prowler-cloud/prowler

[New Check]: SageMaker Clarify processing jobs exist

Open

#11051 opened on May 6, 2026

View on GitHub
 (2 comments) (0 reactions) (1 assignee)Python (8,957 stars) (1,322 forks)batch import
feature-requestgood first issuenew-checkprovider/aws

Description

Existing check search

  • I have searched existing issues, Prowler Hub, and the public roadmap, and this check does not already exist.

Provider

AWS

New provider name

No response

Service or product area

sagemaker

Suggested check name

sagemaker_clarify_exists

Context and goal

  • Security condition to validate: At least one SageMaker Clarify processing job exists in the account/region.
  • Why it matters: Clarify provides bias detection and explainability for ML models. Its absence is an indicator that responsible-AI controls are not in place, which is required by several AI/ML governance frameworks.
  • Resource involved: SageMaker processing jobs whose AppSpecification.ImageUri corresponds to the AWS-managed Clarify container.

Expected behavior

  • Resource or scope to evaluate: SageMaker processing jobs in the account/region.
  • PASS when: at least one processing job uses the Clarify image.
  • FAIL when: no processing job uses the Clarify image.

References

Suggested severity

Low

Additional implementation notes

No response

Contributor guide

Tech stack
pythonaws
Domain
securitycloud
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
half day
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
blocked
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
PythonAWS SDK (boto3)Prowler framework knowledgeSageMaker basics
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
70
Research direction
Review the reference implementation at https://github.com/aws samples/sample aiml security assessment to understand how to check for Clarify usage. Examine existing Prowler checks in the repository to follow the same pattern. Use the AWS SDK (boto3) to list processing jobs and filter by the Clarify container image URI as documented. Ensure the check returns PASS if at least one job is found, FAIL otherwise.