Existing check search
Provider
AWS
New provider name
No response
Service or product area
datapipeline
Suggested check name
datapipeline_pipeline_no_secrets_in_definition
Context and goal
AWS Data Pipeline definitions with custom scripts / SQL commands commonly embed database credentials in plaintext.
Expected behavior
- Resource or scope to evaluate: Each Data Pipeline definition.
- PASS when: No secrets are detected.
- FAIL when: A secret is detected (report the pipeline/object, not the value).
References
Suggested severity
High
Additional implementation notes
Requires adding a new datapipeline service to Prowler (does not exist yet). Scan the pipeline definition (pipelineObjects/parameter values) with the shared detect-secrets helper. Severity is High by default and becomes Critical if the secret is validated.
Existing check search
Provider
AWS
New provider name
No response
Service or product area
datapipeline
Suggested check name
datapipeline_pipeline_no_secrets_in_definition
Context and goal
AWS Data Pipeline definitions with custom scripts / SQL commands commonly embed database credentials in plaintext.
Expected behavior
References
Suggested severity
High
Additional implementation notes
Requires adding a new datapipeline service to Prowler (does not exist yet). Scan the pipeline definition (pipelineObjects/parameter values) with the shared detect-secrets helper. Severity is High by default and becomes Critical if the secret is validated.