✨ New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com

🏛️ AWS Organizations Onboarding

Connect multiple AWS accounts from your Organization in a single flow. Select accounts from your AWS Organization hierarchy and onboard them all at once — no more adding accounts one by one.

Read more in our AWS Organizations in Prowler Cloud documentation.

📤 Import Findings

Scan results can now be imported into Prowler Cloud for centralized visibility and correlation. Available via:

• CLI — --push-to-cloud flag uploads findings in OCSF directly
• API — POST /api/v1/ingestions endpoint for CI/CD and automation workflows

Read more in our import findings documentation. Thanks to @sonofagl1tch for their contribution and continued support!

☁️ OpenStack — Multi-Region & New Services

OpenStack support matures with:

• Multiple regions scanned from a single provider configuration
• 7 new Compute security checks covering instance, network, and security group configurations
• 6 new Networking security checks covering security groups, port security, DHCP, and network state
• 7 new Block Storage security checks covering volume encryption, sensitive metadata, backups, and resource hygiene
• 6 new Image security checks covering visibility, signature verification, deletion protection, encryption, and Secure Boot
• Full App integration — OpenStack providers can now be managed from the UI

Read more in our OpenStack documentation.

Explore all OpenStack checks at Prowler Hub.

🐳 Container Image Scanning

A brand new Image provider powered by Trivy brings container image security scanning to Prowler. Scan individual images or entire registries for vulnerabilities:

• Single image mode: Scan any container image by tag or digest
• Registry scan mode: Enumerate and scan all images from OCI-standard registries, Docker Hub, and Amazon ECR
• Available via CLI and API — full App support coming in the next release

Read more in our Image provider documentation.

Explore all Image checks at Prowler Hub.

🏢 Google Workspace Provider - CLI

A new Google Workspace provider brings organizational security visibility to Prowler, starting with the Directory service.

It's the 1st provider in Prowler for @lydiavilchez 🙌

Explore all Google Workspace checks at Prowler Hub

☁️ Cloudflare — Now in the App

After being introduced in the CLI in v5.17.0, Cloudflare now has full App support in the Prowler App with 29 security checks covering:

• TLS/SSL
• DNS
• Email security
• WAF
• Bot protection
• Zone configuration.

Read more in our Cloudflare documentation.

Explore all CloudFlare checks at Prowler Hub.

🕸️ Attack Paths — Major Upgrades

The Attack Paths feature receives significant enhancements in this release:

• Full query library from pathfinding.cloud — comprehensive set of privilege escalation and lateral movement detection queries
• Query descriptions and source links — each query now includes a detailed description and a link to its source at pathfinding.cloud
• Cartography upgrade — from fork 0.126.1 to upstream 0.129.0, with Neo4j driver upgraded from 5.x to 6.x
• Read-only query execution — queries now run in read-only mode for safety
• Provider-scoped results — query results are filtered by provider, preventing cross-tenant and cross-provider data leakage
• Improved reliability — orphaned Neo4j databases are cleaned up on scan failure, and provider deletion no longer causes DatabaseError

🤖 Attack Paths in Prowler MCP Server

The Prowler MCP Server now includes Attack Paths tools, enabling AI agents to query and analyze privilege escalation and lateral movement paths directly. Connect your AI assistant at mcp.prowler.com/mcp.

📚 New Compliance Frameworks

CSA CCM 4.0

The Cloud Security Alliance Cloud Controls Matrix v4.0 is now available across five providers: AWS, Azure, GCP, Oracle Cloud, and Alibaba Cloud.

CIS 6.0 for AWS

The latest CIS Amazon Web Services Foundations Benchmark v6.0 is now available, bringing updated security controls aligned with current AWS best practices.

SecNumCloud for AWS

The ANSSI SecNumCloud qualification framework is now available for AWS, covering French cloud security requirements.

🔗 Unified Provider Wizard

The provider connection flow has been completely redesigned into a modal wizard with a unified experience across all provider types.

🔍 New Checks

Microsoft 365

12 new security checks covering Entra ID, Defender for Identity, Defender XDR, and email protection.

• entra_conditional_access_policy_app_enforced_restrictions — App enforced restrictions
• entra_app_registration_no_unused_privileged_permissions — Unused privileged permissions
• entra_seamless_sso_disabled — Seamless SSO disabled
• entra_conditional_access_policy_require_mfa_for_management_api — MFA for management API
• defenderidentity_health_issues_no_open — Defender for Identity health
• defenderxdr_endpoint_privileged_user_exposed_credentials — Exposed credentials detection
• defenderxdr_critical_asset_management_pending_approvals — Critical asset management
• defender_safe_attachments_policy_enabled — Safe Attachments policy
• defender_safelinks_policy_enabled — Safe Links policy
• entra_default_app_management_policy_enabled — Default app management policy enabled
• entra_authentication_method_sms_voice_disabled - Disable SMS and voice authentication
• entra_break_glass_account_fido2_security_key_registered - Break glass accounts should have a FIDO2 security key

Explore all M365 checks at Prowler Hub.

AWS

Enhanced IAM privilege escalation detection with patterns from the pathfinding.cloud library

Explore all AWS checks at Prowler Hub.

OpenStack

26 new security checks across four services:

Compute (7 checks)

• compute_instance_config_drive_enabled — Config drive for secure metadata delivery
• compute_instance_isolated_private_network — Network isolation (private-only IPs)
• compute_instance_key_based_authentication — SSH key-based auth configuration
• compute_instance_locked_status_enabled — Instance lock status protection
• compute_instance_metadata_sensitive_data — Secrets in instance metadata
• compute_instance_public_ip_exposed — Publicly exposed instances
• compute_instance_trusted_image_certificates — Image signature verification

Networking (6 checks)

• networking_security_group_allows_ssh_from_internet — SSH (port 22) exposed to the internet
• networking_security_group_allows_rdp_from_internet — RDP (port 3389) exposed to the internet
• networking_security_group_allows_all_ingress_from_internet — Security groups allowing all ingress from the internet
• networking_port_security_disabled — Networks/ports allowing MAC/IP spoofing attacks
• networking_subnet_dhcp_disabled — Subnets without DHCP auto-configuration
• networking_admin_state_down — Administratively disabled networks

Block Storage (7 checks)

• blockstorage_volume_encryption_enabled — Volumes without encryption enabled
• blockstorage_volume_metadata_sensitive_data — Sensitive data in volume metadata
• blockstorage_snapshot_metadata_sensitive_data — Sensitive data in snapshot metadata
• blockstorage_volume_backup_exists — Volumes without any backups
• blockstorage_volume_multiattach_disabled — Volumes with multi-attach enabled
• blockstorage_volume_not_unattached — Orphaned volumes with no attachments
• blockstorage_snapshot_not_orphaned — Snapshots referencing non-existent source volumes

Image (6 checks)

• image_not_publicly_visible — Publicly visible images exposing OS configs and credentials
• image_not_shared_with_multiple_projects — Images shared with too many projects
• image_signature_verification_enabled — Images without cryptographic signature verification
• image_protected_status_enabled — Images without deletion protection
• image_encryption_enabled — Images without guest memory encryption (AMD SEV)
• image_secure_boot_enabled — Images without Secure Boot required

Explore all OpenStack checks at Prowler Hub.

GitHub

• organization_verified_badge — Verified badge on GitHub organizations — thanks to @kushpatel321!

Explore all Github checks at Prowler Hub.

🔐 Security Updates

• py-ocsf-models 0.8.1 and cryptography 44.0.3
• Pillow 12.1.1 (CVE-2021-25289)
• azure-core 1.38.x removing CVE-2026-21226 safety ignore
• npm dependencies updated resolving 20 Dependabot alerts (2 CRITICAL, 7 HIGH, 9 MEDIUM, 2 LOW)
• defusedxml XXE vulnerability fix for Alibaba Cloud OSS — thanks to @sandiyochristan!

🔒 CI Security Hardening

GitHub Actions workflows have been audited and hardened using zizmor, which is now integrated into CI. Fixes include expression injection prevention, credential persistence controls, and overall workflow hardening in (#10200) (#10207) (#10208)

🙌 Community Contributors

• @sonofagl1tch — Import Findings to Prowler Cloud support
• @kushpatel321 — organization_verified_badge check for GitHub provider (#10033)
• @HarshCasper — Respect AWS_ENDPOINT_URL for STS session creation (#10228)
• @anthonytwh — Apply provider/account filters to Findings Severity Over Time chart (#10103)
• @sandiyochristan — defusedxml XXE vulnerability fix for Alibaba Cloud OSS (#9999)
• @sbldevnet - For testing CloudFlare provider thoroughly

UI

🚀 Added

• OpenStack provider support in the UI (#10046)
• PDF report available for the CSA CCM compliance framework (#10088)
• Cloudflare provider support (#9910)
• CSV and PDF download buttons in compliance views (#10093)
• Add SecNumCloud compliance framework (#10117)
• Attack Paths tools added to Lighthouse AI workflow allowed list (#10175)

🔄 Changed

• Attack Paths: Query list now shows their name and short description, when one is selected it also shows a longer description and an attribution if it has it (#9983)
• Updated GitHub provider form placeholder to clarify both username and organization names are valid inputs (#9830)
• CSA CCM detailed view and small fix related with Top Failed Sections width (#10018)
• Attack Paths: Show scan data availability status with badges and tooltips, allow selecting scans for querying while a new scan is in progress (#10089)
• Attack Paths: Catches not found and permissions (for read only queries) errors (#10140)
• Provider connection flow was unified into a modal wizard with AWS Organizations bulk onboarding, safer secret retry handling, and more stable E2E coverage (#10153) (#10154) (#10155) (#10156) (#10157) (#10158)

🐞 Fixed

• Findings Severity Over Time chart on Overview not responding to provider and account filters, and chart clipping at Y-axis maximum values (#10103)

🔐 Security

• npm dependencies updated to resolve 11 Dependabot alerts (4 HIGH, 7 MEDIUM): fast-xml-parser, @modelcontextprotocol/sdk, tar, @isaacs/brace-expansion, hono, lodash, lodash-es (#10052)
• npm transitive dependencies patched to resolve 9 Dependabot alerts (2 CRITICAL, 3 HIGH, 2 MEDIUM, 2 LOW): fast-xml-parser, rollup, minimatch, ajv, hono, qs (#10187)

API

🚀 Added

• Finding group summaries and resources endpoints for hierarchical findings views (#9961)
• OpenStack provider support (#10003)
• PDF report for the CSA CCM compliance framework (#10088)
• image provider support for container image scanning (#10128)
• Attack Paths: Custom query and Cartography schema endpoints (temporarily blocked) (#10149)

🔄 Changed

• Attack Paths: Queries definition now has short description and attribution (#9983)
• Attack Paths: Internet node is created while scan (#9992)
• Attack Paths: Add full paths set from pathfinding.cloud (#10008)
• Attack Paths: Mark attack Paths scan as failed when Celery task fails outside job error handling (#10065)
• Attack Paths: Remove legacy per-scan graph_database and is_graph_database_deleted fields from AttackPathsScan model (#10077)
• Attack Paths: Add graph_data_ready field to decouple query availability from scan state (#10089)
• Attack Paths: Upgrade Cartography from fork 0.126.1 to upstream 0.129.0 and Neo4j driver from 5.x to 6.x (#10110)
• Attack Paths: Query results now filtered by provider, preventing future cross-tenant and cross-provider data leakage (#10118)
• Attack Paths: Add private labels and properties in Attack Paths graphs for avoiding future overlapping with Cartography's ones (#10124)
• Attack Paths: Query endpoint executes them in read only mode (#10140)
• Attack Paths: Accept header query endpoints also accepts text/plain, supporting compact plain-text format for LLM consumption (#10162)
• Bump Trivy from 0.69.1 to 0.69.2 (#10210)

🐞 Fixed

• Attack Paths: Orphaned temporary Neo4j databases are now cleaned up on scan failure and provider deletion (#10101)
• Attack Paths: scan no longer raises DatabaseError when provider is deleted mid-scan (#10116)
• Tenant compliance summaries recalculated after provider deletion (#10172)
• Security Hub export retries transient replica conflicts without failing integrations (#10144)

🔐 Security

• Bump Pillow to 12.1.1 (CVE-2021-25289) (#10027)
• Remove safety ignore for CVE-2026-21226 (84420), fixed via azure-core 1.38.x (#10110)

SDK

🚀 Added

• entra_authentication_method_sms_voice_disabled check for M365 provider (#10212)
• Google Workspace provider support with Directory service including 1 security check (#10022)
• entra_conditional_access_policy_app_enforced_restrictions check for M365 provider (#10058)
• entra_app_registration_no_unused_privileged_permissions check for M365 provider (#10080)
• defenderidentity_health_issues_no_open check for M365 provider (#10087)
• organization_verified_badge check for GitHub provider (#10033)
• OpenStack provider clouds_yaml_content parameter for API integration (#10003)
• defender_safe_attachments_policy_enabled check for M365 provider (#9833)
• defender_safelinks_policy_enabled check for M365 provider (#9832)
• CSA CCM 4.0 for the AWS provider (#10018)
• CSA CCM 4.0 for the GCP provider (#10042)
• CSA CCM 4.0 for the Azure provider (#10039)
• CSA CCM 4.0 for the Oracle Cloud provider (#10057)
• OCI regions updater script and CI workflow (#10020)
• image provider for container image scanning with Trivy integration (#9984)
• CSA CCM 4.0 for the Alibaba Cloud provider (#10061)
• ECS Exec (ECS-006) privilege escalation detection via ecs:ExecuteCommand + ecs:DescribeTasks (#10066)
• --export-ocsf CLI flag to upload OCSF scan results to Prowler Cloud (#10095)
• scan_id field in OCSF unmapped output for ingestion correlation (#10095)
• defenderxdr_endpoint_privileged_user_exposed_credentials check for M365 provider (#10084)
• defenderxdr_critical_asset_management_pending_approvals check for M365 provider (#10085)
• entra_seamless_sso_disabled check for M365 provider (#10086)
• Registry scan mode for image provider: enumerate and scan all images from OCI standard, Docker Hub, and ECR (#9985)
• File descriptor limits (ulimits) for Docker Compose worker services to prevent Too many open files errors (#10107)
• SecNumCloud compliance framework for the AWS provider (#10117)
• CIS 6.0 for the AWS provider (#10127)
• entra_conditional_access_policy_require_mfa_for_management_api check for M365 provider (#10150)
• OpenStack provider multiple regions support (#10135)
• entra_break_glass_account_fido2_security_key_registered check for M365 provider (#10213)
• entra_default_app_management_policy_enabled check for M365 provider (#9898)
• OpenStack networking service with 6 security checks (#9970)
• OpenStack block storage service with 7 security checks (#10120)
• OpenStack compute service with 7 security checks (#9944)
• OpenStack image service with 6 security checks (#10096)
• --provider-uid CLI flag for IaC provider, used as cloud.account.uid in OCSF output and required with --export-ocsf (#10233)
• unmapped.provider_uid field in OCSF output to match CLI scan results with API provider entities during ingestion (#10231)
• unmapped.provider field in OCSF output for provider name availability in non-cloud providers like Kubernetes (#10240)

🔄 Changed

• Update Azure Monitor service metadata to new format (#9622)
• GitHub provider enhanced documentation and repository_branch_delete_on_merge_enabled logic (#9830)
• Parallelize Cloudflare zone API calls with threading to improve scan performance (#9982)
• Update GCP API Keys service metadata to new format (#9637)
• Update GCP BigQuery service metadata to new format (#9638)
• Update GCP Cloud SQL service metadata to new format (#9639)
• Update GCP Cloud Storage service metadata to new format (#9640)
• Update GCP Compute Engine service metadata to new format (#9641)
• Update GCP Dataproc service metadata to new format (#9642)
• Update GCP DNS service metadata to new format (#9643)
• Update GCP GCR service metadata to new format (#9644)
• Update GCP GKE service metadata to new format (#9645)
• Update GCP IAM service metadata to new format (#9646)
• Update GCP KMS service metadata to new format (#9647)
• Update GCP Logging service metadata to new format (#9648)
• Update Azure Key Vault service metadata to new format (#9621)
• Update Azure Entra ID service metadata to new format (#9619)
• Update Azure Virtual Machines service metadata to new format (#9629)
• Cloudflare provider credential validation with specific exceptions (#9910)
• Enhance AWS IAM privilege escalation detection with patterns from pathfinding.cloud library (#9922)
• Bump Trivy from 0.66.0 to 0.69.2 (#10210)
• Standardize GitHub and M365 provider account UIDs for consistent OCSF output (#10226)
• Standardize Cloudflare account and resource UIDs to prevent None values in findings (#10227)

🐞 Fixed

• Update AWS checks metadata URLs to replace deprecated Trend Micro CloudOne Conformity (EOL July 2026) with Vision One and remove docs.prowler.com references (#10068)
• Standardize resource_id values across Azure checks to use actual Azure resource IDs and prevent duplicate resource entries (#9994)
• VPC endpoint service collection filtering third-party services that caused AccessDenied errors on DescribeVpcEndpointServicePermissions (#10152)
• Handle serialization errors in OCSF output for non-serializable resource metadata (#10129)
• Respect AWS_ENDPOINT_URL environment variable for STS session creation (#10228)
• Help text and typos in CLI flags (#10040)
• elbv2_insecure_ssl_ciphers false positive on AWS post-quantum (PQ) TLS policies like ELBSecurityPolicy-TLS13-1-2-PQ-2025-09 (#10219)

🔐 Security

• Bumped py-ocsf-models to 0.8.1 and cryptography to 44.0.3 (#10059)
• Harden GitHub Actions workflows against expression injection, add persist-credentials: false to checkout steps, and configure dependabot cooldown (#10200)

MCP

🚀 Added

• Attack Paths tools to list scans, discover queries, and run Cypher queries against Neo4j (#10145)