✨ New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com

🏛️ AWS Organizations Improvements

• We've improved the AWS Organizations onboarding wizard making it easier to deploy the required CloudFormation templates.
• Findings now include Organizational Unit ID and name across all output formats (ASFF, OCSF, CSV), giving you full visibility into which OU each account belongs to — Thanks to @raajheshkannaa!
• Cloud Providers page shows your AWS Organizations hierarchy tree with organizational units and accounts.

🕸️ Attack Paths Improvements

• APOC to standard openCypher migration: Network exposure queries now use standard openCypher instead of APOC procedures, making them use better open standards
• Cartography upgrade: Upgraded from 0.129.0 to 0.132.0, fixing exposed_internet not being set on ELB/ELBv2 nodes
• Custom query endpoint: Cypher blocklist, input validation, rate limiting, and Helm lockdown for hardening its security
• Security hardening — Cypher blocklist, input validation, rate limiting, and Helm lockdown for the custom query endpoint
• Better error handling: Server errors (5xx) and network failures now show user-friendly messages instead of raw internal errors
• Improved logging: Query execution and scan error handling now log properly
• Several UX improvements in the Attack Paths page

🏛️ Google Workspace - API Only

Google Workspace is now fully integrated with the Prowler API. After being introduced as a CLI-only provider in v5.19.0, you can now connect and scan your Google Workspace environment directly from the API. Full App support will be included in the next release.

Read more in our Google Workspace documentation.

Explore all Google Workspace checks at Prowler Hub.

☁️ OpenStack — Object Storage Service

OpenStack continues to expand with a brand new Object Storage service adding 7 security checks covering container access control, versioning, encryption, metadata hygiene, and lifecycle management.

Read more in our OpenStack documentation.

Explore all OpenStack checks at Prowler Hub.

🔍 New Checks

AWS

• guardduty_delegated_admin_enabled_all_regions - Verify that a delegated administrator account is configured for GuardDuty - Thanks to @m-wentz!
• opensearch_service_domains_not_publicly_accessible - Now supports a trusted_ips configuration option. If your OpenSearch domain has a resource policy restricting access to known IPs, you no longer get a false positive on the public accessibility check — Thanks to @codename470!

Explore all AWS checks at Prowler Hub.

Microsoft 365

• entra_conditional_access_policy_approved_client_app_required_for_mobile — Requires approved client apps on mobile devices
• entra_conditional_access_policy_compliant_device_hybrid_joined_device_mfa_required — Requires compliant/hybrid-joined device or MFA

Explore all M365 checks at Prowler Hub.

🐞 Bug Fixes

We've added several bug fixes to improve the user experience across the application.

⛵ Community Helm Chart

Prowler now has an official community-maintained Helm chart for self-hosted deployments on Kubernetes. The chart is published as an OCI artifact to oci://ghcr.io/prowler-cloud/charts/prowler on every release.

Check it on https://ghcr.io/prowler-cloud/charts/prowler

Thanks to @Ca-moes and @Utwo for building and maintaining this chart!

🙌 Community Contributors

• @m-wentz — guardduty_delegated_admin_enabled_all_regions check for AWS (#9867)
• @codename470 — trusted_ips config for OpenSearch check (#8631)
• @raajheshkannaa — AWS Organizations OU metadata in outputs (#10283)
• @Ca-moes @Utwo — Helm Continuous Deployment (#10079)

UI

🔄 Changed

• Attack Paths: Improved error handling for server errors (5xx) and network failures with user-friendly messages instead of raw internal errors and layout changes (#10249)
• Refactor simple providers with new components and styles (#10259)
• Providers page redesigned with cloud organization hierarchy, HeroUI-to-shadcn migration, organization and account group filters, and row selection for bulk actions (#10292)
• AWS Organizations onboarding now uses a clearer 3-step flow: deploy the ProwlerScan role in the management account via CloudFormation Stack, deploy to member accounts via StackSet with a copyable template URL, and confirm with the Role ARN (#10274)

🐞 Fixed

• Provider wizard now closes after updating credentials instead of incorrectly advancing to the Launch Scan step, which caused API errors for providers with existing scheduled scans (#10278)
• Attack Paths query builder sending stale parameters from previous query selections due to validation schema and default values being recreated on every render (#10306)
• Finding detail drawer crashing when resource, scan, or provider relationships are missing from the API response (#10314)

🔐 Security

• npm transitive dependencies patched to resolve 11 Dependabot alerts (6 HIGH, 4 MEDIUM, 1 LOW): hono, @hono/node-server, fast-xml-parser, serialize-javascript, minimatch (#10267)

API

🔄 Changed

• Attack Paths: Migrate network exposure queries from APOC to standard openCypher for Neo4j and Neptune compatibility (#10266)
• POST /api/v1/providers returns 409 Conflict if already exists (#10293)

🐞 Fixed

• Attack Paths: Security hardening for custom query endpoint (Cypher blocklist, input validation, rate limiting, Helm lockdown) (#10238)
• Attack Paths: Missing logging for query execution and exception details in scan error handling (#10269)
• Attack Paths: Upgrade Cartography from 0.129.0 to 0.132.0, fixing exposed_internet not set on ELB/ELBv2 nodes (#10272)

SDK

🚀 Added

• entra_conditional_access_policy_approved_client_app_required_for_mobile check for M365 provider (#10216)
• entra_conditional_access_policy_compliant_device_hybrid_joined_device_mfa_required check for M365 provider (#10197)
• trusted_ips configurable option for opensearch_service_domains_not_publicly_accessible check to reduce false positives on IP-restricted policies (#8631)
• guardduty_delegated_admin_enabled_all_regions check for AWS provider (#9867)
• OpenStack object storage service with 7 checks (#10258)
• AWS Organizations OU metadata (OU ID, OU path) in ASFF, OCSF and CSV outputs (#10283)

🔄 Changed

• Update Kubernetes API server checks metadata to new format (#9674)
• Update Kubernetes Controller Manager service metadata to new format (#9675)
• Update Kubernetes Core service metadata to new format (#9676)
• Update Kubernetes Kubelet service metadata to new format (#9677)
• Update Kubernetes RBAC service metadata to new format (#9678)
• Update Kubernetes Scheduler service metadata to new format (#9679)
• Update MongoDB Atlas Organizations service metadata to new format (#9658)
• Update MongoDB Atlas clusters service metadata to new format (#9657)
• Update GitHub Repository service metadata to new format (#9659)
• Update GitHub Organization service metadata to new format (#10273)
• Update Oracle Cloud Compute Engine service metadata to new format (#9371)
• Update Oracle Cloud Database service metadata to new format (#9372)
• Update Oracle Cloud File Storage service metadata to new format (#9374)
• Update Oracle Cloud Integration service metadata to new format (#9376)
• Update Oracle Cloud KMS service metadata to new format (#9377)
• Update Oracle Cloud Network service metadata to new format (#9378)
• Update Oracle Cloud Object Storage service metadata to new format (#9379)
• Update Oracle Cloud Events service metadata to new format (#9373)
• Update Oracle Cloud Identity service metadata to new format (#9375)
• Update Alibaba Cloud services metadata to new format (#10289)
• Update M365 Admin Center service metadata to new format (#9680)
• Update M365 Defender service metadata to new format (#9681)
• Update M365 Purview service metadata to new format (#9092)