diff --git a/.github/codeql/api-codeql-config.yml b/.github/codeql/api-codeql-config.yml
index ac8ca6beb54..9ce26a36512 100644
--- a/.github/codeql/api-codeql-config.yml
+++ b/.github/codeql/api-codeql-config.yml
@@ -1,3 +1,3 @@
-name: "Custom CodeQL Config for API"
+name: "API - CodeQL Config"
paths:
- - 'api/'
\ No newline at end of file
+ - "api/"
diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
deleted file mode 100644
index f31f68cba85..00000000000
--- a/.github/codeql/codeql-config.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-name: "Custom CodeQL Config"
-paths-ignore:
- - 'api/'
- - 'ui/'
\ No newline at end of file
diff --git a/.github/codeql/sdk-codeql-config.yml b/.github/codeql/sdk-codeql-config.yml
new file mode 100644
index 00000000000..7982398f423
--- /dev/null
+++ b/.github/codeql/sdk-codeql-config.yml
@@ -0,0 +1,4 @@
+name: "SDK - CodeQL Config"
+paths-ignore:
+ - "api/"
+ - "ui/"
diff --git a/.github/codeql/ui-codeql-config.yml b/.github/codeql/ui-codeql-config.yml
index 62ebee5617a..fa4f80cae5c 100644
--- a/.github/codeql/ui-codeql-config.yml
+++ b/.github/codeql/ui-codeql-config.yml
@@ -1,3 +1,3 @@
-name: "Custom CodeQL Config for UI"
+name: "UI - CodeQL Config"
paths:
- "ui/"
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 7b06e0da7a2..4be019726a4 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,6 +5,7 @@
version: 2
updates:
+ # v5
- package-ecosystem: "pip"
directory: "/"
schedule:
@@ -14,6 +15,7 @@ updates:
labels:
- "dependencies"
- "pip"
+
- package-ecosystem: "github-actions"
directory: "/"
schedule:
@@ -23,7 +25,41 @@ updates:
labels:
- "dependencies"
- "github_actions"
+
+ - package-ecosystem: "npm"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ open-pull-requests-limit: 10
+ target-branch: master
+ labels:
+ - "dependencies"
+ - "npm"
+
+ # v4.6
+ - package-ecosystem: "pip"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ open-pull-requests-limit: 10
+ target-branch: v4.6
+ labels:
+ - "dependencies"
+ - "pip"
+ - "v4"
+
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ open-pull-requests-limit: 10
+ target-branch: v3
+ labels:
+ - "dependencies"
+ - "github_actions"
+ - "v4"
+ # v3
- package-ecosystem: "pip"
directory: "/"
schedule:
@@ -34,6 +70,7 @@ updates:
- "dependencies"
- "pip"
- "v3"
+
- package-ecosystem: "github-actions"
directory: "/"
schedule:
diff --git a/.github/workflows/api-codeql.yml b/.github/workflows/api-codeql.yml
index ed9e0c3fd45..75d12109a60 100644
--- a/.github/workflows/api-codeql.yml
+++ b/.github/workflows/api-codeql.yml
@@ -9,11 +9,11 @@
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
-name: "API - CodeQL"
+name: API - CodeQL
on:
push:
- branches:
+ branches:
- "master"
- "v3"
- "v4.*"
@@ -21,7 +21,7 @@ on:
paths:
- "api/**"
pull_request:
- branches:
+ branches:
- "master"
- "v3"
- "v4.*"
diff --git a/.github/workflows/api-pull-request.yml b/.github/workflows/api-pull-request.yml
index 0c220c38fed..896be36f7ab 100644
--- a/.github/workflows/api-pull-request.yml
+++ b/.github/workflows/api-pull-request.yml
@@ -1,4 +1,4 @@
-name: "API - Pull Request"
+name: API - Pull Request
on:
push:
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
index 534f7d6d468..6639b526fb9 100644
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -1,42 +1,45 @@
-name: Automatic Backport
+name: Prowler - Automatic Backport
on:
pull_request_target:
branches: ['master']
types: ['labeled', 'closed']
+env:
+ BACKPORT_LABEL_PREFIX: backport-to-v
+ BACKPORT_LABEL_IGNORE: was-backported
+
jobs:
backport:
name: Backport PR
- if: github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport'))
+ if: github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport')) && !(contains(github.event.pull_request.labels.*.name, 'was-backported'))
runs-on: ubuntu-latest
permissions:
id-token: write
pull-requests: write
contents: write
steps:
- # Workaround not to fail the workflow if the PR does not need a backport
- # https://github.com/sorenlouv/backport-github-action/issues/127#issuecomment-2258561266
- - name: Check for backport labels
- id: check_labels
- run: |-
- labels='${{ toJSON(github.event.pull_request.labels.*.name) }}'
- echo "$labels"
- matched=$(echo "${labels}" | jq '. | map(select(startswith("backport-to-"))) | length')
- echo "matched=$matched"
- echo "matched=$matched" >> $GITHUB_OUTPUT
+ - name: Check labels
+ id: preview_label_check
+ uses: docker://agilepathway/pull-request-label-checker:v1.6.55
+ with:
+ allow_failure: true
+ prefix_mode: true
+ one_of: ${{ env.BACKPORT_LABEL_PREFIX}}
+ none_of: ${{ env.BACKPORT_LABEL_IGNORE}}
+ repo_token: ${{ secrets.GITHUB_TOKEN }}
- name: Backport Action
- if: fromJSON(steps.check_labels.outputs.matched) > 0
+ if: steps.preview_label_check.outputs.label_check == 'success'
uses: sorenlouv/backport-github-action@v9.5.1
with:
github_token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
- auto_backport_label_prefix: backport-to-
+ auto_backport_label_prefix: ${{ env.BACKPORT_LABEL_PREFIX}}
- name: Info log
- if: ${{ success() && fromJSON(steps.check_labels.outputs.matched) > 0 }}
+ if: ${{ success() && steps.preview_label_check.outputs.label_check == 'success' }}
run: cat ~/.backport/backport.info.log
- name: Debug log
- if: ${{ failure() && fromJSON(steps.check_labels.outputs.matched) > 0 }}
+ if: ${{ failure() && steps.preview_label_check.outputs.label_check == 'success' }}
run: cat ~/.backport/backport.debug.log
diff --git a/.github/workflows/build-documentation-on-pr.yml b/.github/workflows/build-documentation-on-pr.yml
index a1ed22a0718..7ae58b9c854 100644
--- a/.github/workflows/build-documentation-on-pr.yml
+++ b/.github/workflows/build-documentation-on-pr.yml
@@ -1,4 +1,4 @@
-name: Pull Request Documentation Link
+name: Prowler - Pull Request Documentation Link
on:
pull_request:
diff --git a/.github/workflows/find-secrets.yml b/.github/workflows/find-secrets.yml
index f8d0b8c5f34..c89d9d0fae7 100644
--- a/.github/workflows/find-secrets.yml
+++ b/.github/workflows/find-secrets.yml
@@ -1,4 +1,4 @@
-name: Find secrets
+name: Prowler - Find secrets
on: pull_request
@@ -16,4 +16,4 @@ jobs:
path: ./
base: ${{ github.event.repository.default_branch }}
head: HEAD
- extra_args: --only-verified
\ No newline at end of file
+ extra_args: --only-verified
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index d7162a00584..199b17962db 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -1,4 +1,4 @@
-name: "Pull Request Labeler"
+name: Prowler - PR Labeler
on:
pull_request_target:
diff --git a/.github/workflows/build-lint-push-containers.yml b/.github/workflows/sdk-build-lint-push-containers.yml
similarity index 99%
rename from .github/workflows/build-lint-push-containers.yml
rename to .github/workflows/sdk-build-lint-push-containers.yml
index e9436cfbd21..98460b32144 100644
--- a/.github/workflows/build-lint-push-containers.yml
+++ b/.github/workflows/sdk-build-lint-push-containers.yml
@@ -1,4 +1,4 @@
-name: Build and Push containers
+name: SDK - Build and Push containers
on:
push:
diff --git a/.github/workflows/codeql.yml b/.github/workflows/sdk-codeql.yml
similarity index 93%
rename from .github/workflows/codeql.yml
rename to .github/workflows/sdk-codeql.yml
index c0e319e07e9..043aeb041b7 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/sdk-codeql.yml
@@ -9,11 +9,11 @@
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
-name: "CodeQL"
+name: SDK - CodeQL
on:
push:
- branches:
+ branches:
- "master"
- "v3"
- "v4.*"
@@ -21,7 +21,7 @@ on:
- 'ui/**'
- 'api/**'
pull_request:
- branches:
+ branches:
- "master"
- "v3"
- "v4.*"
@@ -55,7 +55,7 @@ jobs:
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- config-file: ./.github/codeql/codeql-config.yml
+ config-file: ./.github/codeql/sdk-codeql-config.yml
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/sdk-pull-request.yml
similarity index 99%
rename from .github/workflows/pull-request.yml
rename to .github/workflows/sdk-pull-request.yml
index 8512f201958..fc49b8311b4 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/sdk-pull-request.yml
@@ -1,4 +1,4 @@
-name: "Pull Request"
+name: SDK - Pull Request
on:
push:
diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/sdk-pypi-release.yml
similarity index 98%
rename from .github/workflows/pypi-release.yml
rename to .github/workflows/sdk-pypi-release.yml
index 2c8ae5e659b..4d9c91d6904 100644
--- a/.github/workflows/pypi-release.yml
+++ b/.github/workflows/sdk-pypi-release.yml
@@ -1,4 +1,4 @@
-name: PyPI release
+name: SDK - PyPI release
on:
release:
diff --git a/.github/workflows/refresh_aws_services_regions.yml b/.github/workflows/sdk-refresh-aws-services-regions.yml
similarity index 98%
rename from .github/workflows/refresh_aws_services_regions.yml
rename to .github/workflows/sdk-refresh-aws-services-regions.yml
index 548f8d56007..bf7af302e2f 100644
--- a/.github/workflows/refresh_aws_services_regions.yml
+++ b/.github/workflows/sdk-refresh-aws-services-regions.yml
@@ -1,6 +1,6 @@
# This is a basic workflow to help you get started with Actions
-name: Refresh regions of AWS services
+name: SDK - Refresh AWS services' regions
on:
schedule:
diff --git a/.github/workflows/ui-codeql.yml b/.github/workflows/ui-codeql.yml
index 2765921cf62..30586f43e79 100644
--- a/.github/workflows/ui-codeql.yml
+++ b/.github/workflows/ui-codeql.yml
@@ -9,7 +9,7 @@
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
-name: "UI - CodeQL"
+name: UI - CodeQL
on:
push:
diff --git a/.github/workflows/ui-checks.yml b/.github/workflows/ui-pull-request.yml
similarity index 93%
rename from .github/workflows/ui-checks.yml
rename to .github/workflows/ui-pull-request.yml
index f0556fc61f8..28e5d32e0aa 100644
--- a/.github/workflows/ui-checks.yml
+++ b/.github/workflows/ui-pull-request.yml
@@ -1,4 +1,4 @@
-name: "UI - Pull Request"
+name: UI - Pull Request
on:
pull_request:
@@ -31,4 +31,4 @@ jobs:
run: npm run healthcheck
- name: Build the application
working-directory: ./ui
- run: npm run build
\ No newline at end of file
+ run: npm run build
diff --git a/README.md b/README.md
index 1a0944fb963..2e1a7cfeb5b 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
- Prowler SaaS and Prowler Open Source are as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
+ Prowler Open Source is as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
Learn more at prowler.com
@@ -43,7 +43,7 @@
# Description
-**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call Prowler SaaS.
+**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call Prowler Cloud.
## Prowler App
diff --git a/docs/index.md b/docs/index.md
index 0d1792402c2..8dc5f08ffc1 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,4 +1,4 @@
-**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call Prowler SaaS.
+**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call Prowler Cloud.
## Prowler App
@@ -29,7 +29,7 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe
Prowler App can be installed in different ways, depending on your environment:
-> See how to use Prowler App in the [Prowler App](tutorials/prowler-app.md) section.
+> See how to use Prowler App in the [Prowler App Tutorial](tutorials/prowler-app.md) section.
=== "Docker Compose"
@@ -65,6 +65,9 @@ Prowler App can be installed in different ways, depending on your environment:
* `npm` installed: [npm installation](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm).
* `Docker Compose` installed: https://docs.docker.com/compose/install/.
+ ???+ warning
+ Make sure to have `api/.env` and `ui/.env.local` files with the required environment variables. You can find the required environment variables in the [`api/.env.template`](https://github.com/prowler-cloud/prowler/blob/master/api/.env.example) and [`ui/.env.template`](https://github.com/prowler-cloud/prowler/blob/master/ui/.env.template) files.
+
_Commands to run the API_:
``` bash
@@ -107,9 +110,6 @@ Prowler App can be installed in different ways, depending on your environment:
> Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.
- ???+ warning
- Make sure to have `api/.env` and `ui/.env.local` files with the required environment variables. You can find the required environment variables in the [`api/.env.template`](https://github.com/prowler-cloud/prowler/blob/master/api/.env.example) and [`ui/.env.template`](https://github.com/prowler-cloud/prowler/blob/master/ui/.env.template) files.
-
???+ warning
Google and GitHub authentication is only available in [Prowler Cloud](https://prowler.com).
diff --git a/docs/security.md b/docs/security.md
index ef85c357a8e..207b565378f 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -13,7 +13,7 @@ As an **AWS Partner** and we have passed the [AWS Foundation Technical Review (F
## Reporting Vulnerabilities
-If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or Prowler SaaS service, please submit the information by contacting to us via [**support.prowler.com**](http://support.prowler.com).
+If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or Prowler Cloud service, please submit the information by contacting to us via [**support.prowler.com**](http://support.prowler.com).
The information you share with the Prowler team as part of this process is kept confidential within Prowler. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.
diff --git a/docs/tutorials/compliance.md b/docs/tutorials/compliance.md
index 629aec9b06d..b3424dbf27b 100644
--- a/docs/tutorials/compliance.md
+++ b/docs/tutorials/compliance.md
@@ -22,32 +22,31 @@ In order to see which compliance frameworks are cover by Prowler, you can use op
```sh
prowler --list-compliance
```
-Currently, the available frameworks are:
+
+### AWS
- `aws_account_security_onboarding_aws`
- `aws_audit_manager_control_tower_guardrails_aws`
- `aws_foundational_security_best_practices_aws`
+- `aws_foundational_technical_review_aws`
- `aws_well_architected_framework_reliability_pillar_aws`
- `aws_well_architected_framework_security_pillar_aws`
- `cis_1.4_aws`
- `cis_1.5_aws`
- `cis_2.0_aws`
-- `cis_2.0_gcp`
-- `cis_2.0_azure`
-- `cis_2.1_azure`
- `cis_3.0_aws`
-- `cis_1.8_kubernetes`
- `cisa_aws`
- `ens_rd2022_aws`
- `fedramp_low_revision_4_aws`
- `fedramp_moderate_revision_4_aws`
- `ffiec_aws`
-- `aws_foundational_technical_review_aws`
- `gdpr_aws`
- `gxp_21_cfr_part_11_aws`
- `gxp_eu_annex_11_aws`
- `hipaa_aws`
- `iso27001_2013_aws`
+- `kisa_isms_p_2023_aws`
+- `kisa_isms_p_2023_korean_aws`
- `mitre_attack_aws`
- `nist_800_171_revision_2_aws`
- `nist_800_53_revision_4_aws`
@@ -57,6 +56,23 @@ Currently, the available frameworks are:
- `rbi_cyber_security_framework_aws`
- `soc2_aws`
+### Azure
+
+- `cis_2.0_azure`
+- `cis_2.1_azure`
+- `ens_rd2022_azure`
+- `mitre_attack_azure`
+
+### GCP
+
+- `cis_2.0_gcp`
+- `ens_rd2022_gcp`
+- `mitre_attack_gcp`
+
+### Kubernetes
+
+- `cis_1.8_kubernetes`
+
## List Requirements of Compliance Frameworks
For each compliance framework, you can use option `--list-compliance-requirements` to list its requirements:
```sh
diff --git a/mkdocs.yml b/mkdocs.yml
index e3111466094..dd04e16881a 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -34,7 +34,6 @@ theme:
icon: material/weather-sunny
name: Switch to light mode
-
plugins:
- search
- git-revision-date-localized:
@@ -112,7 +111,7 @@ nav:
- Contact Us: contact.md
- Troubleshooting: troubleshooting.md
- About: about.md
- - Prowler SaaS: https://prowler.com
+ - Prowler Cloud: https://prowler.com
# Customization
extra: