Skip to content

feat(compliance): add C5 for GCP provider #9097

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 30, 2025
Merged

feat(compliance): add C5 for GCP provider #9097

merged 2 commits into from
Oct 30, 2025

Conversation

@pedrooot
Copy link
Member

@pedrooot pedrooot commented Oct 30, 2025
edited
Loading

Description

This PR adds C5 compliance framework for the GCP provider.
Screenshot 2025-10-30 at 15 41 42

Screenshot 2025-10-30 at 15 42 43
Screen.Recording.2025-10-30.at.15.48.49.mov

Steps to review

Please add a detailed description of how to review this PR.

Checklist

API

  • Verify if API specs need to be regenerated.
  • Check if version updates are required (e.g., specs, Poetry, etc.).
  • Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@pedrooot pedrooot requested review from a team as code owners October 30, 2025 12:31
@pedrooot pedrooot added the no-merge Please, DO NOT MERGE this PR. label Oct 30, 2025
@github-actions github-actions bot added compliance Issues/PRs related with the Compliance Frameworks component/api labels Oct 30, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Oct 30, 2025
edited
Loading

Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

@github-actions
Copy link
Contributor

github-actions bot commented Oct 30, 2025
edited
Loading

✅ All necessary CHANGELOG.md files have been updated.

@codecov
Copy link

codecov bot commented Oct 30, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 2.43902% with 40 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.59%. Comparing base (885ee62) to head (38f466a).
⚠️ Report is 34 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9097      +/-   ##
==========================================
+ Coverage   88.50%   88.59%   +0.08%     
==========================================
  Files          93      338     +245     
  Lines        3524    25388   +21864     
==========================================
+ Hits         3119    22493   +19374     
- Misses        405     2895    +2490
Flag Coverage Δ
api 93.98% <100.00%> (?)
prowler-py3.10-gcp 92.50% <ø> (?)
prowler-py3.10-lib 77.70% <0.00%> (?)
prowler-py3.10-m365 ?
prowler-py3.11-gcp 92.57% <ø> (?)
prowler-py3.11-lib 77.72% <0.00%> (?)
prowler-py3.11-m365 ?
prowler-py3.12-gcp 92.50% <ø> (?)
prowler-py3.12-lib 77.70% <0.00%> (?)
prowler-py3.12-m365 ?
prowler-py3.9-gcp 92.57% <ø> (?)
prowler-py3.9-lib 77.72% <0.00%> (?)
prowler-py3.9-m365 ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
prowler 77.75% <0.00%> (-10.76%) ⬇️
api 93.98% <100.00%> (∅)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 30, 2025
View reviewed changes
prowler/lib/outputs/compliance/c5/c5_gcp.py
Comment on lines +20 to +25
def transform(
self,
findings: list[Finding],
compliance: Compliance,
compliance_name: str,
) -> None:

Check warning

Code scanning / CodeQL

Signature mismatch in overriding method Warning

This method requires 4 positional arguments, whereas overridden
Output.transform
Loading
requires 2.
This call
Loading
correctly calls the base method, but does not match the signature of the overriding method.

Copilot Autofix

AI 25 days ago

To fix the issue, the method signature of GCPC5.transform should exactly match its base class's (ComplianceOutput.transform). Based on the error, the base method apparently takes two arguments. So:

  • Change the method signature in GCPC5 from accepting 4 arguments (findings, compliance, compliance_name) to 2 arguments, likely (findings, compliance)—but you should match exactly what the parent defines.
  • Within the subclass method, adapt usage to extract compliance_name from the compliance object if available, or otherwise revise the implementation so it doesn't depend on an extra argument that the caller won't supply.
  • Specifically, any usage of compliance_name inside the method must be refactored to obtain its value from the compliance argument, or via another property/logic.

No other changes are necessary beyond correcting the method's signature and internal usage.

Suggested changeset 1
prowler/lib/outputs/compliance/c5/c5_gcp.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/prowler/lib/outputs/compliance/c5/c5_gcp.py b/prowler/lib/outputs/compliance/c5/c5_gcp.py
--- a/prowler/lib/outputs/compliance/c5/c5_gcp.py
+++ b/prowler/lib/outputs/compliance/c5/c5_gcp.py
@@ -21,7 +21,6 @@
         self,
         findings: list[Finding],
         compliance: Compliance,
-        compliance_name: str,
     ) -> None:
         """
         Transforms a list of findings into GCP C5 compliance format.
@@ -36,7 +35,8 @@
         """
         for finding in findings:
             # Get the compliance requirements for the finding
-            finding_requirements = finding.compliance.get(compliance_name, [])
+            # Assume compliance_name can be inferred as compliance.Name
+            finding_requirements = finding.compliance.get(compliance.Name, [])
             for requirement in compliance.Requirements:
                 if requirement.Id in finding_requirements:
                     for attribute in requirement.Attributes:
EOF
@@ -21,7 +21,6 @@
self,
findings: list[Finding],
compliance: Compliance,
compliance_name: str,
) -> None:
"""
Transforms a list of findings into GCP C5 compliance format.
@@ -36,7 +35,8 @@
"""
for finding in findings:
# Get the compliance requirements for the finding
finding_requirements = finding.compliance.get(compliance_name, [])
# Assume compliance_name can be inferred as compliance.Name
finding_requirements = finding.compliance.get(compliance.Name, [])
for requirement in compliance.Requirements:
if requirement.Id in finding_requirements:
for attribute in requirement.Attributes:
Copilot is powered by AI and may make mistakes. Always verify output.
@github-actions
Copy link
Contributor

github-actions bot commented Oct 30, 2025
edited
Loading

🔒 Container Security Scan

Image: prowler:7f066ce
Last scan: 2025-10-30 14:42:02 UTC

📊 Vulnerability Summary

Severity Count
🔴 Critical 2
Total 2

2 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

  • Review the detailed scan results
  • Update affected packages to patched versions
  • Consider using a different base image if updates are unavailable

📋 Resources:

@github-actions
Copy link
Contributor

github-actions bot commented Oct 30, 2025
edited
Loading

🔒 Container Security Scan

Image: prowler-api:7f066ce
Last scan: 2025-10-30 14:38:46 UTC

📊 Vulnerability Summary

Severity Count
🔴 Critical 4
Total 4

3 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

  • Review the detailed scan results
  • Update affected packages to patched versions
  • Consider using a different base image if updates are unavailable

📋 Resources:

AdriiiPRodri
AdriiiPRodri approved these changes Oct 30, 2025
View reviewed changes
Copy link
Contributor

@AdriiiPRodri AdriiiPRodri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

API side LGTM!

@pedrooot pedrooot removed the no-merge Please, DO NOT MERGE this PR. label Oct 30, 2025
@pedrooot pedrooot merged commit f831171 into master Oct 30, 2025
30 of 35 checks passed
@pedrooot pedrooot deleted the PRWLR-8225-implement-c-5-compliance-for-gcp branch October 30, 2025 14:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AdriiiPRodri AdriiiPRodri AdriiiPRodri approved these changes

@danibarranqueroo danibarranqueroo danibarranqueroo approved these changes

Assignees

No one assigned

Labels

compliance Issues/PRs related with the Compliance Frameworks component/api

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pedrooot @AdriiiPRodri @danibarranqueroo