 12:57:18 +02:00
Sebastian Nyberg
707584b2ef feat(aws): Add MFA flag if try to assume role in AWS (#2478) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
 2023-06-13 17:18:10 +02:00
Sergio Garcia
25e48ae546 chore(arn): include ARN of AWS accounts (#2477) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-06-13 10:18:23 +02:00
Nacho Rivera
eb43b11202 fix(arn validator): include : in regex (#2471) 2023-06-09 13:24:29 +02:00
Sergio Garcia
9cda78e561 chore(docs): improve allowlist suggestion (#2466) 2023-06-09 13:07:28 +02:00
Kevin Pullin
1234c1e7e2 fix(allowlist) - tags parameter is a string, not a list (#2375) 2023-05-23 09:51:50 +02:00
Pepe Fagoaga
e84f5f184e fix(sts): Use the right region to validate credentials (#2349) 
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
 2023-05-18 15:51:57 +02:00
Sergio Garcia
d344318dd4 feat(allowlist): allowlist a specific service (#2331) 2023-05-09 15:43:04 +02:00
Kevin Pullin
c22bf01003 feat(allowlist): Support regexes in Tags to allow "or"-like conditional matching (#2300) 
Co-authored-by: Kevin Pullin <kevinp@nexttrucking.com>
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
 2023-05-05 14:56:27 +02:00
Gabriel Soltz
305b67fbed feat(check): New check cloudtrail_bucket_requires_mfa_delete (#2194) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-04-13 14:18:31 +02:00
Sergio Garcia
51eacbfac5 feat(allowlist): add tags filter to allowlist (#2105) 2023-03-21 11:14:59 +01:00
Pepe Fagoaga
de281535b1 feat(boto3-config): Use standard retrier (#1868) 
Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com>
 2023-02-09 09:58:47 +01:00
Sergio Garcia
c7a9492e96 feat(scan-type): AWS Resource ARNs based scan (#1807) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-02-01 14:09:22 +01:00
Sergio Garcia
3ac4dc8392 feat(scanner): Tag-based scan (#1751) 
Co-authored-by: Toni de la Fuente <toni@blyx.com>
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-01-31 12:19:29 +01:00
Sergio Garcia
d02bd9b717 fix(allowlist): remove re.escape (#1734) 
Co-authored-by: sergargar <sergio@verica.io>
 2023-01-18 17:45:51 +01:00
Sergio Garcia
bb09267f2a feat(pip): Prepare for PyPI (#1531) 2022-12-13 09:07:55 +01:00