github prowler-cloud/prowler 5.18.0
Prowler 5.18.0
on GitHub

7 hours ago

✨ New features to highlight in this version

Enjoy these features and more at https://cloud.prowler.com

☁️ OpenStack Provider

Prowler now supports OpenStack as a new cloud provider! This release introduces initial coverage with the Compute service and includes the first security check. This opens the door to assessing private cloud environments built on OpenStack.

openstack

🔍 CloudTrail Timeline - Resource History Tracking

A new CloudTrail Timeline abstraction enables querying resource modification history directly from the API. The new endpoint GET /resources/{id}/events retrieves AWS resource modification events from CloudTrail, giving you visibility into who changed what and when.

🕸️ Attack Paths Enhancements

  • New privilege escalation queries for Bedrock Code Interpreter and AttachRolePolicy patterns
  • Cartography upgraded to 0.126.1 with expanded AWS scans covering SageMaker, CloudFront, and Bedrock
  • Neo4j database per tenant architecture for improved isolation and performance

🛡️ CodeBreach Vulnerability Detection

New check codebuild_project_webhook_filters_use_anchored_patterns helps detect the CodeBreach vulnerability in AWS CodeBuild projects by verifying webhook filters use properly anchored patterns.

📋 New Security Checks

  • AWS: rds_instance_extended_support - Detect RDS instances using extended support
  • M365: defender_zap_for_teams_enabled, exchange_shared_mailbox_sign_in_disabled
  • GCP: compute_instance_suspended_without_persistent_disks

🏛️ HIPAA for Azure

The HIPAA compliance framework is now available for the Azure provider, helping healthcare organizations assess their Azure infrastructure against HIPAA requirements.

⚡ Performance Improvements

  • Azure Key Vault parallelization - Vaults and contents retrieval now runs in parallel for faster
    scans
  • Lazy-load providers and compliance data - Reduced API/worker startup memory and time
  • Memory optimizations for large compliance report generation
  • Partial database index on findings for faster new failed findings queries

🎨 UI Improvements

  • Redesigned Resources view with an improved resource detail drawer
  • Launch Scan page now displays all providers without pagination limits
  • Next.js 16.1 upgrade with ESLint 9 flat config migration

⚙️ Cloudflare Enhancements

  • New --account-id filter argument for Cloudflare CLI
  • Cloudflare provider credentials now supported as constructor parameters for SDK usage

🛠️ AWS Cross-Account Configuration

Cross-account checks are now configurable through the trusted_account_ids config parameter, giving you control over which accounts are considered trusted for cross-account access patterns.

🐛 Bug Fixes

  • Jira integration: Fixed summary truncation to 255 characters preventing INVALID_INPUT errors with long resource UIDs
  • Azure: Fixed duplicated findings in entra_user_with_vm_access_has_mfa when users have multiple VM access roles

🙏 Community Contribution

Special thanks to @AlienwareSec for contributing the fix for CSV/XLSX download failures in the Dashboard #9946

UI

🔄 Changed

  • Restyle resources view with improved resource detail drawer (#9864)
  • Launch Scan page now displays all providers without pagination limit (#9700)
  • Upgrade Next.js from 15.5.9 to 16.1.3 with ESLint 9 flat config migration (#9826)

🔐 Security

  • React from 19.2.3 to 19.2.4 and Next.js from 16.1.3 to 16.1.6, patching DoS vulnerability in React Server Components (GHSA-83fc-fqcc-2hmg) (#9917)

API

🚀 Added

  • Cloudflare provider support (#9907)
  • Attack Paths: Bedrock Code Interpreter and AttachRolePolicy privilege escalation queries (#9885)
  • provider_id and provider_id__in filters for resources endpoints (GET /resources and GET /resources/metadata/latest) (#9864)
  • Added memory optimizations for large compliance report generation (#9444)
  • GET /api/v1/resources/{id}/events endpoint to retrieve AWS resource modification history from CloudTrail (#9101)
  • Partial index on findings to speed up new failed findings queries (#9904)

🔄 Changed

  • Lazy-load providers and compliance data to reduce API/worker startup memory and time (#9857)
  • Attack Paths: Pinned Cartography to version 0.126.1, adding AWS scans for SageMaker, CloudFront and Bedrock (#9893)
  • Remove unused indexes (#9904)
  • Attack Paths: Modified the behaviour of the Cartography scans to use the same Neo4j database per tenant, instead of individual databases per scans (#9955)

🐞 Fixed

  • Attack Paths: aws-security-groups-open-internet-facing query returning no results due to incorrect relationship matching (#9892)

SDK

🚀 Added

  • defender_zap_for_teams_enabled check for M365 provider (#9838)
  • compute_instance_suspended_without_persistent_disks check for GCP provider (#9747)
  • codebuild_project_webhook_filters_use_anchored_patterns check for AWS provider to detect CodeBreach vulnerability (#9840)
  • exchange_shared_mailbox_sign_in_disabled check for M365 provider (#9828)
  • CloudTrail Timeline abstraction for querying resource modification history (#9101)
  • Cloudflare --account-id filter argument (#9894)
  • rds_instance_extended_support check for AWS provider (#9865)
  • OpenStack provider support with Compute service including 1 security check (#9811)
  • OpenStack documentation for the support in the CLI (#9848)
  • Add HIPAA compliance framework for the Azure provider (#9957)
  • Cloudflare provider credentials as constructor parameters (api_token, api_key, api_email) (#9907)

🔄 Changed

  • Update Azure App Service service metadata to new format (#9613)
  • Update Azure Application Insights service metadata to new format (#9614)
  • Update Azure Container Registry service metadata to new format (#9615)
  • Update Azure Cosmos DB service metadata to new format (#9616)
  • Update Azure Databricks service metadata to new format (#9617)
  • Parallelize Azure Key Vault vaults and vaults contents retrieval to improve performance (#9876)
  • Update Azure IAM service metadata to new format (#9620)
  • Update Azure Policy service metadata to new format (#9625)
  • Update Azure MySQL service metadata to new format (#9623)
  • Update Azure Defender service metadata to new format (#9618)
  • Make AWS cross-account checks configurable through trusted_account_ids config parameter (#9692)
  • Update Azure PostgreSQL service metadata to new format (#9626)
  • Update Azure SQL Server service metadata to new format (#9627)
  • Update Azure Network service metadata to new format (#9624)
  • Update Azure Storage service metadata to new format (#9628)

🐛 Fixed

  • Duplicated findings in entra_user_with_vm_access_has_mfa check when user has multiple VM access roles (#9914)
  • Jira integration failing with INVALID_INPUT error when sending findings with long resource UIDs exceeding 255-character summary limit (#9926)
  • CSV/XLSX download failure in dashboard (#9946)
Check out latest releases or
releases around prowler-cloud/prowler 5.18.0

Don't miss a new prowler release

NewReleases is sending notifications on new releases.

Get notifications