django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Support for prowler scan

Open cosmel-dojo opened this issue 7 months ago • 6 comments

Prowler Scan Parser for DefectDojo

Description

This PR adds support for importing security scan results from Prowler - a security assessment and compliance tool for AWS, Azure, GCP, and Kubernetes. The parser supports both CSV and JSON output formats from Prowler scans.

Key features implemented:

  • Support for all major cloud platforms (AWS, Azure, GCP, Kubernetes)
  • Handle both CSV and JSON formats with automatic detection
  • Extract critical metadata including severity, resource information, and remediation steps
  • Properly map Prowler severity levels to DefectDojo severity levels
  • Handle both active and informational findings based on status codes

The implementation follows the best practices from the parser guide and mimics the structure of other cloud security scan parsers in DefectDojo.

Test results

Comprehensive test coverage has been implemented in test_prowler_parser.py with:

  • Parsing validation for all supported cloud providers (AWS, Azure, GCP, Kubernetes)
  • Support for both JSON and CSV format detection and handling
  • CSV delimiter detection (semicolon vs comma)
  • Field extraction and mapping
  • Severity and status mapping
  • Verification of remediation data extraction
  • Edge cases like empty files or missing fields

How to test this implementation

To test this implementation, follow these steps:

  1. Set up the testing environment:
# First, make sure the testing environment is running
docker compose -f docker-compose.yml -f docker-compose.override.unit_tests.yml up -d
  1. Run the parser tests:
./run-unittest.sh --test-case unittests.tools.test_prowler_parser
Screenshot 2025-05-14 at 5 09 57 PM

All tests should complete successfully with no failures, validating the parser's functionality across all supported cloud providers and formats.

Documentation

Added sample scan files for all supported cloud providers and formats in the unittests/scans/prowler/ directory to serve as examples for users. These files demonstrate the expected structure and required fields for each format.

Checklist

  • [x] PR rebased against the latest dev branch
  • [x] Feature submitted against dev branch
  • [x] Code is Python 3.11 compliant
  • [x] Code is flake8/ruff compliant (fixed linting issues)
  • [x] Added unit tests to verify functionality
  • [x] Added sample files demonstrating expected input formats
  • [x] No model changes required (uses existing Finding model)
  • [x] Proper label: Import Scans

cosmel-dojo avatar May 14 '25 19:05 cosmel-dojo