Inspector Scan - False Negative

[victor-babin-fti]

Steps to Reproduce

Hi,

As I was testing Prowler on a relatively big environment, I was surprised not to see in the output any "failed"/findings regarding Inspector having existing active findings. The environment I tested on has 1K+ findings/vulnerabilities listed on AWS (manual enumeration), including:

• Findings with fix available;
• Findings with public exploit available; and
• Critical Findings.

After using the search feature on Prowler (App), I found an entry which is categorised as "pass" and that "no active findings" has been identified in Inspector on that same account ID and region.

What would make Prowler miss this?

Expected behavior

Report the findings listed on Inspector.

Actual Result with Screenshots or Logs

How did you install Prowler?

Docker (docker pull toniblyx/prowler)

Environment Resource

N/A

OS used

N/A

Prowler version

Latest

Pip version

N/A

Context

No response

[MrCloudSec]

@victor-babin-fti thanks for reporting this.

This likely happens because the credentials used don’t have permission to list Inspector findings. If the credentials don’t have permission to access Inspector findings, that check shouldn't return any result at all, instead of showing a PASS with 0 findings. That’s misleading and needs to be fixed.

We’ll update the logic so that if permissions are missing, the check is skipped or flagged accordingly, not silently passed.

Appreciate the heads-up.