prowler-cloud · sergargar · Jul 10, 2024 · Jul 5, 2024 · Jul 5, 2024 · Jul 8, 2024
@@ -43,6 +43,10 @@
 from prowler.lib.cli.parser import ProwlerArgumentParser
 from prowler.lib.logger import logger, set_logging_config
 from prowler.lib.outputs.asff.asff import ASFF
+from prowler.lib.outputs.compliance.cis_aws import AWSCIS
+from prowler.lib.outputs.compliance.cis_azure import AzureCIS
+from prowler.lib.outputs.compliance.cis_gcp import GCPCIS
+from prowler.lib.outputs.compliance.cis_kubernetes import KubernetesCIS
 from prowler.lib.outputs.compliance.compliance import display_compliance_table
 from prowler.lib.outputs.csv.models import CSV
 from prowler.lib.outputs.finding import Finding
@@ -355,6 +359,74 @@
                     bucket_session,
                 )
 
+    # Compliance Frameworks
+    input_compliance_frameworks = set(
+        global_provider.output_options.output_modes
+    ).intersection(get_available_compliance_frameworks(provider))
+    if provider == "aws":
+        for compliance_name in input_compliance_frameworks:
+            if compliance_name.startswith("cis_"):
+                # Generate CIS Finding Object
+                filename = (
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
+                )
+                cis_finding = AWSCIS(
+                    findings=finding_outputs,
+                    compliance=bulk_compliance_frameworks[compliance_name],
+                    create_file_descriptor=True,
+                    file_path=filename,
+                )
+                cis_finding.batch_write_data_to_file()
+
+    elif provider == "azure":
+        for compliance_name in input_compliance_frameworks:
+            if compliance_name.startswith("cis_"):
+                # Generate CIS Finding Object
+                filename = (
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
+                )
+                cis_finding = AzureCIS(
+                    findings=finding_outputs,
+                    compliance=bulk_compliance_frameworks[compliance_name],
+                    create_file_descriptor=True,
+                    file_path=filename,
+                )
+                cis_finding.batch_write_data_to_file()
+
+    elif provider == "gcp":
+        for compliance_name in input_compliance_frameworks:
+            if compliance_name.startswith("cis_"):
+                # Generate CIS Finding Object
+                filename = (
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
+                )
+                cis_finding = GCPCIS(
+                    findings=finding_outputs,
+                    compliance=bulk_compliance_frameworks[compliance_name],
+                    create_file_descriptor=True,
+                    file_path=filename,
+                )
+                cis_finding.batch_write_data_to_file()
+
+    elif provider == "kubernetes":
+        for compliance_name in input_compliance_frameworks:
+            if compliance_name.startswith("cis_"):
+                # Generate CIS Finding Object
+                filename = (
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
+                )
+                cis_finding = KubernetesCIS(
+                    findings=finding_outputs,
+                    compliance=bulk_compliance_frameworks[compliance_name],
+                    create_file_descriptor=True,
+                    file_path=filename,
+                )
+                cis_finding.batch_write_data_to_file()
+
     # AWS Security Hub Integration
     if provider == "aws" and args.security_hub:
         print(

@@ -2,7 +2,7 @@
 
 from pydantic import parse_obj_as
 
-from prowler.lib.check.compliance_models import Compliance_Base_Model
+from prowler.lib.check.compliance_models import ComplianceBaseModel
 from prowler.lib.check.models import Check_Metadata_Model
 from prowler.lib.logger import logger
 
@@ -22,7 +22,7 @@ def update_checks_metadata_with_compliance(
                         # Include the requirement into the check's framework requirements
                         compliance_requirements.append(requirement)
                         # Create the Compliance_Model
-                        compliance = Compliance_Base_Model(
+                        compliance = ComplianceBaseModel(
                             Framework=framework.Framework,
                             Provider=framework.Provider,
                             Version=framework.Version,
@@ -43,7 +43,7 @@ def update_checks_metadata_with_compliance(
                 if not requirement.Checks:
                     compliance_requirements.append(requirement)
                     # Create the Compliance_Model
-                    compliance = Compliance_Base_Model(
+                    compliance = ComplianceBaseModel(
                         Framework=framework.Framework,
                         Provider=framework.Provider,
                         Version=framework.Version,

@@ -189,8 +189,8 @@
     Checks: list[str]
 
 
-class Compliance_Base_Model(BaseModel):
-    """Compliance_Base_Model holds the base model for every compliance framework"""
+class ComplianceBaseModel(BaseModel):
+    """ComplianceBaseModel holds the base model for every compliance framework"""
 
     Framework: str
     Provider: str
@@ -218,10 +218,10 @@
 # Testing Pending
 def load_compliance_framework(
     compliance_specification_file: str,
-) -> Compliance_Base_Model:
+) -> ComplianceBaseModel:
     """load_compliance_framework loads and parse a Compliance Framework Specification"""
     try:
-        compliance_framework = Compliance_Base_Model.parse_file(
+        compliance_framework = ComplianceBaseModel.parse_file(
             compliance_specification_file
         )
     except ValidationError as error: