New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com

🤖 Lighthouse AI: Multi-LLM Support

Lighthouse AI now supports multiple AI providers, giving customers full flexibility over cost, performance, and data control. Supported model providers:

• OpenAI
• Amazon Bedrock (Claude, Llama, Titan)
• OpenAI compatible API like openrouter

🌐 New Cloud Providers

☁️ Oracle Cloud Infrastructure (OCI)

Prowler App now supports OCI as a cloud provider with 51 checks and support for CIS OCI Foundations Benchmark v3.0.0. This allows you to analyze the security posture of your OCI tenants. See all check details in Prowler Hub.

For more details check our Getting Started with Oracle Cloud Infrastructure (OCI) guide.

🧱 Infrastructure-as-Code — Powered by Trivy

A brand-new IaC provider enables scanning for:

• Terraform
• CloudFormation
• Kubernetes manifests
• Dockerfiles
• Helm charts
• Secrets
• Azure ARM templates

Powered by trivy, this provides policy-as-code scanning to detect misconfigurations before they are deployed.

For more details check our Getting Started with the IaC Provider guide.

🍃 MongoDB Atlas (API Only)

MongoDB Atlas is now available in the API and will have full support in the next release!

See the 10 available checks in Prowler Hub.

🎨 Prowler App - New UI

Prowler App has been refreshed with a more modern UI. The new layout improves navigation, readability, and performance across all the whole application.

📊 New Overview Experience

We’ve redesigned the Overview dashboard to show clearer security posture insights:

• Prowler ThreatScore - Read more about it here.
• Better visualization of risk severity distributions
• Faster access to latest failed findings

📰 RSS Feed for Updates

You can now subscribe to real-time release announcements and incident notifications via the new RSS feed integrated in the Latest Updates panel.

Performance Optimization

We've improved performance across all scan related tasks:

• Reduced number of transactions during a scan (from 4 transactions per finding to batch insert with adjustable size)
• Reduced number of indexes for the compliance overview table
• Batched the COPY query to improve CPU usage during Compliance data generation
• Reduced the number of rows per scan for compliance overviews when the provider is AWS. Now, only regions with data will be stored and thus, showed in the /metadata endpoint
• Created an aggregated table for fast lookups for compliance overviews without region filters, reducing the response times from ~0.9s to ~20ms on average

📚 Compliance Improvements

New Compliance Frameworks

• C5 (Cloud Computing Compliance Criteria Catalogue) for Azure and GCP
• HIPAA for GCP
• NIST CSF 2.0 for AWS
• CIS 3.0 for Oracle
• FedRAMP 20x KSI Low for AWS, Azure & GCP - Thanks to @ethanolivertroy

Reporting Improvements

We've added PDF reporting for ENS, NIS2 and Prowler ThreatScore. Available in the Compliance page!

🐳 ARM images available in Docker Hub

Multi-architecture images (linux/amd64 and linux/arm64) are now available for Prowler container images.

Huge thanks to @sanchezpaco for this contribution!

🧩 New Checks

AWS - Code Pipeline

• codepipeline_project_repo_private - Thanks to @yyyy7246

GCP - Cloud Storage

• cloudstorage_bucket_versioning_enabled
• cloudstorage_bucket_soft_delete_enabled
• cloudstorage_bucket_logging_enabled
• cloudstorage_audit_logs_enabled
• cloudstorage_bucket_sufficient_retention_period

Azure - Database for PostgreSQL flexible server

• postgresql_flexible_server_entra_id_authentication_enabled - Thanks to @johannes-engler-mw

📦 Resources – New Auditor Mode (API Only)

We’ve expanded the /resources endpoint adding a metadata field, containing the raw, unmodified response returned by the Cloud Provider API. This gives full transparency into what Prowler received from the Cloud Provider before any processing or normalization.

UI support will be included in the next release.

🔥 ThreatScore for Kubernetes

ThreatScore is now available for the Kubernetes provider, offering instant visibility into the security posture of your clusters.

🛠️ Check Metadata

We're continuing standardizing the metadata format for dozens of AWS, GCP, GitHub, Kubernetes, OracleCloud, and MongoDB Atlas services improving consistency and maintainability.

UI

🚀 Added

• RSS feeds support (#9109)
• Multi LLM support to Lighthouse AI (#8925)
• Customer Support menu item (#9143)
• PDF reporting for ENS compliance framework (#9158)
• IaC (Infrastructure as Code) provider support for scanning remote repositories (#8751)
• PDF reporting for NIS2 compliance framework (#9170)
• External resource link to IaC findings for direct navigation to source code in Git repositories (#9151)
• New Overview page and new app styles (#9234)
• Use branch name as region for IaC findings (#9296)

🔄 Changed

• Resource ID moved up in the findings detail page (#9141)
• C5 compliance logo (#9224)
• Overview charts now support click navigation to Findings page with filters and keyboard accessibility (#9281)
• Threat score now displays 2 decimal places with note that it doesn't include muted findings (#9281)

API

🚀 Added

• IaC (Infrastructure as Code) provider support for remote repositories (#8751)
• Extend GET /api/v1/providers with provider-type filters and optional pagination disable to support the new Overview filters (#8975)
• New endpoint to retrieve the number of providers grouped by provider type (#8975)
• Support for configuring multiple LLM providers (#8772)
• Support C5 compliance framework for Azure provider (#9081)
• Support for Oracle Cloud Infrastructure (OCI) provider (#8927)
• Support muting findings based on simple rules with custom reason (#9051)
• Support C5 compliance framework for the GCP provider (#9097)
• Support for Amazon Bedrock and OpenAI compatible providers in Lighthouse AI (#8957)
• Support PDF reporting for ENS compliance framework (#9158)
• Support PDF reporting for NIS2 compliance framework (#9170)
• Tenant-wide ThreatScore overview aggregation and snapshot persistence with backfill support (#9148)
• Added metadata, details, and partition attributes to /resources endpoint & details, and partition to /findings endpoint (#9098)
• Support for MongoDB Atlas provider (#9167)
• Support Prowler ThreatScore for the K8S provider (#9235)
• Enhanced compliance overview endpoint with provider filtering and latest scan aggregation (#9244)
• New endpoint GET /api/v1/overview/regions to retrieve aggregated findings data by region (#9273)

🔄 Changed

• Optimized database write queries for scan related tasks (#9190)
• Date filters are now optional for GET /api/v1/overviews/services endpoint; returns latest scan data by default (#9248)

🐛 Fixed

• Scans no longer fail when findings have UIDs exceeding 300 characters; such findings are now skipped with detailed logging (#9246)
• Updated unique constraint for Provider model to exclude soft-deleted entries, resolving duplicate errors when re-deleting providers (#9054)
• Removed compliance generation for providers without compliance frameworks (#9208)
• Refresh output report timestamps for each scan (#9272)
• Severity overview endpoint now ignores muted findings as expected (#9283)
• Fixed discrepancy between ThreatScore PDF report values and database calculations (#9296)

Security

• Django updated to the latest 5.1 security release, 5.1.14, due to problems with potential SQL injection and denial-of-service vulnerability (#9176)

SDK

🚀 Added

• GitHub provider check organization_default_repository_permission_strict (#8785)
• Add OCI mapping to scan and check classes (#8927)
• codepipeline_project_repo_private check for AWS provider (#5915)
• cloudstorage_bucket_versioning_enabled check for GCP provider (#9014)
• cloudstorage_bucket_soft_delete_enabled check for GCP provider (#9028)
• cloudstorage_bucket_logging_enabled check for GCP provider (#9091)
• cloudstorage_audit_logs_enabled check for GCP provider (#9220)
• cloudstorage_bucket_sufficient_retention_period check for GCP provider (#9149)
• C5 compliance framework for Azure provider (#9081)
• C5 compliance framework for the GCP provider (#9097)
• organization_repository_creation_limited check for GitHub provider (#8844)
• HIPAA compliance framework for the GCP provider (#8955)
• Support PDF reporting for ENS compliance framework (#9158)
• PDF reporting for NIS2 compliance framework (#9170)
• Add organization ID parameter for MongoDB Atlas provider (#9167)
• Add multiple compliance improvements (#9145)
• Added validation for invalid checks, services, and categories in load_checks_to_execute function (#8971)
• NIST CSF 2.0 compliance framework for the AWS provider (#9185)
• Add FedRAMP 20x KSI Low for AWS, Azure and GCP (#9198)
• Add verification for provider ID in MongoDB Atlas provider (#9211)
• Add Prowler ThreatScore for the K8S provider (#9235)
• Add postgresql_flexible_server_entra_id_authentication_enabled check for Azure provider (#8764)
• Add branch name to IaC provider region (#9296)

🔄 Changed

• Update AWS Direct Connect service metadata to new format (#8855)
• Update AWS DRS service metadata to new format (#8870)
• Update AWS DynamoDB service metadata to new format (#8871)
• Update AWS CloudWatch service metadata to new format (#8848)
• Update AWS EMR service metadata to new format (#9002)
• Update AWS EKS service metadata to new format (#8890)
• Update AWS Elastic Beanstalk service metadata to new format (#8934)
• Update AWS ElastiCache service metadata to new format (#8933)
• Update Kubernetes etcd service metadata to new format (#9096)
• Update MongoDB Atlas projects service metadata to new format (#9093)
• Update GitHub Organization service metadata to new format (#9094)
• Update AWS CodeBuild service metadata to new format (#8851)
• Update GCP Artifact Registry service metadata to new format (#9088)
• Update AWS EFS service metadata to new format (#8889)
• Update AWS EventBridge service metadata to new format (#9003)
• Update AWS Firehose service metadata to new format (#9004)
• Update AWS FMS service metadata to new format (#9005)
• Update AWS FSx service metadata to new format (#9006)
• Update AWS Glacier service metadata to new format (#9007)
• Update oraclecloud analytics service metadata to new format (#9114)
• Update AWS ELB service metadata to new format (#8935)
• Update AWS CodeArtifact service metadata to new format (#8850)
• Rename OCI provider to oraclecloud with oci alias (#9126)
• Remove unnecessary tests for M365_PowerShell module (#9204)
• Update AWS ELB v2 service metadata to new format (#9001)
• Update oraclecloud cloudguard service metadata to new format (#9223)
• Update oraclecloud blockstorage service metadata to new format (#9222)
• Update oraclecloud audit service metadata to new format (#9221)
• Raise ASFF output error for non-AWS providers (#9225)
• Update AWS ECR service metadata to new format (#8872)
• Update AWS ECS service metadata to new format (#8888)
• Update AWS Kinesis service metadata to new format (#9262)
• Update AWS DocumentDB service metadata to new format (#8862)

🐛 Fixed

• Check check_name has no resource_name error for GCP provider (#9169)
• Depth Truncation and parsing error in PowerShell queries (#9181)
• False negative in iam_role_cross_service_confused_deputy_prevention check (#9213)
• Fix M365 Teams --sp-env-auth connection error and enhanced timeout logging (#9191)
• Rename get_oci_assessment_summary to get_oraclecloud_assessment_summary in HTML output (#9200)
• Fix Validation and other errors in Azure provider (#8915)
• Update documentation URLs from docs.prowler.cloud to docs.prowler.com (#9240)
• Refresh output report timestamps for each scan (#9272)
• Fix file name parsing for checks on Windows (#9268)
• Remove typo for Prowler ThreatScore - M365 (#9274)
• Point HTML logo to the one present in the Github repository (#9282)

MCP Server

🐛 Fixed

• Fix documentation MCP Server to return list of dictionaries (#9205)