Skip to content

Prowler 3.8.0 - Days of Future Past
Compare
Choose a tag to compare
@jfagoagas jfagoagas released this 03 Aug 15:33
· 2764 commits to master since this release
3.8.0
0f61027

A war in heaven in God's rage
He put me in this burning cage
Holy fury locks me in
Imprisoned by my deadly sin
Every hour the shadow king
Wonders what his clock will bring
I've lived and loved and that's for sure
My fatal quest forever more

2 weeks before this release, most of the Prowler full time team were watching Iron Maiden live, probably the best day of the year for us being together. This song Days of Future Past was the fourth they played in that show, we invite you to play it while reading what is new in this version that we have just crafted for you all right before BlackHat, DEFCON and BSides Vegas. Remember we will be at Black Hat Arsenal on Wednesday!

Special thanks for contributions on this release to @jchrisfarris, @edurra and @gabriel-pragin-clearscale, your code and feedback is very helpful to improve Prowler. THANK YOU!

New features to highlight in this version:

🥳 GCP scans are now x10 faster!

  • We have improved the way Prowler scans GCP regions, locations and zones so now it is on average 10 times faster than before. Try it with prowler gcp --compliance cis_2.0_gcp if you dare!

📝 New Azure service supported sqlserver and 3 new checks available

  • sqlserver_auditing_enabled, sqlserver_azuread_administrator_enabled and sqlserver_unrestricted_inbound_access.
  • We have added new service to the Azure provider for sqlserver with 3 checks. Try them with prowler azure --service sqlserver and let us know!

⚙️ New checks for AWS!:

  • Two new checks for AWS for S3:s3_bucket_public_list_acl and s3_bucket_public_write_acl. Try them with prowler aws --service s3 and improve your security posture now!

What's Changed

Features

  • feat(aws): New AWSService class as parent by @jfagoagas in #2638
  • feat(azure): add Azure SQL Server service and 3 checks by @edurra in #2665
  • feat(azure): New parent class by @jfagoagas in #2642
  • feat(gcp): Add internet-exposed and encryption categories by @jfagoagas in #2663
  • feat(gcp): Improve gcp performance by @sergargar in #2662
  • feat(gcp): Parent class by @jfagoagas in #2641
  • feat(s3): Add checks for publicly listable Buckets or writable buckets by ACL by @jchrisfarris in #2628

Fixes

  • fix(cloudtrail): Set status to INFO when trail is outside the audited account by @jfagoagas in #2643
  • fix(cryptography): Update to 41.0.3 by @jfagoagas in #2661
  • fix(docs): Azure auth and Slack integration by @jfagoagas in #2659
  • fix(ec2_instance_secrets_user_data): Include line numbers in status by @jfagoagas in #2639
  • fix(iam_policy_allows_privilege_escalation): Handle permissions in groups by @jfagoagas in #2655
  • fix(outputs): Not use reserved keyword list as variable by @jfagoagas in #2657
  • fix(s3_bucket_level_public_access_block): check s3 public access block at account level by @sergargar in #2653
  • fix(sns): handle topic policy conditions by @sergargar in #2660
  • fix(test_only_aws_service_linked_roles): Flaky test by @jfagoagas in #2666
  • fix(vpc_endpoint_connections_trust_boundaries): Handle AWS Account ID as Principal by @jfagoagas in #2611

Tests

Chores

Dependencies

  • build(deps): bump azure-mgmt-authorization from 3.0.0 to 4.0.0 by @dependabot in #2652
  • build(deps): bump google-api-python-client from 2.94.0 to 2.95.0 by @dependabot in #2649
  • build(deps): bump mkdocs-material from 9.1.19 to 9.1.20 by @dependabot in #2648
  • build(deps-dev): bump flake8 from 6.0.0 to 6.1.0 by @dependabot in #2651
  • build(deps-dev): bump moto from 4.1.13 to 4.1.14 by @dependabot in #2650

New Contributors

Full Changelog: 3.7.2...3.8.0

Contributors

jchrisfarris, jfagoagas, and 4 other contributors
Assets 2
Loading