✨ New features to highlight in this version
Enjoy them all now for free at https://cloud.prowler.com
🏛️ Google Workspace - Full App Support
Google Workspace provider is now fully integrated with the Prowler App. You can now connect and scan your Google Workspace environment directly from the UI.
Read more in our Google Workspace documentation.
Explore all Google Workspace checks at Prowler Hub.
🤖 Lighthouse AI
We've added a new system to provide AI skills to Lighthouse AI alongside the first one: Attack Path Custom Query. This skill provides the LLM with openCypher syntax guidance and Cartography schema knowledge for writing graph queries against Prowler's data.
This was included alongside a new tool in the Prowler MCP to get the Cartography's scan schema.
📖 Check Metadata
We've completed the check's metadata migration to the new format 🎉 Now all are structured in the same way.
Huge shoutout to the Prowler's Detection&Remediation team for this massive effort!
Read more in our Check Metadata Guidelines
⌛ AWS Resource Timeline
AWS resource modification history is now visible directly in the App. A new Events tab in Findings and Resource detail cards shows an AWS CloudTrail timeline with expandable event rows, actor details, request/response JSON payloads, and error information. A read-event toggle lets you include or exclude read-only API calls from the timeline.
🐳 Container Image
Container Image provider is now fully integrated with the Prowler App. You can now connect and scan your container registry directly from the UI.
Read more in our Container Image documentation.
🏛️ AWS Organizations Improvements
We've upgraded AWS Organizations management in the Cloud Providers page with greater flexibility and control. You can now edit organization names and credentials, run connection tests across all accounts or scoped to a specific organizational unit, and delete individual organizational units or full organizations.
🕸️ Attack Paths Improvements
We continued improving Attack Paths UX by improving performance and adding more labels to improve filtering when using custom queries.
📄 Compliance
We've improved compliance coverage with the following frameworks:
- SecNumCloud 3.2 for AWS, Azure, GCP, Alibaba and Oracle Cloud
- Reserve Bank of India (RBI) for Azure
🔍 New Checks
Microsoft 365
entra_conditional_access_policy_device_code_flow_blocked- Conditional Access policy blocks device code flow to prevent phishing attacksentra_conditional_access_policy_require_mfa_for_admin_portals- Conditional Access policy requires MFA for Microsoft Admin Portals
Explore all Microsoft 365 checks at Prowler Hub.
Github
organization_repository_deletion_limited- Organization repository deletion and transfer is restricted to owners - Thanks to @shalkoda
Explore all Github checks at Prowler Hub.
🙌 Community Contributors
- @shalkoda —
organization_repository_deletion_limitedcheck for Github (#10185) - @AlienwareSec - Route53 dangling IP check false positive when using
--regionflag (#9952) - @tejas0077 - RBI compliance for the Azure provider (#10339)
- @JiwaniZakir -
CORS_ALLOWED_ORIGINSconfigurable via environment variable (#10355)
UI
🚀 Added
🔄 Changed
- Google Workspace provider support (#10333)
- Image (Container Registry) provider support in UI: badge icon, credentials form, and provider-type filtering (#10167)
- Events tab in Findings and Resource detail cards showing an AWS CloudTrail timeline with expandable event rows, actor info, request/response JSON payloads, and error details (#10320)
- AWS Organization and organizational unit row actions (Edit Name, Update Credentials, Test Connections, Delete) in providers table dropdown (#10317)
API
🚀 Added
CORS_ALLOWED_ORIGINSconfigurable via environment variable (#10355)- Attack Paths: Tenant and provider related labels to the nodes so they can be easily filtered on custom queries (#10308)
🔄 Changed
- Attack Paths: Complete migration to private graph labels and properties, removing deprecated dual-write support (#10268)
- Attack Paths: Reduce sync and findings memory usage with smaller batches, cursor iteration, and sequential sessions (#10359)
🐞 Fixed
- Attack Paths: Recover
graph_data_readyflag when scan fails during graph swap, preventing query endpoints from staying blocked until the next successful scan (#10354)
🔐 Security
- Use
psycopg2.sqlto safely compose DDL inPostgresEnumMigration, preventing SQL injection via f-string interpolation (#10166)
SDK
🚀 Added
misconfigscanner as default for Image provider scans (#10167)entra_conditional_access_policy_device_code_flow_blockedcheck for M365 provider (#10218)- RBI compliance for the Azure provider (#10339)
entra_conditional_access_policy_require_mfa_for_admin_portalscheck for Azure provider and update CIS compliance (#10330)- CheckMetadata Pydantic validators (#8583)
organization_repository_deletion_limitedcheck for GitHub provider (#10185)- SecNumCloud 3.2 for the GCP provider (#10364)
- SecNumCloud 3.2 for the Azure provider (#10358)
- SecNumCloud 3.2 for the Alibaba Cloud provider (#10370)
- SecNumCloud 3.2 for the Oracle Cloud provider (#10371)
🔄 Changed
- Bump
pygithubfrom 2.5.0 to 2.8.0 to use native Organization properties - Update M365 SharePoint service metadata to new format (#9684)
- Update M365 Exchange service metadata to new format (#9683)
- Update M365 Teams service metadata to new format (#9685)
- Update M365 Entra ID service metadata to new format (#9682)
- Update ResourceType and Categories for Azure Entra ID service metadata (#10334)
- Update OCI Regions to include US DoD regions (#10375)
🐞 Fixed
- Route53 dangling IP check false positive when using
--regionflag (#9952) - RBI compliance framework support on Prowler Dashboard for the Azure provider (#10360)
- CheckMetadata strict validators rejecting valid external tool provider data (image, iac, llm) (#10363)
🔐 Security
- Bump
multipartto 1.3.1 to fix GHSA-p2m9-wcp5-6qw3 (#10331)
MCP
🚀 Added
- Attack Path tool to get Neo4j DB schema (#10321)