Fennerr

I imagine that the "list_and_randomly_select_s3_objects" method would be implemented on the s3_client, and then used in the check

If the team agrees that this is something worth implementing then Id be happy doing it - I would just like that someone else handles the metadata for the check.

There are 121117 items in the JSON file - so I assume the same for the HTML, and I don't think firefox is ever going to finish loading it.

I actually think its this check that needs to be removed: https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption.py The KMS one might still apply, as I think it is checking that you use a customer-managed KMS...

Okay cool - Im not sure what's going to happen with the compliance frameworks (if you need to wait for the framework to catchup with the changes before changing the...

@jfagoagas that makes sense. I did notice that `detect-secrets` didnt actually store the the secret as plaintext, and thought about extracting it from the temp file it flagged on. But...

Im not sure about the docs coverage, I have just learnt the code base over time, but I believe it is rather comprehensive. What you will want to do is...

I see the VPC Endpoints in the code I provided is an example of a resource that provides the NetworkInterfaceIds - not all resources provide this (Route53 resolvers, ELBs, EFS,...

RDS instances have the "endpoint" key when describing them, which provides a DNS name. Im thinking of using this code to resolve it: ```python # Extract the endpoint (DNS name)...

More secrets to consider: AWS CodeCommit: * Check for secrets in AWS CodeCommit repositories (including branches and commit history - a tool designed for git would be useful like trufflehog)...