prowler-cloud 5.14.1__py3-none-any.whl → 5.15.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dashboard/assets/images/providers/alibabacloud_provider.png +0 -0
- dashboard/compliance/cis_2_0_alibabacloud.py +24 -0
- dashboard/lib/layouts.py +1 -0
- dashboard/pages/compliance.py +8 -2
- dashboard/pages/overview.py +52 -1
- prowler/CHANGELOG.md +59 -20
- prowler/__main__.py +40 -0
- prowler/compliance/alibabacloud/__init__.py +0 -0
- prowler/compliance/alibabacloud/cis_2.0_alibabacloud.json +1833 -0
- prowler/compliance/aws/iso27001_2013_aws.json +158 -158
- prowler/compliance/aws/soc2_aws.json +100 -0
- prowler/compliance/azure/rbi_cyber_security_framework_azure.json +248 -0
- prowler/compliance/azure/soc2_azure.json +87 -1
- prowler/compliance/gcp/soc2_gcp.json +82 -1
- prowler/config/config.py +2 -1
- prowler/lib/check/check.py +47 -1
- prowler/lib/check/models.py +23 -0
- prowler/lib/check/utils.py +1 -1
- prowler/lib/cli/parser.py +3 -2
- prowler/lib/outputs/compliance/cis/cis_alibabacloud.py +106 -0
- prowler/lib/outputs/compliance/cis/models.py +35 -0
- prowler/lib/outputs/finding.py +16 -0
- prowler/lib/outputs/html/html.py +67 -0
- prowler/lib/outputs/outputs.py +2 -0
- prowler/lib/outputs/summary_table.py +3 -0
- prowler/providers/alibabacloud/__init__.py +0 -0
- prowler/providers/alibabacloud/alibabacloud_provider.py +872 -0
- prowler/providers/alibabacloud/config.py +41 -0
- prowler/providers/alibabacloud/exceptions/__init__.py +0 -0
- prowler/providers/alibabacloud/exceptions/exceptions.py +116 -0
- prowler/providers/alibabacloud/lib/__init__.py +0 -0
- prowler/providers/alibabacloud/lib/arguments/__init__.py +0 -0
- prowler/providers/alibabacloud/lib/arguments/arguments.py +58 -0
- prowler/providers/alibabacloud/lib/mutelist/__init__.py +0 -0
- prowler/providers/alibabacloud/lib/mutelist/mutelist.py +175 -0
- prowler/providers/alibabacloud/lib/service/__init__.py +0 -0
- prowler/providers/alibabacloud/lib/service/service.py +113 -0
- prowler/providers/alibabacloud/models.py +266 -0
- prowler/providers/alibabacloud/services/__init__.py +0 -0
- prowler/providers/alibabacloud/services/actiontrail/__init__.py +0 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_client.py +6 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_multi_region_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_multi_region_enabled/actiontrail_multi_region_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_multi_region_enabled/actiontrail_multi_region_enabled.py +81 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_oss_bucket_not_publicly_accessible/__init__.py +0 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_oss_bucket_not_publicly_accessible/actiontrail_oss_bucket_not_publicly_accessible.metadata.json +40 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_oss_bucket_not_publicly_accessible/actiontrail_oss_bucket_not_publicly_accessible.py +119 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_service.py +110 -0
- prowler/providers/alibabacloud/services/cs/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_client.py +4 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cloudmonitor_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cloudmonitor_enabled/cs_kubernetes_cloudmonitor_enabled.metadata.json +38 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cloudmonitor_enabled/cs_kubernetes_cloudmonitor_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_recent/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_recent/cs_kubernetes_cluster_check_recent.metadata.json +38 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_recent/cs_kubernetes_cluster_check_recent.py +62 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_weekly/cs_kubernetes_cluster_check_weekly.metadata.json +38 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_weekly/cs_kubernetes_cluster_check_weekly.py +62 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_dashboard_disabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_dashboard_disabled/cs_kubernetes_dashboard_disabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_dashboard_disabled/cs_kubernetes_dashboard_disabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_eni_multiple_ip_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_eni_multiple_ip_enabled/cs_kubernetes_eni_multiple_ip_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_eni_multiple_ip_enabled/cs_kubernetes_eni_multiple_ip_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_log_service_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_log_service_enabled/cs_kubernetes_log_service_enabled.metadata.json +40 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_log_service_enabled/cs_kubernetes_log_service_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_network_policy_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_network_policy_enabled/cs_kubernetes_network_policy_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_network_policy_enabled/cs_kubernetes_network_policy_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_private_cluster_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_private_cluster_enabled/cs_kubernetes_private_cluster_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_private_cluster_enabled/cs_kubernetes_private_cluster_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_rbac_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_rbac_enabled/cs_kubernetes_rbac_enabled.metadata.json +40 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_rbac_enabled/cs_kubernetes_rbac_enabled.py +28 -0
- prowler/providers/alibabacloud/services/cs/cs_service.py +354 -0
- prowler/providers/alibabacloud/services/ecs/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_attached_disk_encrypted/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_attached_disk_encrypted/ecs_attached_disk_encrypted.metadata.json +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_attached_disk_encrypted/ecs_attached_disk_encrypted.py +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_client.py +4 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_endpoint_protection_installed/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_endpoint_protection_installed/ecs_instance_endpoint_protection_installed.metadata.json +41 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_endpoint_protection_installed/ecs_instance_endpoint_protection_installed.py +47 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_latest_os_patches_applied/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_latest_os_patches_applied/ecs_instance_latest_os_patches_applied.metadata.json +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_latest_os_patches_applied/ecs_instance_latest_os_patches_applied.py +50 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_no_legacy_network/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_no_legacy_network/ecs_instance_no_legacy_network.metadata.json +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_no_legacy_network/ecs_instance_no_legacy_network.py +34 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_rdp_internet/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_rdp_internet/ecs_securitygroup_restrict_rdp_internet.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_rdp_internet/ecs_securitygroup_restrict_rdp_internet.py +68 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_ssh_internet/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_ssh_internet/ecs_securitygroup_restrict_ssh_internet.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_ssh_internet/ecs_securitygroup_restrict_ssh_internet.py +68 -0
- prowler/providers/alibabacloud/services/ecs/ecs_service.py +380 -0
- prowler/providers/alibabacloud/services/ecs/ecs_unattached_disk_encrypted/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_unattached_disk_encrypted/ecs_unattached_disk_encrypted.metadata.json +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_unattached_disk_encrypted/ecs_unattached_disk_encrypted.py +38 -0
- prowler/providers/alibabacloud/services/ecs/lib/security_groups.py +23 -0
- prowler/providers/alibabacloud/services/oss/__init__.py +0 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_logging_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_logging_enabled/oss_bucket_logging_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_logging_enabled/oss_bucket_logging_enabled.py +37 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_not_publicly_accessible/__init__.py +0 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_not_publicly_accessible/oss_bucket_not_publicly_accessible.metadata.json +39 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_not_publicly_accessible/oss_bucket_not_publicly_accessible.py +89 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_secure_transport_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_secure_transport_enabled/oss_bucket_secure_transport_enabled.metadata.json +38 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_secure_transport_enabled/oss_bucket_secure_transport_enabled.py +87 -0
- prowler/providers/alibabacloud/services/oss/oss_client.py +4 -0
- prowler/providers/alibabacloud/services/oss/oss_service.py +317 -0
- prowler/providers/alibabacloud/services/ram/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_client.py +4 -0
- prowler/providers/alibabacloud/services/ram/ram_no_root_access_key/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_no_root_access_key/ram_no_root_access_key.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_no_root_access_key/ram_no_root_access_key.py +33 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_lowercase/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_lowercase/ram_password_policy_lowercase.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_lowercase/ram_password_policy_lowercase.py +32 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_login_attempts/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_login_attempts/ram_password_policy_max_login_attempts.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_login_attempts/ram_password_policy_max_login_attempts.py +32 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_password_age/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_password_age/ram_password_policy_max_password_age.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_password_age/ram_password_policy_max_password_age.py +35 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_minimum_length/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_minimum_length/ram_password_policy_minimum_length.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_minimum_length/ram_password_policy_minimum_length.py +30 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_number/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_password_reuse_prevention/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_password_reuse_prevention/ram_password_policy_password_reuse_prevention.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_password_reuse_prevention/ram_password_policy_password_reuse_prevention.py +35 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_symbol/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_symbol/ram_password_policy_symbol.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_symbol/ram_password_policy_symbol.py +34 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_uppercase/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_uppercase/ram_password_policy_uppercase.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_uppercase/ram_password_policy_uppercase.py +32 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_attached_only_to_group_or_roles/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_attached_only_to_group_or_roles/ram_policy_attached_only_to_group_or_roles.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_attached_only_to_group_or_roles/ram_policy_attached_only_to_group_or_roles.py +35 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_no_administrative_privileges/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_no_administrative_privileges/ram_policy_no_administrative_privileges.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_no_administrative_privileges/ram_policy_no_administrative_privileges.py +73 -0
- prowler/providers/alibabacloud/services/ram/ram_rotate_access_key_90_days/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_rotate_access_key_90_days/ram_rotate_access_key_90_days.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_rotate_access_key_90_days/ram_rotate_access_key_90_days.py +58 -0
- prowler/providers/alibabacloud/services/ram/ram_service.py +478 -0
- prowler/providers/alibabacloud/services/ram/ram_user_console_access_unused/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_user_console_access_unused/ram_user_console_access_unused.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_user_console_access_unused/ram_user_console_access_unused.py +56 -0
- prowler/providers/alibabacloud/services/ram/ram_user_mfa_enabled_console_access/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_user_mfa_enabled_console_access/ram_user_mfa_enabled_console_access.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_user_mfa_enabled_console_access/ram_user_mfa_enabled_console_access.py +36 -0
- prowler/providers/alibabacloud/services/rds/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_client.py +4 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_no_public_access_whitelist/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_no_public_access_whitelist/rds_instance_no_public_access_whitelist.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_no_public_access_whitelist/rds_instance_no_public_access_whitelist.py +36 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_connections_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_connections_enabled/rds_instance_postgresql_log_connections_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_connections_enabled/rds_instance_postgresql_log_connections_enabled.py +29 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_disconnections_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_disconnections_enabled/rds_instance_postgresql_log_disconnections_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_disconnections_enabled/rds_instance_postgresql_log_disconnections_enabled.py +29 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_duration_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_duration_enabled/rds_instance_postgresql_log_duration_enabled.metadata.json +38 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_duration_enabled/rds_instance_postgresql_log_duration_enabled.py +29 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_enabled/rds_instance_sql_audit_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_enabled/rds_instance_sql_audit_enabled.py +32 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_retention/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_retention/rds_instance_sql_audit_retention.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_retention/rds_instance_sql_audit_retention.py +41 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_ssl_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_ssl_enabled/rds_instance_ssl_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_ssl_enabled/rds_instance_ssl_enabled.py +30 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_enabled/rds_instance_tde_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_enabled/rds_instance_tde_enabled.py +32 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_key_custom/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_key_custom/rds_instance_tde_key_custom.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_key_custom/rds_instance_tde_key_custom.py +38 -0
- prowler/providers/alibabacloud/services/rds/rds_service.py +274 -0
- prowler/providers/alibabacloud/services/securitycenter/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_advanced_or_enterprise_edition/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_advanced_or_enterprise_edition/securitycenter_advanced_or_enterprise_edition.metadata.json +43 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_advanced_or_enterprise_edition/securitycenter_advanced_or_enterprise_edition.py +48 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_all_assets_agent_installed/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_all_assets_agent_installed/securitycenter_all_assets_agent_installed.metadata.json +42 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_all_assets_agent_installed/securitycenter_all_assets_agent_installed.py +48 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_client.py +6 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_notification_enabled_high_risk/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_notification_enabled_high_risk/securitycenter_notification_enabled_high_risk.metadata.json +42 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_notification_enabled_high_risk/securitycenter_notification_enabled_high_risk.py +65 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_service.py +394 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_vulnerability_scan_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_vulnerability_scan_enabled/securitycenter_vulnerability_scan_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_vulnerability_scan_enabled/securitycenter_vulnerability_scan_enabled.py +68 -0
- prowler/providers/alibabacloud/services/sls/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_client.py +4 -0
- prowler/providers/alibabacloud/services/sls/sls_cloud_firewall_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_cloud_firewall_changes_alert_enabled/sls_cloud_firewall_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_cloud_firewall_changes_alert_enabled/sls_cloud_firewall_changes_alert_enabled.py +50 -0
- prowler/providers/alibabacloud/services/sls/sls_customer_created_cmk_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_customer_created_cmk_changes_alert_enabled/sls_customer_created_cmk_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_customer_created_cmk_changes_alert_enabled/sls_customer_created_cmk_changes_alert_enabled.py +48 -0
- prowler/providers/alibabacloud/services/sls/sls_logstore_retention_period/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_logstore_retention_period/sls_logstore_retention_period.metadata.json +38 -0
- prowler/providers/alibabacloud/services/sls/sls_logstore_retention_period/sls_logstore_retention_period.py +32 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_authentication_failures_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_authentication_failures_alert_enabled/sls_management_console_authentication_failures_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_authentication_failures_alert_enabled/sls_management_console_authentication_failures_alert_enabled.py +44 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_signin_without_mfa_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_signin_without_mfa_alert_enabled/sls_management_console_signin_without_mfa_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_signin_without_mfa_alert_enabled/sls_management_console_signin_without_mfa_alert_enabled.py +49 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_bucket_policy_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_bucket_policy_changes_alert_enabled/sls_oss_bucket_policy_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_bucket_policy_changes_alert_enabled/sls_oss_bucket_policy_changes_alert_enabled.py +57 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_permission_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_permission_changes_alert_enabled/sls_oss_permission_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_permission_changes_alert_enabled/sls_oss_permission_changes_alert_enabled.py +48 -0
- prowler/providers/alibabacloud/services/sls/sls_ram_role_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_ram_role_changes_alert_enabled/sls_ram_role_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_ram_role_changes_alert_enabled/sls_ram_role_changes_alert_enabled.py +54 -0
- prowler/providers/alibabacloud/services/sls/sls_rds_instance_configuration_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_rds_instance_configuration_changes_alert_enabled/sls_rds_instance_configuration_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_rds_instance_configuration_changes_alert_enabled/sls_rds_instance_configuration_changes_alert_enabled.py +72 -0
- prowler/providers/alibabacloud/services/sls/sls_root_account_usage_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_root_account_usage_alert_enabled/sls_root_account_usage_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_root_account_usage_alert_enabled/sls_root_account_usage_alert_enabled.py +50 -0
- prowler/providers/alibabacloud/services/sls/sls_security_group_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_security_group_changes_alert_enabled/sls_security_group_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_security_group_changes_alert_enabled/sls_security_group_changes_alert_enabled.py +56 -0
- prowler/providers/alibabacloud/services/sls/sls_service.py +137 -0
- prowler/providers/alibabacloud/services/sls/sls_unauthorized_api_calls_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_unauthorized_api_calls_alert_enabled/sls_unauthorized_api_calls_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_unauthorized_api_calls_alert_enabled/sls_unauthorized_api_calls_alert_enabled.py +56 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_changes_alert_enabled/sls_vpc_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_changes_alert_enabled/sls_vpc_changes_alert_enabled.py +57 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_network_route_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_network_route_changes_alert_enabled/sls_vpc_network_route_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_network_route_changes_alert_enabled/sls_vpc_network_route_changes_alert_enabled.py +52 -0
- prowler/providers/alibabacloud/services/vpc/__init__.py +0 -0
- prowler/providers/alibabacloud/services/vpc/vpc_client.py +4 -0
- prowler/providers/alibabacloud/services/vpc/vpc_flow_logs_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled.py +30 -0
- prowler/providers/alibabacloud/services/vpc/vpc_service.py +102 -0
- prowler/providers/aws/aws_regions_by_service.json +20 -0
- prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.metadata.json +1 -3
- prowler/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist.metadata.json +1 -1
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.metadata.json +0 -1
- prowler/providers/aws/services/guardduty/guardduty_centrally_managed/guardduty_centrally_managed.metadata.json +16 -10
- prowler/providers/aws/services/guardduty/guardduty_ec2_malware_protection_enabled/guardduty_ec2_malware_protection_enabled.metadata.json +23 -14
- prowler/providers/aws/services/guardduty/guardduty_eks_audit_log_enabled/guardduty_eks_audit_log_enabled.metadata.json +19 -13
- prowler/providers/aws/services/guardduty/guardduty_eks_runtime_monitoring_enabled/guardduty_eks_runtime_monitoring_enabled.metadata.json +18 -12
- prowler/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled.metadata.json +24 -13
- prowler/providers/aws/services/guardduty/guardduty_lambda_protection_enabled/guardduty_lambda_protection_enabled.metadata.json +20 -14
- prowler/providers/aws/services/guardduty/guardduty_no_high_severity_findings/guardduty_no_high_severity_findings.metadata.json +18 -9
- prowler/providers/aws/services/guardduty/guardduty_rds_protection_enabled/guardduty_rds_protection_enabled.metadata.json +18 -11
- prowler/providers/aws/services/guardduty/guardduty_s3_protection_enabled/guardduty_s3_protection_enabled.metadata.json +21 -12
- prowler/providers/aws/services/lightsail/lightsail_database_public/lightsail_database_public.metadata.json +21 -13
- prowler/providers/aws/services/lightsail/lightsail_instance_automated_snapshots/lightsail_instance_automated_snapshots.metadata.json +24 -13
- prowler/providers/aws/services/lightsail/lightsail_instance_public/lightsail_instance_public.metadata.json +21 -13
- prowler/providers/aws/services/lightsail/lightsail_static_ip_unused/lightsail_static_ip_unused.metadata.json +23 -14
- prowler/providers/aws/services/macie/macie_automated_sensitive_data_discovery_enabled/macie_automated_sensitive_data_discovery_enabled.metadata.json +20 -12
- prowler/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.metadata.json +17 -12
- prowler/providers/aws/services/mq/mq_broker_active_deployment_mode/mq_broker_active_deployment_mode.metadata.json +22 -13
- prowler/providers/aws/services/mq/mq_broker_auto_minor_version_upgrades/mq_broker_auto_minor_version_upgrades.metadata.json +21 -12
- prowler/providers/aws/services/mq/mq_broker_cluster_deployment_mode/mq_broker_cluster_deployment_mode.metadata.json +23 -14
- prowler/providers/aws/services/mq/mq_broker_logging_enabled/mq_broker_logging_enabled.metadata.json +22 -13
- prowler/providers/aws/services/mq/mq_broker_not_publicly_accessible/mq_broker_not_publicly_accessible.metadata.json +20 -12
- prowler/providers/aws/services/networkfirewall/networkfirewall_deletion_protection/networkfirewall_deletion_protection.metadata.json +21 -13
- prowler/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc.metadata.json +23 -13
- prowler/providers/aws/services/networkfirewall/networkfirewall_logging_enabled/networkfirewall_logging_enabled.metadata.json +20 -13
- prowler/providers/aws/services/networkfirewall/networkfirewall_multi_az/networkfirewall_multi_az.metadata.json +22 -14
- prowler/providers/aws/services/networkfirewall/networkfirewall_policy_default_action_fragmented_packets/networkfirewall_policy_default_action_fragmented_packets.metadata.json +26 -14
- prowler/providers/aws/services/networkfirewall/networkfirewall_policy_default_action_full_packets/networkfirewall_policy_default_action_full_packets.metadata.json +22 -13
- prowler/providers/aws/services/networkfirewall/networkfirewall_policy_rule_group_associated/networkfirewall_policy_rule_group_associated.metadata.json +25 -14
- prowler/providers/common/provider.py +12 -0
- prowler/providers/gcp/services/accesscontextmanager/__init__.py +0 -0
- prowler/providers/gcp/services/accesscontextmanager/accesscontextmanager_client.py +6 -0
- prowler/providers/gcp/services/accesscontextmanager/accesscontextmanager_service.py +101 -0
- prowler/providers/gcp/services/cloudresourcemanager/cloudresourcemanager_service.py +10 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_service.py +13 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_uses_vpc_service_controls/__init__.py +0 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_uses_vpc_service_controls/cloudstorage_uses_vpc_service_controls.metadata.json +36 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_uses_vpc_service_controls/cloudstorage_uses_vpc_service_controls.py +67 -0
- prowler/providers/gcp/services/compute/compute_instance_automatic_restart_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_automatic_restart_enabled/compute_instance_automatic_restart_enabled.metadata.json +36 -0
- prowler/providers/gcp/services/compute/compute_instance_automatic_restart_enabled/compute_instance_automatic_restart_enabled.py +35 -0
- prowler/providers/gcp/services/compute/compute_instance_deletion_protection_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_deletion_protection_enabled/compute_instance_deletion_protection_enabled.metadata.json +36 -0
- prowler/providers/gcp/services/compute/compute_instance_deletion_protection_enabled/compute_instance_deletion_protection_enabled.py +29 -0
- prowler/providers/gcp/services/compute/compute_instance_preemptible_vm_disabled/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_preemptible_vm_disabled/compute_instance_preemptible_vm_disabled.metadata.json +37 -0
- prowler/providers/gcp/services/compute/compute_instance_preemptible_vm_disabled/compute_instance_preemptible_vm_disabled.py +32 -0
- prowler/providers/gcp/services/compute/compute_service.py +16 -0
- prowler/providers/github/services/repository/repository_immutable_releases_enabled/__init__.py +0 -0
- prowler/providers/github/services/repository/repository_immutable_releases_enabled/repository_immutable_releases_enabled.metadata.json +33 -0
- prowler/providers/github/services/repository/repository_immutable_releases_enabled/repository_immutable_releases_enabled.py +41 -0
- prowler/providers/github/services/repository/repository_service.py +52 -0
- {prowler_cloud-5.14.1.dist-info → prowler_cloud-5.15.0.dist-info}/METADATA +40 -22
- {prowler_cloud-5.14.1.dist-info → prowler_cloud-5.15.0.dist-info}/RECORD +326 -73
- {prowler_cloud-5.14.1.dist-info → prowler_cloud-5.15.0.dist-info}/LICENSE +0 -0
- {prowler_cloud-5.14.1.dist-info → prowler_cloud-5.15.0.dist-info}/WHEEL +0 -0
- {prowler_cloud-5.14.1.dist-info → prowler_cloud-5.15.0.dist-info}/entry_points.txt +0 -0
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Provider": "gcp",
|
|
3
|
+
"CheckID": "compute_instance_automatic_restart_enabled",
|
|
4
|
+
"CheckTitle": "Compute Engine VM instances have Automatic Restart enabled",
|
|
5
|
+
"CheckType": [],
|
|
6
|
+
"ServiceName": "compute",
|
|
7
|
+
"SubServiceName": "",
|
|
8
|
+
"ResourceIdTemplate": "",
|
|
9
|
+
"Severity": "medium",
|
|
10
|
+
"ResourceType": "compute.googleapis.com/Instance",
|
|
11
|
+
"Description": "**Google Compute Engine virtual machine instances** are evaluated to ensure that **Automatic Restart** is enabled. This feature allows the Google Cloud Compute Engine service to automatically restart VM instances when they are terminated due to non-user-initiated reasons such as maintenance events, hardware failures, or software failures.",
|
|
12
|
+
"Risk": "VM instances without Automatic Restart enabled will not recover automatically from host maintenance events or unexpected failures, potentially leading to prolonged service downtime and requiring manual intervention to restore services.",
|
|
13
|
+
"RelatedUrl": "",
|
|
14
|
+
"AdditionalURLs": [
|
|
15
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/enable-automatic-restart.html",
|
|
16
|
+
"https://cloud.google.com/compute/docs/instances/setting-instance-scheduling-options"
|
|
17
|
+
],
|
|
18
|
+
"Remediation": {
|
|
19
|
+
"Code": {
|
|
20
|
+
"CLI": "gcloud compute instances update <INSTANCE_NAME> --restart-on-failure --zone=<ZONE>",
|
|
21
|
+
"NativeIaC": "",
|
|
22
|
+
"Other": "1) Open Google Cloud Console → Compute Engine → VM instances\n2) Click on the instance name to view details\n3) Click 'Edit' at the top of the page\n4) Under 'Availability policies', set 'Automatic restart' to 'On (recommended)'\n5) Click 'Save' at the bottom of the page",
|
|
23
|
+
"Terraform": "```hcl\n# Example: enable Automatic Restart for a Compute Engine VM instance\nresource \"google_compute_instance\" \"example\" {\n name = var.instance_name\n machine_type = var.machine_type\n zone = var.zone\n\n scheduling {\n automatic_restart = true\n on_host_maintenance = \"MIGRATE\"\n }\n}\n```"
|
|
24
|
+
},
|
|
25
|
+
"Recommendation": {
|
|
26
|
+
"Text": "Enable the Automatic Restart feature for Compute Engine VM instances to enhance system reliability by automatically recovering from crashes or system-initiated terminations. This setting does not interfere with user-initiated shutdowns or stops.",
|
|
27
|
+
"Url": "https://hub.prowler.com/check/compute_instance_automatic_restart_enabled"
|
|
28
|
+
}
|
|
29
|
+
},
|
|
30
|
+
"Categories": [
|
|
31
|
+
"resilience"
|
|
32
|
+
],
|
|
33
|
+
"DependsOn": [],
|
|
34
|
+
"RelatedTo": [],
|
|
35
|
+
"Notes": "VM instances missing the 'scheduling.automaticRestart' field are treated as having Automatic Restart enabled (defaults to true). Preemptible instances and instances with provisioning model set to SPOT are automatically marked as PASS, as they cannot have Automatic Restart enabled by design."
|
|
36
|
+
}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
from prowler.lib.check.models import Check, Check_Report_GCP
|
|
2
|
+
from prowler.providers.gcp.services.compute.compute_client import compute_client
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
class compute_instance_automatic_restart_enabled(Check):
|
|
6
|
+
"""
|
|
7
|
+
Ensure Compute Engine VM instances have Automatic Restart enabled.
|
|
8
|
+
|
|
9
|
+
Reports PASS if a VM instance has automatic restart enabled, otherwise FAIL.
|
|
10
|
+
"""
|
|
11
|
+
|
|
12
|
+
def execute(self) -> list[Check_Report_GCP]:
|
|
13
|
+
findings = []
|
|
14
|
+
for instance in compute_client.instances:
|
|
15
|
+
report = Check_Report_GCP(metadata=self.metadata(), resource=instance)
|
|
16
|
+
|
|
17
|
+
# Preemptible and Spot VMs cannot have automatic restart enabled
|
|
18
|
+
if instance.preemptible or instance.provisioning_model == "SPOT":
|
|
19
|
+
report.status = "FAIL"
|
|
20
|
+
report.status_extended = (
|
|
21
|
+
f"VM Instance {instance.name} is a Preemptible or Spot instance, "
|
|
22
|
+
"which cannot have Automatic Restart enabled by design."
|
|
23
|
+
)
|
|
24
|
+
elif instance.automatic_restart:
|
|
25
|
+
report.status = "PASS"
|
|
26
|
+
report.status_extended = (
|
|
27
|
+
f"VM Instance {instance.name} has Automatic Restart enabled."
|
|
28
|
+
)
|
|
29
|
+
else:
|
|
30
|
+
report.status = "FAIL"
|
|
31
|
+
report.status_extended = f"VM Instance {instance.name} does not have Automatic Restart enabled."
|
|
32
|
+
|
|
33
|
+
findings.append(report)
|
|
34
|
+
|
|
35
|
+
return findings
|
prowler/providers/gcp/services/compute/compute_instance_deletion_protection_enabled/__init__.py
ADDED
|
File without changes
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Provider": "gcp",
|
|
3
|
+
"CheckID": "compute_instance_deletion_protection_enabled",
|
|
4
|
+
"CheckTitle": "VM instance has deletion protection enabled",
|
|
5
|
+
"CheckType": [],
|
|
6
|
+
"ServiceName": "compute",
|
|
7
|
+
"SubServiceName": "",
|
|
8
|
+
"ResourceIdTemplate": "",
|
|
9
|
+
"Severity": "medium",
|
|
10
|
+
"ResourceType": "compute.googleapis.com/Instance",
|
|
11
|
+
"Description": "This check verifies whether GCP Compute Engine VM instances have **deletion protection** enabled to prevent accidental termination of production or critical workloads.",
|
|
12
|
+
"Risk": "Without deletion protection enabled, VM instances are vulnerable to **accidental deletion** by users with sufficient permissions.\n\nThis could result in:\n- **Service disruption** and downtime for critical applications\n- **Data loss** if persistent disks are also deleted\n- **Recovery delays** while recreating instances and restoring configurations",
|
|
13
|
+
"RelatedUrl": "",
|
|
14
|
+
"AdditionalURLs": [
|
|
15
|
+
"https://cloud.google.com/compute/docs/instances/preventing-accidental-vm-deletion",
|
|
16
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/enable-deletion-protection.html"
|
|
17
|
+
],
|
|
18
|
+
"Remediation": {
|
|
19
|
+
"Code": {
|
|
20
|
+
"CLI": "gcloud compute instances update INSTANCE_NAME --deletion-protection --zone=ZONE",
|
|
21
|
+
"NativeIaC": "",
|
|
22
|
+
"Other": "1. Open the Google Cloud Console\n2. Navigate to Compute Engine > VM instances\n3. Select the target VM instance\n4. Click Edit\n5. Under Deletion protection, check the box to enable\n6. Click Save",
|
|
23
|
+
"Terraform": "```hcl\nresource \"google_compute_instance\" \"example_resource\" {\n name = \"example-instance\"\n machine_type = \"e2-medium\"\n zone = \"us-central1-a\"\n\n # Enable deletion protection\n deletion_protection = true\n\n boot_disk {\n initialize_params {\n image = \"debian-cloud/debian-11\"\n }\n }\n\n network_interface {\n network = \"default\"\n }\n}\n```"
|
|
24
|
+
},
|
|
25
|
+
"Recommendation": {
|
|
26
|
+
"Text": "Enable deletion protection on all production and business-critical VM instances to prevent accidental termination. Regularly review instances to ensure critical workloads are protected.",
|
|
27
|
+
"Url": "https://hub.prowler.com/check/compute_instance_deletion_protection_enabled"
|
|
28
|
+
}
|
|
29
|
+
},
|
|
30
|
+
"Categories": [
|
|
31
|
+
"resilience"
|
|
32
|
+
],
|
|
33
|
+
"DependsOn": [],
|
|
34
|
+
"RelatedTo": [],
|
|
35
|
+
"Notes": ""
|
|
36
|
+
}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
from prowler.lib.check.models import Check, Check_Report_GCP
|
|
2
|
+
from prowler.providers.gcp.services.compute.compute_client import compute_client
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
class compute_instance_deletion_protection_enabled(Check):
|
|
6
|
+
"""
|
|
7
|
+
Ensure that VM instance has deletion protection enabled.
|
|
8
|
+
|
|
9
|
+
This check verifies whether GCP Compute Engine VM instances have deletion protection
|
|
10
|
+
enabled to prevent accidental termination of production or critical workloads.
|
|
11
|
+
|
|
12
|
+
- PASS: VM instance has deletion protection enabled.
|
|
13
|
+
- FAIL: VM instance does not have deletion protection enabled.
|
|
14
|
+
"""
|
|
15
|
+
|
|
16
|
+
def execute(self) -> list[Check_Report_GCP]:
|
|
17
|
+
findings = []
|
|
18
|
+
for instance in compute_client.instances:
|
|
19
|
+
report = Check_Report_GCP(metadata=self.metadata(), resource=instance)
|
|
20
|
+
report.status = "PASS"
|
|
21
|
+
report.status_extended = (
|
|
22
|
+
f"VM Instance {instance.name} has deletion protection enabled."
|
|
23
|
+
)
|
|
24
|
+
if not instance.deletion_protection:
|
|
25
|
+
report.status = "FAIL"
|
|
26
|
+
report.status_extended = f"VM Instance {instance.name} does not have deletion protection enabled."
|
|
27
|
+
findings.append(report)
|
|
28
|
+
|
|
29
|
+
return findings
|
|
File without changes
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Provider": "gcp",
|
|
3
|
+
"CheckID": "compute_instance_preemptible_vm_disabled",
|
|
4
|
+
"CheckTitle": "VM instance is not configured as preemptible or Spot VM",
|
|
5
|
+
"CheckType": [],
|
|
6
|
+
"ServiceName": "compute",
|
|
7
|
+
"SubServiceName": "",
|
|
8
|
+
"ResourceIdTemplate": "",
|
|
9
|
+
"Severity": "medium",
|
|
10
|
+
"ResourceType": "compute.googleapis.com/Instance",
|
|
11
|
+
"Description": "This check verifies that VM instances are not configured as **preemptible** or **Spot VMs**.\n\nBoth preemptible and Spot VMs can be terminated by Google at any time when resources are needed elsewhere, making them unsuitable for production and business-critical workloads. Spot VMs are the newer version of preemptible VMs and are Google's recommended approach for interruptible workloads.",
|
|
12
|
+
"Risk": "Preemptible and Spot VMs may be **terminated at any time** by Google Cloud, causing:\n\n- **Service disruptions** for production workloads\n- **Data loss** if workloads are not fault-tolerant\n- **Availability issues** for business-critical applications\n\nThey are designed for batch jobs and fault-tolerant workloads only.",
|
|
13
|
+
"RelatedUrl": "",
|
|
14
|
+
"AdditionalURLs": [
|
|
15
|
+
"https://cloud.google.com/compute/docs/instances/preemptible",
|
|
16
|
+
"https://cloud.google.com/compute/docs/instances/spot",
|
|
17
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/disable-preemptibility.html"
|
|
18
|
+
],
|
|
19
|
+
"Remediation": {
|
|
20
|
+
"Code": {
|
|
21
|
+
"CLI": "",
|
|
22
|
+
"NativeIaC": "",
|
|
23
|
+
"Other": "1. Go to Compute Engine console\n2. Select the preemptible or Spot VM instance\n3. Create a machine image from the instance\n4. Create a new instance from the machine image\n5. During creation, set **VM provisioning model** to **Standard** (not Spot)\n6. Delete the original preemptible or Spot VM instance",
|
|
24
|
+
"Terraform": "```hcl\nresource \"google_compute_instance\" \"example_resource\" {\n name = \"example-instance\"\n machine_type = \"e2-medium\"\n zone = \"us-central1-a\"\n\n scheduling {\n # Use standard provisioning model for production workloads (not Spot)\n provisioning_model = \"STANDARD\"\n # Also ensure preemptible is false (legacy field)\n preemptible = false\n }\n}\n```"
|
|
25
|
+
},
|
|
26
|
+
"Recommendation": {
|
|
27
|
+
"Text": "Use standard provisioning model for production and business-critical VM instances. Preemptible and Spot VMs should only be used for fault-tolerant, batch processing, or non-critical workloads that can handle interruptions.",
|
|
28
|
+
"Url": "https://hub.prowler.com/checks/compute_instance_preemptible_vm_disabled"
|
|
29
|
+
}
|
|
30
|
+
},
|
|
31
|
+
"Categories": [
|
|
32
|
+
"resilience"
|
|
33
|
+
],
|
|
34
|
+
"DependsOn": [],
|
|
35
|
+
"RelatedTo": [],
|
|
36
|
+
"Notes": ""
|
|
37
|
+
}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
from prowler.lib.check.models import Check, Check_Report_GCP
|
|
2
|
+
from prowler.providers.gcp.services.compute.compute_client import compute_client
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
class compute_instance_preemptible_vm_disabled(Check):
|
|
6
|
+
"""
|
|
7
|
+
Ensure GCP Compute Engine VM instances are not preemptible or Spot VMs.
|
|
8
|
+
|
|
9
|
+
- PASS: VM instance is not preemptible (preemptible=False) and not Spot
|
|
10
|
+
(provisioningModel != "SPOT").
|
|
11
|
+
- FAIL: VM instance is preemptible (preemptible=True) or Spot
|
|
12
|
+
(provisioningModel="SPOT").
|
|
13
|
+
"""
|
|
14
|
+
|
|
15
|
+
def execute(self) -> list[Check_Report_GCP]:
|
|
16
|
+
findings = []
|
|
17
|
+
for instance in compute_client.instances:
|
|
18
|
+
report = Check_Report_GCP(metadata=self.metadata(), resource=instance)
|
|
19
|
+
report.status = "PASS"
|
|
20
|
+
report.status_extended = (
|
|
21
|
+
f"VM Instance {instance.name} is not preemptible or Spot VM."
|
|
22
|
+
)
|
|
23
|
+
|
|
24
|
+
if instance.preemptible or instance.provisioning_model == "SPOT":
|
|
25
|
+
report.status = "FAIL"
|
|
26
|
+
vm_type = "preemptible" if instance.preemptible else "Spot VM"
|
|
27
|
+
report.status_extended = (
|
|
28
|
+
f"VM Instance {instance.name} is configured as {vm_type}."
|
|
29
|
+
)
|
|
30
|
+
|
|
31
|
+
findings.append(report)
|
|
32
|
+
return findings
|
|
@@ -133,7 +133,19 @@ class Compute(GCPService):
|
|
|
133
133
|
)
|
|
134
134
|
for disk in instance.get("disks", [])
|
|
135
135
|
],
|
|
136
|
+
automatic_restart=instance.get("scheduling", {}).get(
|
|
137
|
+
"automaticRestart", False
|
|
138
|
+
),
|
|
139
|
+
provisioning_model=instance.get("scheduling", {}).get(
|
|
140
|
+
"provisioningModel", "STANDARD"
|
|
141
|
+
),
|
|
136
142
|
project_id=project_id,
|
|
143
|
+
preemptible=instance.get("scheduling", {}).get(
|
|
144
|
+
"preemptible", False
|
|
145
|
+
),
|
|
146
|
+
deletion_protection=instance.get(
|
|
147
|
+
"deletionProtection", False
|
|
148
|
+
),
|
|
137
149
|
)
|
|
138
150
|
)
|
|
139
151
|
|
|
@@ -365,6 +377,10 @@ class Instance(BaseModel):
|
|
|
365
377
|
service_accounts: list
|
|
366
378
|
ip_forward: bool
|
|
367
379
|
disks_encryption: list
|
|
380
|
+
automatic_restart: bool = False
|
|
381
|
+
preemptible: bool = False
|
|
382
|
+
provisioning_model: str = "STANDARD"
|
|
383
|
+
deletion_protection: bool = False
|
|
368
384
|
|
|
369
385
|
|
|
370
386
|
class Network(BaseModel):
|
prowler/providers/github/services/repository/repository_immutable_releases_enabled/__init__.py
ADDED
|
File without changes
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Provider": "github",
|
|
3
|
+
"CheckID": "repository_immutable_releases_enabled",
|
|
4
|
+
"CheckTitle": "Repository has immutable releases enabled",
|
|
5
|
+
"CheckType": [],
|
|
6
|
+
"ServiceName": "repository",
|
|
7
|
+
"SubServiceName": "",
|
|
8
|
+
"ResourceIdTemplate": "github:user-id:repository/repository-name",
|
|
9
|
+
"Severity": "high",
|
|
10
|
+
"ResourceType": "GitHubRepository",
|
|
11
|
+
"Description": "Immutable releases prevent modification or replacement of published artifacts after publication. When enabled, release assets and binaries become tamper-proof, ensuring artifact integrity throughout the software supply chain.",
|
|
12
|
+
"Risk": "If immutable releases are disabled, release assets can be tampered with after publication, allowing attackers to substitute malicious binaries and undermining supply chain integrity.",
|
|
13
|
+
"RelatedUrl": "https://docs.github.com/en/repositories/releasing-projects-on-github/managing-releases-in-a-repository#preventing-changes-to-releases",
|
|
14
|
+
"Remediation": {
|
|
15
|
+
"Code": {
|
|
16
|
+
"CLI": "",
|
|
17
|
+
"NativeIaC": "",
|
|
18
|
+
"Other": "",
|
|
19
|
+
"Terraform": ""
|
|
20
|
+
},
|
|
21
|
+
"Recommendation": {
|
|
22
|
+
"Text": "Enable immutable releases in the repository settings so release artifacts cannot be altered once published.",
|
|
23
|
+
"Url": "https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/immutable-releases"
|
|
24
|
+
}
|
|
25
|
+
},
|
|
26
|
+
"Categories": [
|
|
27
|
+
"software-supply-chain"
|
|
28
|
+
],
|
|
29
|
+
"DependsOn": [],
|
|
30
|
+
"RelatedTo": [],
|
|
31
|
+
"Notes": ""
|
|
32
|
+
}
|
|
33
|
+
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
from typing import List
|
|
2
|
+
|
|
3
|
+
from prowler.lib.check.models import Check, CheckReportGithub
|
|
4
|
+
from prowler.providers.github.services.repository.repository_client import (
|
|
5
|
+
repository_client,
|
|
6
|
+
)
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
class repository_immutable_releases_enabled(Check):
|
|
10
|
+
"""Ensure immutable releases are enabled for GitHub repositories.
|
|
11
|
+
|
|
12
|
+
Immutable releases prevent post-publication tampering of binaries and release assets.
|
|
13
|
+
"""
|
|
14
|
+
|
|
15
|
+
def execute(self) -> List[CheckReportGithub]:
|
|
16
|
+
"""Run the immutable releases verification for each discovered repository.
|
|
17
|
+
|
|
18
|
+
Returns:
|
|
19
|
+
List[CheckReportGithub]: Collection of check reports describing the immutable releases status.
|
|
20
|
+
"""
|
|
21
|
+
findings: List[CheckReportGithub] = []
|
|
22
|
+
for repo in repository_client.repositories.values():
|
|
23
|
+
if repo.immutable_releases_enabled is None:
|
|
24
|
+
continue
|
|
25
|
+
|
|
26
|
+
report = CheckReportGithub(metadata=self.metadata(), resource=repo)
|
|
27
|
+
|
|
28
|
+
if repo.immutable_releases_enabled:
|
|
29
|
+
report.status = "PASS"
|
|
30
|
+
report.status_extended = (
|
|
31
|
+
f"Repository {repo.name} has immutable releases enabled."
|
|
32
|
+
)
|
|
33
|
+
else:
|
|
34
|
+
report.status = "FAIL"
|
|
35
|
+
report.status_extended = (
|
|
36
|
+
f"Repository {repo.name} does not have immutable releases enabled."
|
|
37
|
+
)
|
|
38
|
+
|
|
39
|
+
findings.append(report)
|
|
40
|
+
|
|
41
|
+
return findings
|
|
@@ -341,6 +341,9 @@ class Repository(GithubService):
|
|
|
341
341
|
name=repo.name,
|
|
342
342
|
owner=repo.owner.login,
|
|
343
343
|
full_name=repo.full_name,
|
|
344
|
+
immutable_releases_enabled=self._get_repository_immutable_releases_status(
|
|
345
|
+
repo
|
|
346
|
+
),
|
|
344
347
|
default_branch=Branch(
|
|
345
348
|
name=default_branch,
|
|
346
349
|
protected=branch_protection,
|
|
@@ -370,6 +373,54 @@ class Repository(GithubService):
|
|
|
370
373
|
f"{repo.full_name}: {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
|
371
374
|
)
|
|
372
375
|
|
|
376
|
+
def _get_repository_immutable_releases_status(self, repo) -> Optional[bool]:
|
|
377
|
+
"""Retrieve the immutable releases status for the provided repository.
|
|
378
|
+
|
|
379
|
+
The API returns a response in the format:
|
|
380
|
+
{
|
|
381
|
+
"enabled": true,
|
|
382
|
+
"enforced_by_owner": false
|
|
383
|
+
}
|
|
384
|
+
|
|
385
|
+
Args:
|
|
386
|
+
repo: The PyGithub repository instance to query.
|
|
387
|
+
|
|
388
|
+
Returns:
|
|
389
|
+
Optional[bool]: True when immutable releases are enabled, False when they are disabled, and None when the status cannot be determined.
|
|
390
|
+
"""
|
|
391
|
+
try:
|
|
392
|
+
_, response = repo._requester.requestJsonAndCheck( # type: ignore[attr-defined]
|
|
393
|
+
"GET",
|
|
394
|
+
f"/repos/{repo.full_name}/immutable-releases",
|
|
395
|
+
headers={
|
|
396
|
+
"Accept": "application/vnd.github+json",
|
|
397
|
+
"X-GitHub-Api-Version": "2022-11-28",
|
|
398
|
+
},
|
|
399
|
+
)
|
|
400
|
+
if isinstance(response, dict) and "enabled" in response:
|
|
401
|
+
return response.get("enabled")
|
|
402
|
+
return None
|
|
403
|
+
except github.GithubException as error:
|
|
404
|
+
status_code = getattr(error, "status", None)
|
|
405
|
+
if status_code == 404:
|
|
406
|
+
logger.info(
|
|
407
|
+
f"{repo.full_name}: immutable releases endpoint not available for this repository."
|
|
408
|
+
)
|
|
409
|
+
return None
|
|
410
|
+
if status_code == 403:
|
|
411
|
+
logger.warning(
|
|
412
|
+
f"{repo.full_name}: insufficient permissions to query immutable releases endpoint."
|
|
413
|
+
)
|
|
414
|
+
return None
|
|
415
|
+
self._handle_github_api_error(
|
|
416
|
+
error, "fetching immutable releases status", repo.full_name
|
|
417
|
+
)
|
|
418
|
+
except Exception as error:
|
|
419
|
+
logger.error(
|
|
420
|
+
f"{repo.full_name}: {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
|
421
|
+
)
|
|
422
|
+
return None
|
|
423
|
+
|
|
373
424
|
|
|
374
425
|
class Branch(BaseModel):
|
|
375
426
|
"""Model for Github Branch"""
|
|
@@ -396,6 +447,7 @@ class Repo(BaseModel):
|
|
|
396
447
|
name: str
|
|
397
448
|
owner: str
|
|
398
449
|
full_name: str
|
|
450
|
+
immutable_releases_enabled: Optional[bool] = None
|
|
399
451
|
default_branch: Branch
|
|
400
452
|
private: bool
|
|
401
453
|
archived: bool
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.3
|
|
2
2
|
Name: prowler-cloud
|
|
3
|
-
Version: 5.
|
|
3
|
+
Version: 5.15.0
|
|
4
4
|
Summary: Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
|
|
5
5
|
License: Apache-2.0
|
|
6
6
|
Author: Toni de la Fuente
|
|
@@ -11,6 +11,19 @@ Requires-Python: >3.9.1,<3.13
|
|
|
11
11
|
Classifier: Programming Language :: Python :: 3
|
|
12
12
|
Classifier: Programming Language :: Python :: 3.9
|
|
13
13
|
Classifier: License :: OSI Approved :: Apache Software License
|
|
14
|
+
Requires-Dist: alibabacloud-gateway-oss-util (==0.0.3)
|
|
15
|
+
Requires-Dist: alibabacloud-rds20140815 (==12.0.0)
|
|
16
|
+
Requires-Dist: alibabacloud-sls20201230 (==5.9.0)
|
|
17
|
+
Requires-Dist: alibabacloud_actiontrail20200706 (==2.4.1)
|
|
18
|
+
Requires-Dist: alibabacloud_credentials (==1.0.3)
|
|
19
|
+
Requires-Dist: alibabacloud_cs20151215 (==6.1.0)
|
|
20
|
+
Requires-Dist: alibabacloud_ecs20140526 (==7.2.5)
|
|
21
|
+
Requires-Dist: alibabacloud_oss20190517 (==1.0.6)
|
|
22
|
+
Requires-Dist: alibabacloud_ram20150501 (==1.2.0)
|
|
23
|
+
Requires-Dist: alibabacloud_sas20181203 (==6.1.0)
|
|
24
|
+
Requires-Dist: alibabacloud_sts20150401 (==1.1.6)
|
|
25
|
+
Requires-Dist: alibabacloud_tea_openapi (==0.4.1)
|
|
26
|
+
Requires-Dist: alibabacloud_vpc20160428 (==6.13.0)
|
|
14
27
|
Requires-Dist: alive-progress (==3.3.0)
|
|
15
28
|
Requires-Dist: awsipranges (==0.3.3)
|
|
16
29
|
Requires-Dist: azure-identity (==1.21.0)
|
|
@@ -84,7 +97,7 @@ Description-Content-Type: text/markdown
|
|
|
84
97
|
<b><i>Prowler</b> is the Open Cloud Security platform trusted by thousands to automate security and compliance in any cloud environment. With hundreds of ready-to-use checks and compliance frameworks, Prowler delivers real-time, customizable monitoring and seamless integrations, making cloud security simple, scalable, and cost-effective for organizations of any size.
|
|
85
98
|
</p>
|
|
86
99
|
<p align="center">
|
|
87
|
-
<b>
|
|
100
|
+
<b>Secure ANY cloud at AI Speed at <a href="https://prowler.com">prowler.com</i></b>
|
|
88
101
|
</p>
|
|
89
102
|
|
|
90
103
|
<p align="center">
|
|
@@ -113,28 +126,32 @@ Description-Content-Type: text/markdown
|
|
|
113
126
|
</p>
|
|
114
127
|
<hr>
|
|
115
128
|
<p align="center">
|
|
116
|
-
<img align="center" src="/docs/img/prowler-
|
|
129
|
+
<img align="center" src="/docs/img/prowler-cloud.gif" width="100%" height="100%">
|
|
117
130
|
</p>
|
|
118
131
|
|
|
119
132
|
# Description
|
|
120
133
|
|
|
121
|
-
**Prowler** is
|
|
134
|
+
**Prowler** is the world’s most widely used _open-source cloud security platform_ that automates security and compliance across **any cloud environment**. With hundreds of ready-to-use security checks, remediation guidance, and compliance frameworks, Prowler is built to _“Secure ANY cloud at AI Speed”_. Prowler delivers **AI-driven**, **customizable**, and **easy-to-use** assessments, dashboards, reports, and integrations, making cloud security **simple**, **scalable**, and **cost-effective** for organizations of any size.
|
|
122
135
|
|
|
123
136
|
Prowler includes hundreds of built-in controls to ensure compliance with standards and frameworks, including:
|
|
124
137
|
|
|
125
|
-
- **
|
|
126
|
-
- **
|
|
138
|
+
- **Prowler ThreatScore:** Weighted risk prioritization scoring that helps you focus on the most critical security findings first
|
|
139
|
+
- **Industry Standards:** CIS, NIST 800, NIST CSF, CISA, and MITRE ATT&CK
|
|
140
|
+
- **Regulatory Compliance and Governance:** RBI, FedRAMP, PCI-DSS, and NIS2
|
|
127
141
|
- **Frameworks for Sensitive Data and Privacy:** GDPR, HIPAA, and FFIEC
|
|
128
|
-
- **Frameworks for Organizational Governance and Quality Control:** SOC2 and
|
|
129
|
-
- **
|
|
130
|
-
- **National Security Standards:** ENS (Spanish National Security Scheme)
|
|
142
|
+
- **Frameworks for Organizational Governance and Quality Control:** SOC2, GXP, and ISO 27001
|
|
143
|
+
- **Cloud-Specific Frameworks:** AWS Foundational Technical Review (FTR), AWS Well-Architected Framework, and BSI C5
|
|
144
|
+
- **National Security Standards:** ENS (Spanish National Security Scheme) and KISA ISMS-P (Korean)
|
|
131
145
|
- **Custom Security Frameworks:** Tailored to your needs
|
|
132
146
|
|
|
133
|
-
## Prowler App
|
|
147
|
+
## Prowler App / Prowler Cloud
|
|
134
148
|
|
|
135
|
-
Prowler App is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.
|
|
149
|
+
Prowler App / [Prowler Cloud](https://cloud.prowler.com/) is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.
|
|
136
150
|
|
|
137
151
|
|
|
152
|
+
|
|
153
|
+
|
|
154
|
+
|
|
138
155
|
|
|
139
156
|
>For more details, refer to the [Prowler App Documentation](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-app-installation)
|
|
140
157
|
|
|
@@ -160,15 +177,16 @@ prowler dashboard
|
|
|
160
177
|
|
|
161
178
|
| Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) | Support | Interface |
|
|
162
179
|
|---|---|---|---|---|---|---|
|
|
163
|
-
| AWS |
|
|
164
|
-
| GCP |
|
|
165
|
-
| Azure |
|
|
166
|
-
| Kubernetes |
|
|
167
|
-
| GitHub |
|
|
180
|
+
| AWS | 584 | 85 | 40 | 17 | Official | UI, API, CLI |
|
|
181
|
+
| GCP | 89 | 17 | 14 | 5 | Official | UI, API, CLI |
|
|
182
|
+
| Azure | 169 | 22 | 15 | 8 | Official | UI, API, CLI |
|
|
183
|
+
| Kubernetes | 84 | 7 | 6 | 9 | Official | UI, API, CLI |
|
|
184
|
+
| GitHub | 20 | 2 | 1 | 2 | Official | UI, API, CLI |
|
|
168
185
|
| M365 | 70 | 7 | 3 | 2 | Official | UI, API, CLI |
|
|
169
|
-
| OCI |
|
|
186
|
+
| OCI | 52 | 15 | 1 | 12 | Official | UI, API, CLI |
|
|
187
|
+
| Alibaba Cloud | 63 | 10 | 1 | 9 | Official | CLI |
|
|
170
188
|
| IaC | [See `trivy` docs.](https://trivy.dev/latest/docs/coverage/iac/) | N/A | N/A | N/A | Official | UI, API, CLI |
|
|
171
|
-
| MongoDB Atlas | 10 |
|
|
189
|
+
| MongoDB Atlas | 10 | 4 | 0 | 3 | Official | UI, API, CLI |
|
|
172
190
|
| LLM | [See `promptfoo` docs.](https://www.promptfoo.dev/docs/red-team/plugins/) | N/A | N/A | N/A | Official | CLI |
|
|
173
191
|
| NHN | 6 | 2 | 1 | 0 | Unofficial | CLI |
|
|
174
192
|
|
|
@@ -231,7 +249,7 @@ You can find more information in the [Troubleshooting](./docs/troubleshooting.md
|
|
|
231
249
|
|
|
232
250
|
* `git` installed.
|
|
233
251
|
* `poetry` v2 installed: [poetry installation](https://python-poetry.org/docs/#installation).
|
|
234
|
-
* `
|
|
252
|
+
* `pnpm` installed: [pnpm installation](https://pnpm.io/installation).
|
|
235
253
|
* `Docker Compose` installed: https://docs.docker.com/compose/install/.
|
|
236
254
|
|
|
237
255
|
**Commands to run the API**
|
|
@@ -287,9 +305,9 @@ python -m celery -A config.celery beat -l info --scheduler django_celery_beat.sc
|
|
|
287
305
|
``` console
|
|
288
306
|
git clone https://github.com/prowler-cloud/prowler
|
|
289
307
|
cd prowler/ui
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
308
|
+
pnpm install
|
|
309
|
+
pnpm run build
|
|
310
|
+
pnpm start
|
|
293
311
|
```
|
|
294
312
|
|
|
295
313
|
> Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.
|