feat(github): add check for dismissing stale PR approvals on default branch (CIS 1.1.4)

[Mathisdjango]

Description

Implements CIS Control 1.1.4 for the GitHub provider.

This check verifies that repositories are configured to automatically
dismiss stale pull request approvals when new commits are pushed,
ensuring that every code change undergoes a fresh review before merging.

Changes

• Added dismiss_stale_reviews field to the Branch model in repository_service.py
• Implemented check repository_default_branch_dismisses_stale_reviews
• Added metadata JSON file
• Added 3 unit tests (all passing)

Testing

• All existing tests pass
• 3 new unit tests added and passing

Closes #8660

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[danibarranqueroo]

Hello @Mathisdjango!

I've done a quick review, could you please remove French comments (or translate into English), add the changelog and remove the init from the tests folder? After that we'll do a deep review of the check itself.

Also, if you have tested it, it would be very helpful for us if you share some screenshots of a FAIL and a PASS cases.

Thanks for this and for helping improve Prowler! 🚀

[Mathisdjango]

Hello! I've addressed all the requested changes : removed the comments, added the changelog entry, and removed the test init.py. I'll add the PASS/FAIL screenshots shortly. Thanks for the feedback!

[danibarranqueroo]

Hello @Mathisdjango!

Thanks for your changes and for contributing! Quick comment:I’ve updated the check to evaluate and return ruleset data correctly, and I also added the corresponding compliance mapping.

Also, I've tested the check and now it seems to be working as expected. 🚀

[codecov]

Codecov Report

❌ Patch coverage is 80.90909% with 21 lines in your changes missing coverage. Please review.
✅ Project coverage is 79.65%. Comparing base (1093f6c) to head (907a94e).
⚠️ Report is 3 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (1093f6c) and HEAD (907a94e). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (1093f6c)	HEAD (907a94e)
api	1	0

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #10569       +/-   ##
===========================================
- Coverage   93.51%   79.65%   -13.87%     
===========================================
  Files         228       33      -195     
  Lines       32266     1268    -30998     
===========================================
- Hits        30174     1010    -29164     
+ Misses       2092      258     -1834     

Flag	Coverage Δ
api	?
prowler-py3.10-github	79.65% <80.90%> (?)
prowler-py3.11-github	79.65% <80.90%> (?)
prowler-py3.12-github	79.65% <80.90%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	79.65% <80.90%> (∅)
api	∅ <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pedrooot]

Thanks!! 🔝