Scoutsuite

Changes:

- Core
- Fixed the `--update` functionality
- Added epilog to the help menu
- Improved unit test coverage
- Updated dependencies for Azure and GCP
- AWS
- Added ARNs for a all resources
- Added support for CloudFront distribution lists, as well as 3 new findings
- Added support for CodeBuild
- Added a finding for SQS queue encryption
- Added a finding for IAM Lightspin vulnerability
- Added a finding for RDS instance public access
- Improved fetching and report for AWS resources
- Bug fixes
- Update botocore version
- Fixed XSS issue in report (Thanks to Liyun Li for reporting it!)
- Azure
- Added 3 findings for VM disks
- Improved report and findings' guidance for Azure resources
- Bug fixes
- GCP
- Created a ruleset for GCP CIS version 1.1 (https://www.cisecurity.org/benchmark/google_cloud_computing_platform/)
- Can be run with the --ruleset `cis-1.1.0.json` parameter
- Added support for a number of resources
- Included the addition of 46 new rules, most of which were added to the default ruleset
- Cloud SQL: 11 new findings
- Cloud Storage: 1 new finding
- Compute Engine: 11 new findings
- Cloud DNS: 3 new findings
- IAM: 2 new findings
- KMS: 2 new findings
- Cloud Logging: 8 new findings
- Cloud Monitoring: 8 new findings
- Added support for Cloud Memorystore, as well as 2 new findings
- Added 1 finding for VPC flow logs
- Improved fetching, report and findings' guidance for GCP resources
- Bug fixes
- Docker
- Updated tooling to current versions
- Pulling in the current version of ScoutSuite

Thanks to all contributors in this release:

- x4v13r64
- liyun-li
- timretout
- yangsec888
- ericrichtert
- 4ndygu
- rossja
- lowSoA
- bigdavros
- json-ncc
- chris-codaio
- SophieDorval
- xnkevinnguyen
- rogeriobastos
- lm-t
- sushantmimani
- rgpncc
- cr-latacora

Changes:

- AWS
- Improvements to the report
- Bug fixes
- Azure
- Bug fixes
- GCP
- Bug fixes

Changes:

- Fix report CSV exports
- Fix evaluation of AWS CloudWatch filters
- Fix an AWS IAM rule which included FPs
- Fix issues with docker support
- Fix typos in rules
- Improved default region selection for AWS S3, handling regions disallowed via SCP/IAM policies automatically
- Improved support for AWS CloudTrail
- Improved GCP error handling
- Remove an outdated and unused version of jQuery

Changes:

- Core
- Moved unit tests from nose to pytest & improved unit test coverage
- Migrated formatting from the 2.7+ versions to more native 3.x styles
- Bug fixes and improved error handling
- AWS
- Created a ruleset for AWS CIS version 1.2 (https://www.cisecurity.org/benchmark/amazon_web_services/)
- Can be run with the `--ruleset cis-1.2.0.json` parameter
- This included the addition of 23 new rules, most of which where added to the default ruleset
- Added support for
- CloudWatch Metric Filters
- DynamoDB
- VPC Peering Connections & Flow Logs (Subnet & VPC)
- Improved the report and processing for AWS resources
- Azure
- Improved support for App Services web apps, including 5 new rules
- Improved NSG implementation, decreasing the report size by multiple orders of magnitude
- Added Azure Tags and Resource Groups to all resources
- GCP
- Added support for GKE, including 19 new rules
- Improved reporting for Compute Engine instances, networks, subnetworks and firewall rules
- Implemented exponential backoff to handle API quotas

**Breaking change**: support for Python 3.5 has been removed.

This release is a hotfix for https://github.com/nccgroup/ScoutSuite/issues/821.

In addition, it improves exception handling for the main `_run` function, as well as for the Azure provider.

The new error codes can be found under https://github.com/nccgroup/ScoutSuite/wiki/Error-Codes.

Changes:
- Improved provider support:
- AWS
- Added 4 new ELB & ELBv2 findings (thanks to goelaarushi04)
- Added support for the "Amazon S3 Block Public Access" feature
- Improved Lambda partial
- Added support for RDS Aurora instances
- Azure
- Improved the authentication flow, and handling of subscriptions
- GCP
- Added support for Stackdriver Monitoring
- Improved report content
- Merged IAM & Resource Manager services
- Added logic that validates if an API is enabled for a service & project prior to making additional API calls
- Updated the rule format, to allow remediation & compliance information, as well as external references
- Added rationales for most rules
- Improved rules' content, adding remediation and references for a number of rules
- Added the `class_suffix` field to highlight multiple elements
- Additional information in https://github.com/nccgroup/ScoutSuite/wiki/HowTo:-Create-a-new-rule
- Added an option in the report (top-right menu) to export a high level finding summary
- Added a tool/util to upload findings to AWS Security Hub (see https://github.com/nccgroup/ScoutSuite/tree/develop/tools#aws_security_hub_exportpy)
- Improved open source project public content
- Bug fixes