prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

APACHE-2.0 License

Downloads
192.3K
Stars
9.5K
Committers
239
View Code on GitHub Visit Website View on X
Ecosystems: Azure, Python, Amazon Web Services

Bot releases are visible (Hide)

prowler - Prowler 3.16.13 - Back in the Village Latest Release

Published by sergargar 3 months ago

What's Changed

Fixes

Chores

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.12...3.16.13

prowler - Prowler 3.16.12 - Back in the Village

Published by sergargar 3 months ago

What's Changed

Chores

  • chore(v3): update latest changes from v4 by @sergargar in https://github.com/prowler-cloud/prowler/pull/4459
    • fix(glue): add getters for connection attributes (#4445)
    • fix(iam_avoid_root_usage): change timestamp format (#4446)
    • fix(entra): Change to correct service in entra_user_with_vm_access_has_mfa metadata (#4454)

Dependencies

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.11...3.16.12

prowler - Prowler 3.16.11 - Back in the Village

Published by sergargar 4 months ago

What's Changed

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.10...3.16.11

prowler - Prowler 3.16.10 - Back in the Village

Published by sergargar 4 months ago

What's Changed

Chores

  • chore(v3): include latest v4 changes by @sergargar in https://github.com/prowler-cloud/prowler/pull/4350
    • chore(acm): Improve near-expiration certificates check (#4207)
    • chore(network): Reduce network watchers azure check findings (#4242)
    • fix(aws): aws check and metadata fixes (#4251)
    • chore(s3): reduce false positive in s3 public check (#4281)
    • fix(rds): handle not existing endpoint (#4285)
    • fix(csv-outputs): compliance outputs not showing consistents values (#4287)
    • fix(codebuild): enhance service functions (#4319)
    • fix(aws): parallelize functions per resource (#4323)
    • fix(s3): handle empty Action in bucket policy (#4328)

Dependencies

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.9...3.16.10

prowler - Prowler 4.2.4 - 2 Minutes to Midnight

Published by sergargar 5 months ago

What's Changed

Fixes

Chores

New Contributors

Full Changelog: https://github.com/prowler-cloud/prowler/compare/4.2.3...4.2.4

prowler - Prowler 4.2.3 - 2 Minutes to Midnight

Published by sergargar 5 months ago

What's Changed

Fixes

Documentation

Full Changelog: https://github.com/prowler-cloud/prowler/compare/4.2.2...4.2.3

prowler - Prowler 3.16.9 - Back in the Village

Published by sergargar 5 months ago

What's Changed

Chores

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.8...3.16.9

prowler - Prowler 4.2.2 - 2 Minutes to Midnight

Published by sergargar 5 months ago

What's Changed

Fixes

Chores

Full Changelog: https://github.com/prowler-cloud/prowler/compare/4.2.1...4.2.2

prowler - Prowler 3.16.8 - Back in the Village

Published by sergargar 5 months ago

What's Changed

Fixes

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.7...3.16.8

prowler - Prowler 3.16.7 - Back in the Village

Published by sergargar 5 months ago

What's Changed

Chores

  • chore(backport): include latest changes of v4 by @sergargar in https://github.com/prowler-cloud/prowler/pull/4159
    • fix(defender): Add new parameter required by new API version (#4147)
    • chore(iam): Downgrade AWS IAM check severity (#4149)
    • fix(rds): use correct API call for cluster parameters (#4150)
    • fix(dependencies): ignore jinja vulnerability (#4154)
    • fix(cloudtrail): trail.region must be home region (#4153)
    • fix(trustedadvisor): handle AccessDenied exception (#4158)

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.6...3.16.7

prowler - Prowler 3.16.6 - Back in the Village

Published by sergargar 5 months ago

What's Changed

Fixes

Chores

  • chore(backport): put latest changes of v4 to v3 by @sergargar in https://github.com/prowler-cloud/prowler/pull/4144
    • chore(aws): Add failed_checks to track (#4018)
    • feat(rds): Add AWS RDS clusters to transport encryption check (#4028)
    • fix(gcp): handle projects API Call error (#4055)
    • fix(doc): mapping of extra748 and add extra74 (#4059)
    • chore(IAM): Improve IAM checks for Azure (#4061)
    • chore(regions_update): Changes in regions for AWS services. (#4071)
    • chore(slack): change Slack channel name env variable (#4080)
    • fix(rds): solve ParameterValue KeyError (#4085)
    • fix(opensearch): handle non existing SAMLOptions in domain (#4086)
    • fix(rds): ParameterValue MySQL and MariaDB RDS Instances (#4116)
    • chore(regions_update): Changes in regions for AWS services. (#4126)
    • chore(cloudformation): Update related URL (#4134)
    • chore(vpc): add scan unused services logic to VPC checks (#4137)
    • fix(allowlist): return False if something fails (#4140)
    • fix(outputs): fill compliance field for outputs (#4054)
    • chore(ec2): add scan unused services logic to SG check (#4138)

Dependencies

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.5...3.16.6

prowler - Prowler 4.2.1 - 2 Minutes to Midnight

Published by sergargar 5 months ago

What's Changed

Fixes

Chores

Full Changelog: https://github.com/prowler-cloud/prowler/compare/4.2.0...4.2.1

prowler - Prowler 4.2.0 - 2 Minutes to Midnight

Published by sergargar 5 months ago

The blind men shout,
"Let the creatures out! We'll show the unbelievers"

Here we have Prowler 4.2.0 - 2 Minutes to Midnight πŸš€ bringing a new look for Prowler with this Iron Maiden song.

New features to highlight in this version

πŸ₯³ New Prowler logo
This version comes with a new look of Prowler thanks to the new logo:
Prowler_Black

πŸ’ͺ🏼 55 New AWS checks
Prowler is improving its AWS coverage by including 55 new checks for Kafka, Lightsail, Storage Gateway, DynamoDB, Cognito, EC2, EventBridge, SNS and RDS.
Special thanks to our external contributors @madereddy, @rieck-srlabs and @Davidm4r for doing new checks πŸ™Œ
See all the new available checks with prowler aws --list-checks

πŸ“ HTML output is back!
We have listened you and as our community is always first, we brought our HTML back πŸ˜„
Get it again with prowler <provider> -M/--output-formats html

✍️ Custom Checks Metadata
Now you can override the all the metadata fields from a check using the --custom-checks-metadata-file custom_checks_metadata.yaml flag.

See more in https://docs.prowler.cloud/en/latest/tutorials/custom-checks-metadata/

πŸ”§ Other issues and bug fixes solved for all the cloud providers

Features

Fixes

Chores

Dependencies

Documentation

New Contributors

Full Changelog: https://github.com/prowler-cloud/prowler/compare/4.1.0...4.2.0

prowler - Prowler 3.16.5 - Back in the Village

Published by sergargar 5 months ago

What's Changed

Chores

  • chore(backport): include latest changes of v4 in v3 by @sergargar in https://github.com/prowler-cloud/prowler/pull/4027
    • fix(rds): add ReadReplicaSourceDBInstanceIdentifier to db_instance (#3912)
    • feat(ec2): add EC2 Security group check to verify if at least one port is open (#3962)
    • chore(regions_update): Changes in regions for AWS services. (#3965)
    • chore(rds): support more AWS RDS DB Instance engines in encryption check (#3968)
    • chore(regions_update): Changes in regions for AWS services. (#3971)
    • chore(deps): remove mrestazure deprecated (#3974)
    • chore(regions_update): Changes in regions for AWS services. (#4009)
    • fix(elasticache): make previous comprobations for subnet (#4014)
    • chore(regions_update): Changes in regions for AWS services. (#4017)
    • chore(compliance): change security group any port check. (#4019)
    • chore(regions_update): Changes in regions for AWS services. (#4023)
  • chore(safety-v3): ignore pip vulnerability by @sergargar in https://github.com/prowler-cloud/prowler/pull/4008

Dependencies

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.4...3.16.5

prowler - Prowler 3.16.4 - Back in the Village

Published by sergargar 6 months ago

What's Changed

Chores

  • chore(v3): backport latest v4 changes by @sergargar in https://github.com/prowler-cloud/prowler/pull/3916

    • test(gcp): Add new services tests to GCP (#3796)
    • fix(aws): not show findings when AccessDenieds (#3803)
    • fix(metadata): remove semicolons from metadata texts (#3830)
    • chore(regions_update): Changes in regions for AWS services. (#3848)
    • chore(gcp): handle list projects API call errors (#3849)
    • chore(regions_update): Changes in regions for AWS services. (#3855)
    • fix(KeyError): handle CacheSubnetGroupName keyError (#3856)
    • chore(docs): update BridgeCrew links in metadata to our local docs li…
    • chore(regions_update): Changes in regions for AWS services. (#3862)
    • fix(efs): check all public conditions (#3872)
    • docs(unit-testing): Add GCP services documentation (#3901)
    • fix(vpc): solve subnet route key error (#3902)
    • fix(vpc): solve AWS principal key error (#3903)
    • fix(ec2): handle non-existing private ip (#3906)
    • chore(regions_update): Changes in regions for AWS services. (#3908)
    • test(gcp): Add Compute client the project_ids parameter (#3918)
    • chore(regions_update): Changes in regions for AWS services. (#3915)
    • fix(efs): change public EFS check metadata (#3917)
    • chore(regions_update): Changes in regions for AWS services. (#3929)

  • chore(backport): Add latest changes by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3960

    • chore(regions_update): Changes in regions for AWS services. (#3957)
    • fix(s3): Handle if regional client is present (#3959)

Fixes

Dependencies

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.3...3.16.4

prowler - Prowler 3.16.3 - Back in the Village

Published by sergargar 6 months ago

What's Changed

Fixes

Chores

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.2...3.16.3

prowler - Prowler 4.1.0 - Aces High

Published by jfagoagas 6 months ago

There goes the siren that warns of the air raid
There comes the sound of the guns sending flak
Out for the scramble we've got to get airborne
Got to get up for the coming attack

Here we have Prowler 4.1.0 Aces High πŸš€ ready to help you improve your Cloud security with this Iron Maiden song.

New features to highlight in this version

πŸ–ŠοΈ GCP flags to list, exclude/include Project IDs

  • Now the --project-ids flag allows you to use *, as a prefix or suffix, to include the project ids you want to scan.
  • The --list-project-ids allows you to copy and paste values and know the accessible projects to be scanned with the provided crendentials.
  • The --excluded-project-ids flag allows you to exclude the projects to be scanned and it also accepts *.

πŸ”¨ 13 new fixers (remediations) for AWS

  • We have included 13 new fixers for services like Access Analyzer, CloudTrail, GuardDuty, KMS, Security Hub and IAM. You can get all the available fixers with prowler aws --list-fixers then go per check to remediate the failed findings by prowler aws --check guardduty_is_enabled --fixer.
  • Some of those fixers are configurable using the fixer_config.yaml file present in the prowler/config folder. You can read more about the fixer and how to configure it here

πŸ“˜ New fields for the OCSF Detection Finding

  • We have included the check_id, compliance and all the Prowler check's metadata within the OCSF Detection Finding that Prowler generates in the .ocsf.json output file. You can read more about this finding format here.

πŸ”§ Other issues and bug fixes solved for all the cloud providers

Features

Fixes

Chores

Dependencies

Documentation

New Contributors

Full Changelog: https://github.com/prowler-cloud/prowler/compare/4.0.1...4.1.0

prowler - Prowler 3.16.2 - Back in the Village

Published by jfagoagas 6 months ago

What's Changed

Fixes

Chores

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.1...3.16.2

prowler - Prowler 3.16.1 - Back in the Village

Published by sergargar 6 months ago

What's Changed

Fixes

Chores

Docs

Builds

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.0...3.16.1

prowler - Prowler 4.0.1 - The Trooper

Published by sergargar 6 months ago

What's Changed

Fixes

Chores

Documentation

Dependencies

Full Changelog: https://github.com/prowler-cloud/prowler/compare/4.0.0...4.0.1

Package Rankings
Top 6.01% on Pypi.org
Related Projects
object-store-python

Python bindings and arrow integration for the rust object_store crate.

10 Sep 2022 52
awesome-cloud-security

πŸ›‘οΈ Awesome Cloud Security Resources βš”οΈ

10 May 2020 1,921
checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as c...

27 Nov 2019 6,762
examples

Infrastructure, containers, and serverless apps to AWS, Azure, GCP, and Kubernetes... all deploye...

27 Oct 2017 2,356
pulumi

Pulumi - Infrastructure as Code in any programming language πŸš€

31 Oct 2016 21,518
cs-suite

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastru...

16 Aug 2017 1,122
cloud-custodian

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to q...

01 Mar 2016 5,195