New features to highlight in this version
🤖 Prowler MCP Server: AI-Powered Security Operations
We've launched the Prowler MCP Server, a comprehensive Model Context Protocol (MCP) server that brings the entire Prowler ecosystem to AI assistants like Claude Desktop, Cursor, and other MCP-compatible tools.
You can test it right now in https://mcp.prowler.com/mcp
🎯 Key Capabilities
- Prowler Cloud & Self-Managed Integration — Full access to manage providers, run scans, and analyze security findings through AI assistants
- Prowler Hub Access — Browse 1000+ security checks, compliance frameworks, and remediation directly from AI tools
- Documentation Search — Intelligent search across official Prowler documentation with contextual results
- Dual Transport Support — Both STDIO (local) and HTTP (remote) modes for flexible deployment
🔑 API Key Authentication
We've added native API key support for programmatic access to the Prowler API, making it easier to integrate with automation workflows and external tools.
- Generate and manage API keys per tenant for secure, token-free authentication
- Ideal for CI/CD pipelines, scripts, and third-party integrations
- Complements existing JWT authentication for flexible access patterns
Read more about it here https://docs.prowler.com/user-guide/providers/prowler-app-api-keys
📄 PDF Reports for Prowler ThreatScore
Compliance reporting just got more shareable — you can now export Prowler ThreatScore reports as professional PDF documents.
- Generate polished PDF reports directly from the API
- Perfect for stakeholder presentations and compliance audits
- Includes comprehensive scoring and requirement breakdowns
📰 New docs site!
Take a look at our new documentation at https://docs.prowler.com
We'd love to hear any feedback or suggestions for improvement you might have!
🔐 SAML Role Mapping Protection: Prevent Admin Lockout
We've added a safeguard for single-admin tenants using SAML role mapping to prevent accidental loss of administrative access.
- Ensures that tenants with a single admin cannot be locked out due to incorrect SAML role mappings.
- Adds a safety layer during SSO role synchronization.
- Helps maintain secure and continuous access control for critical tenants.
🎯 Findings API: Filter by Provider ID
The Findings and Findings Severity Overview endpoints now support filtering by multiple provider IDs using the provider_id and provider_id__in parameters.
- Simplify reporting and analytics for multi-cloud environments.
- Improve flexibility for dashboards and automation workflows.
⚡ Database Read Replica Support
We've added read replica support to improve query performance and horizontal scalability.
- Distribute read-heavy queries across replica databases
- Reduce load on primary database for better write performance
- Configure via environment variables for flexible deployment architectures
⭕ Oracle Cloud Infrastructure (OCI) Provider - CLI Only
We've added comprehensive support for Oracle Cloud Infrastructure with the CIS 3.0 benchmark, expanding our multi-cloud security coverage.
- Complete authentication, session management, and resource scanning
- OCI CIS 3.0 Compliance coverage
Try it now with
prowler ociafter runningoci session authenticate
🤖 LLM Provider with Promptfoo - CLI Only
We've introduced AI security testing capabilities using promptfoo for comprehensive LLM red team evaluations.
- Red Team techniques for large language models
- OWASP LLM Top 10, MITRE ATLAS, NIST AI Risk Management Framework
- Comprehensive security test suite out of the box with +5000 test cases
Try it now with
prowler llm(requiresnpm install -g promptfoo)
🔧 New Checks
ec2_instance_with_outdated_amifor AWScloudstorage_bucket_lifecycle_management_enabledfor GCP
📘 Multi-Cloud Compliance Frameworks
- C5 Compliance: new AWS-specific compliance framework for German cloud requirements
- Common Cloud Controls: unified security controls across AWS, Azure, and GCP providers
✅ New Metadata Format
We've standardized the metadata format across 15+ AWS services, making each field more comprehensive. Regarding remediation, we've included the NativeIaC and Terraform code within, therefore there's no need to check external sources.
📄 M365 Certificate Authentication
We have deprecated support for user and password authentication after Microsoft introduced mandatory interactive MFA for this type of sign-in. To ensure secure and seamless integration with Microsoft 365, and to provide an alternative to client secrets, we've added support for certificate-based authentication in Microsoft Entra.
This new method allows our integration to authenticate using trusted certificates instead of credentials, reducing the risk of credential exposure and improving reliability. Certificates offer a stronger and more stable authentication mechanism, ensuring secure access to Microsoft 365 resources while complying with modern identity and access management standards.
🔒 Security
- By default, Prowler API JWT key-pair is automatically generated and stored if not manually set. This ensures that each installation has a unique key pair, preventing possible attacks in the self-hosted deployment.
- RBAC
MANAGE_ACCOUNTpermission is required to modify or read user permissions instead ofMANAGE_USERS.
🚀 Frontend Stack Modernization
This release brings a full modernization of the frontend architecture — upgrading to the latest React, Next.js, and key UI libraries to enhance performance, compatibility, and developer experience.
🔧 Highlights
- React 19.1.1 & Next.js 15.5.3 — async components, enhanced App Router, and React Compiler optimizations
- Tailwind 4 & HeroUI (replacing NextUI) — refreshed UI foundation with modern styling and accessibility improvements
- Zod 4, Zustand 5, & AI SDK 5 — upgraded core libraries with full migration of breaking changes
- LangChain (latest) — updated integration with new APIs and improved type handling
- Turbopack — faster development bundler
- Refactored forms using
useActionStateand migrated all pages to asyncparams/searchParams - Multiple stability fixes and architectural improvements across the app
⚡ Performance
- Faster dev startup with Turbopack mode
- Enabled React Compiler for potential runtime optimizations
- Smaller bundle size and enhanced type safety
UI
🚀 Added
- Support for Markdown and AdditionalURLs in findings detail page (#8704)
Prowler Hubmenu item with tooltip (#8692)- Copy link button to finding detail page (#8685)
- React Compiler support for automatic optimization (#8748)
- Turbopack support for faster development builds (#8748)
- Add compliance name in compliance detail view (#8775)
- PDF reporting for Prowler ThreatScore (#8867)
- Support C5 compliance framework for the AWS provider (#8830)
- API key management in user profile (#8308)
- Refresh access token error handling (#8864)
- Support Common Cloud Controls for AWS, Azure and GCP (#8000)
- New M365 credentials certificate authentication method (#8929)
🔄 Changed
- Upgraded Zod to version 4.1.11 with comprehensive migration of deprecated syntax (#8801)
- Upgraded Zustand to version 5.0.8 (no code changes required) (#8801)
- Upgraded AI SDK to version 5.0.59 with new transport and message structure (#8801)
- Upgraded React to version 19.1.1 with async components support (#8748)
- Upgraded Next.js to version 15.5.3 with enhanced App Router (#8748)
- Updated from NextUI to HeroUI (#8748)
- Updated LangChain to latest versions with API improvements (#8748)
- Migrated all page components to async
params/searchParamsAPI (#8748) - Migrated from
useFormStatetouseActionStatefor React 19 compatibility (#8748) - References display in findings detail page now shows as a proper bulleted list (#8793)
🐞 Fixed
- SAML configuration errors are now properly caught and displayed (#8880)
- ThreatScore for each pillar in Prowler ThreatScore specific view (#8582)
- Remove maxTokens model param for GPT-5 models (#8843)
- MITRE ATTACK compliance view now shows all requirements in charts (#8886)
- Mutelist menu item now doesn't blink (#8932)
API
🚀 Added
- Default JWT keys are generated and stored if they are missing from configuration (#8655)
compliance_namefor each compliance (#7920)- Support C5 compliance framework for the AWS provider (#8830)
- Support for M365 Certificate authentication (#8538)
- API Key support (#8805)
- SAML role mapping protection for single-admin tenants to prevent accidental lockout (#8882)
- Support for
passed_findingsandtotal_findingsfields in compliance requirement overview for accurate Prowler ThreatScore calculation (#8582) - PDF reporting for Prowler ThreatScore (#8867)
- Database read replica support (#8869)
- Support Common Cloud Controls for AWS, Azure and GCP (#8000)
- Add
provider_id__infilter support to findings and findings severity overview endpoints (#8951)
🔄 Changed
- Now the MANAGE_ACCOUNT permission is required to modify or read user permissions instead of MANAGE_USERS (#8281)
- Now at least one user with MANAGE_ACCOUNT permission is required in the tenant (#8729)
🔒 Security
- Django updated to the latest 5.1 security release, 5.1.13, due to problems with potential SQL injection and directory traversals (#8842)
SDK
🚀 Added
- Support for AdditionalURLs in outputs (#8651)
- Support for markdown metadata fields in Dashboard (#8667)
ec2_instance_with_outdated_amicheck for AWS provider (#6910)- LLM provider using
promptfoo(#8555) - Documentation for renaming checks (#8717)
- Add explicit "name" field for each compliance framework and include "FRAMEWORK" and "NAME" in CSV output (#7920)
- Add C5 compliance framework for the AWS provider (#8830)
- Equality validation for CheckID, filename and classname (#8690)
- Improve logging for Security Hub integration (#8608)
- Oracle Cloud provider with CIS 3.0 benchmark (#8893)
- Support for Atlassian Document Format (ADF) in Jira integration (#8878)
- Add Common Cloud Controls for AWS, Azure and GCP (#8000)
- Improve Provider documentation guide (#8430)
cloudstorage_bucket_lifecycle_management_enabledcheck for GCP provider (#8936)
🔄 Changed
- Update AWS Neptune service metadata to new format (#8494)
- Update AWS Config service metadata to new format (#8641)
- Update AWS Account service metadata to new format (#8715)
- Update AWS AccessAnalyzer service metadata to new format (#8688)
- Update AWS Api Gateway V2 service metadata to new format (#8719)
- Update AWS AppSync service metadata to new format (#8721)
- Update AWS ACM service metadata to new format (#8716)
- HTML output now properly renders markdown syntax in Risk and Recommendation fields (#8727)
- Update
motodependency from 5.0.28 to 5.1.11 (#7100) - Update AWS AppStream service metadata to new format (#8789)
- Update AWS API Gateway service metadata to new format (#8788)
- Update AWS Athena service metadata to new format (#8790)
- Update AWS CloudTrail service metadata to new format (#8831)
- Update AWS Auto Scaling service metadata to new format (#8824)
- Update AWS Backup service metadata to new format (#8826)
- Update AWS CloudFormation service metadata to new format (#8828)
- Update AWS Lambda service metadata to new format (#8825)
- Update AWS DLM service metadata to new format (#8860)
- Update AWS DMS service metadata to new format (#8861)
- Update AWS Directory Service service metadata to new format (#8859)
- Update AWS CloudFront service metadata to new format (#8829)
- Deprecate user authentication for M365 provider (#8865)
- Update AWS EFS service metadata to new format (#8889)
🐞 Fixed
- Fix SNS topics showing empty AWS_ResourceID in Quick Inventory output (#8762)
- Fix HTML Markdown output for long strings (#8803)
- Prowler ThreatScore scoring calculation CLI (#8582)
- Add missing attributes for Mitre Attack AWS, Azure and GCP (#8907)
- Fix KeyError in CloudSQL and Monitoring services in GCP provider (#8909)
- Fix Value Errors in Entra service for M365 provider (#8919)
- Fix ResourceName in GCP provider (#8928)
- Fix KeyError in
elb_ssl_listeners_use_acm_certificatecheck and handle None cluster version ineks_cluster_uses_a_supported_versioncheck (#8791) - Fix file extension parsing for compliance reports (#8791)
- Added user pagination to Entra and Admincenter services (#8858)
MCP Server
🚀 Added
- Initial release of Prowler MCP Server (#8695)
- Set appropiate user-agent in requests (#8724)
- Basic logger functionality (#8740)
- Add new MCP Server for Prowler Cloud and Prowler App (Self-Managed) APIs (#8744)
- HTTP transport support (#8784)
- Add new MCP Server for Prowler Documentation (#8795)
- API key support for STDIO mode and enhanced HTTP mode authentication (#8823)
- Add health check endpoint (#8905)
- Update Prowler Documentation MCP Server to use Mintlify API (#8916)
- Add custom production deployment using uvicorn (#8958)