Merge branch 'master' into PRWLR-5695-review-sdk-container-actions-fo…

…r-v-4

.github/codeql/api-codeql-config.yml

@@ -1,3 +1,3 @@
-name: "Custom CodeQL Config for API"
+name: "API - CodeQL Config"
 paths:
-  - 'api/'
+  - "api/"

.github/codeql/sdk-codeql-config.yml

@@ -0,0 +1,4 @@
+name: "SDK - CodeQL Config"
+paths-ignore:
+  - "api/"
+  - "ui/"

.github/codeql/ui-codeql-config.yml

@@ -1,3 +1,3 @@
-name: "Custom CodeQL Config for UI"
+name: "UI - CodeQL Config"
 paths:
   - "ui/"

.github/dependabot.yml

@@ -5,6 +5,7 @@
 
 version: 2
 updates:
+  # v5
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
@@ -14,6 +15,7 @@ updates:
     labels:
       - "dependencies"
       - "pip"
+
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
@@ -23,7 +25,41 @@ updates:
     labels:
       - "dependencies"
       - "github_actions"
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+    target-branch: master
+    labels:
+      - "dependencies"
+      - "npm"
+
+  # v4.6
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+    target-branch: v4.6
+    labels:
+      - "dependencies"
+      - "pip"
+      - "v4"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+    target-branch: v3
+    labels:
+      - "dependencies"
+      - "github_actions"
+      - "v4"
 
+  # v3
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
@@ -34,6 +70,7 @@ updates:
       - "dependencies"
       - "pip"
       - "v3"
+
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:

.github/workflows/api-codeql.yml

@@ -9,19 +9,19 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: "API - CodeQL"
+name: API - CodeQL
 
 on:
   push:
-    branches: 
+    branches:
       - "master"
       - "v3"
       - "v4.*"
       - "v5.*"
     paths:
       - "api/**"
   pull_request:
-    branches: 
+    branches:
       - "master"
       - "v3"
       - "v4.*"

.github/workflows/api-pull-request.yml

@@ -1,4 +1,4 @@
-name: "API - Pull Request"
+name: API - Pull Request
 
 on:
   push:

.github/workflows/backport.yml

@@ -1,42 +1,45 @@
-name: Automatic Backport
+name: Prowler - Automatic Backport
 
 on:
   pull_request_target:
     branches: ['master']
     types: ['labeled', 'closed']
 
+env:
+  BACKPORT_LABEL_PREFIX: backport-to-v
+  BACKPORT_LABEL_IGNORE: was-backported
+
 jobs:
   backport:
     name: Backport PR
-    if: github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport'))
+    if: github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport')) && !(contains(github.event.pull_request.labels.*.name, 'was-backported'))
     runs-on: ubuntu-latest
     permissions:
       id-token: write
       pull-requests: write
       contents: write
     steps:
-      # Workaround not to fail the workflow if the PR does not need a backport
-      # https://github.com/sorenlouv/backport-github-action/issues/127#issuecomment-2258561266
-      - name: Check for backport labels
-        id: check_labels
-        run: |-
-          labels='${{ toJSON(github.event.pull_request.labels.*.name) }}'
-          echo "$labels"
-          matched=$(echo "${labels}" | jq '. | map(select(startswith("backport-to-"))) | length')
-          echo "matched=$matched"
-          echo "matched=$matched" >> $GITHUB_OUTPUT
+      - name: Check labels
+        id: preview_label_check
+        uses: docker://agilepathway/pull-request-label-checker:v1.6.55
+        with:
+          allow_failure: true
+          prefix_mode: true
+          one_of: ${{ env.BACKPORT_LABEL_PREFIX}}
+          none_of: ${{ env.BACKPORT_LABEL_IGNORE}}
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Backport Action
-        if: fromJSON(steps.check_labels.outputs.matched) > 0
+        if: steps.preview_label_check.outputs.label_check == 'success'
         uses: sorenlouv/backport-github-action@v9.5.1
         with:
           github_token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          auto_backport_label_prefix: backport-to-
+          auto_backport_label_prefix: ${{ env.BACKPORT_LABEL_PREFIX}}
 
       - name: Info log
-        if: ${{ success() && fromJSON(steps.check_labels.outputs.matched) > 0 }}
+        if: ${{ success() && steps.preview_label_check.outputs.label_check == 'success' }}
         run: cat ~/.backport/backport.info.log
 
       - name: Debug log
-        if: ${{ failure() && fromJSON(steps.check_labels.outputs.matched) > 0 }}
+        if: ${{ failure() && steps.preview_label_check.outputs.label_check == 'success' }}
         run: cat ~/.backport/backport.debug.log

.github/workflows/build-documentation-on-pr.yml

@@ -1,4 +1,4 @@
-name: Pull Request Documentation Link
+name: Prowler - Pull Request Documentation Link
 
 on:
   pull_request:

.github/workflows/find-secrets.yml

@@ -1,4 +1,4 @@
-name: Find secrets
+name: Prowler - Find secrets
 
 on: pull_request
 
@@ -16,4 +16,4 @@ jobs:
           path: ./
           base: ${{ github.event.repository.default_branch }}
           head: HEAD
-          extra_args: --only-verified
+          extra_args: --only-verified

.github/workflows/labeler.yml

@@ -1,4 +1,4 @@
-name: "Pull Request Labeler"
+name: Prowler - PR Labeler
 
 on:
     pull_request_target:

.github/workflows/build-lint-push-containers.yml → .github/workflows/sdk-build-lint-push-containers.yml

@@ -1,4 +1,4 @@
-name: Build and Push containers
+name: SDK - Build and Push containers
 
 on:
   push:

.github/workflows/codeql.yml → .github/workflows/sdk-codeql.yml

@@ -9,19 +9,19 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: "CodeQL"
+name: SDK - CodeQL
 
 on:
   push:
-    branches: 
+    branches:
       - "master"
       - "v3"
       - "v4.*"
     paths-ignore:
       - 'ui/**'
       - 'api/**'
   pull_request:
-    branches: 
+    branches:
       - "master"
       - "v3"
       - "v4.*"
@@ -55,7 +55,7 @@ jobs:
       uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
-        config-file: ./.github/codeql/codeql-config.yml
+        config-file: ./.github/codeql/sdk-codeql-config.yml
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3

.github/workflows/pull-request.yml → .github/workflows/sdk-pull-request.yml

@@ -1,4 +1,4 @@
-name: "Pull Request"
+name: SDK - Pull Request
 
 on:
   push:

.github/workflows/pypi-release.yml → .github/workflows/sdk-pypi-release.yml

@@ -1,4 +1,4 @@
-name: PyPI release
+name: SDK - PyPI release
 
 on:
   release:

.github/workflows/refresh_aws_services_regions.yml → .github/workflows/sdk-refresh-aws-services-regions.yml

@@ -1,6 +1,6 @@
 # This is a basic workflow to help you get started with Actions
 
-name: Refresh regions of AWS services
+name: SDK - Refresh AWS services' regions
 
 on:
   schedule:

.github/workflows/ui-codeql.yml

@@ -9,7 +9,7 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: "UI - CodeQL"
+name: UI - CodeQL
 
 on:
   push:

.github/workflows/ui-checks.yml → .github/workflows/ui-pull-request.yml

@@ -1,4 +1,4 @@
-name: "UI - Pull Request"
+name: UI - Pull Request
 
 on:
   pull_request:
@@ -31,4 +31,4 @@ jobs:
         run: npm run healthcheck
       - name: Build the application
         working-directory: ./ui
-        run: npm run build
+        run: npm run build

README.md

@@ -3,7 +3,7 @@
   <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-white.png#gh-dark-mode-only" width="50%" height="50%">
 </p>
 <p align="center">
-  <b><i>Prowler SaaS </b> and <b>Prowler Open Source</b> are as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
+  <b><i>Prowler Open Source</b> is as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
 </p>
 <p align="center">
 <b>Learn more at <a href="https://prowler.com">prowler.com</i></b>
@@ -43,7 +43,7 @@
 
 # Description
 
-**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler SaaS</a>.
+**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler Cloud</a>.
 
 ## Prowler App
 

docs/index.md

@@ -1,4 +1,4 @@
-**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler SaaS</a>.
+**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler Cloud</a>.
 
 ## Prowler App
 
@@ -29,7 +29,7 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe
 
 Prowler App can be installed in different ways, depending on your environment:
 
-> See how to use Prowler App in the [Prowler App](tutorials/prowler-app.md) section.
+> See how to use Prowler App in the [Prowler App Tutorial](tutorials/prowler-app.md) section.
 
 === "Docker Compose"
 
@@ -65,6 +65,9 @@ Prowler App can be installed in different ways, depending on your environment:
     * `npm` installed: [npm installation](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm).
     * `Docker Compose` installed: https://docs.docker.com/compose/install/.
 
+    ???+ warning
+        Make sure to have `api/.env` and `ui/.env.local` files with the required environment variables. You can find the required environment variables in the [`api/.env.template`](https://github.com/prowler-cloud/prowler/blob/master/api/.env.example) and [`ui/.env.template`](https://github.com/prowler-cloud/prowler/blob/master/ui/.env.template) files.
+
     _Commands to run the API_:
 
     ``` bash
@@ -107,9 +110,6 @@ Prowler App can be installed in different ways, depending on your environment:
 
     > Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.
 
-    ???+ warning
-        Make sure to have `api/.env` and `ui/.env.local` files with the required environment variables. You can find the required environment variables in the [`api/.env.template`](https://github.com/prowler-cloud/prowler/blob/master/api/.env.example) and [`ui/.env.template`](https://github.com/prowler-cloud/prowler/blob/master/ui/.env.template) files.
-
     ???+ warning
         Google and GitHub authentication is only available in [Prowler Cloud](https://prowler.com).
 

docs/security.md

@@ -13,7 +13,7 @@ As an **AWS Partner** and we have passed the [AWS Foundation Technical Review (F
 
 ## Reporting Vulnerabilities
 
-If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or Prowler SaaS service, please submit the information by contacting to us via [**support.prowler.com**](http://support.prowler.com).
+If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or Prowler Cloud service, please submit the information by contacting to us via [**support.prowler.com**](http://support.prowler.com).
 
 The information you share with the Prowler team as part of this process is kept confidential within Prowler. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.