✨ New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com/

🔎 Findings Grouped View

The problem: a real cloud environment produces thousands of findings per scan. A flat list makes it impossible to triage — the same misconfiguration repeated across 200 resources shows up as 200 rows, burying the signal, making prioritization guesswork, and turning "mute this false positive everywhere" into a click marathon. And once you're investigating a single resource, you lose sight of what else is wrong with it, because related findings are scattered across the same flat list.

The problem this solves: findings are now grouped by check. One row per check title, with severity, impacted providers, and an X of Y impacted resources counter at a glance, so Vercel project has the Web Application Firewall enabled across every affected project collapses to a single row — not one per project. Sort or filter by severity, provider, or status at the group level and triage top-down instead of drowning in per-resource rows.

Expand any group inline to see the failing resources with their UID, service, region, severity, provider, last seen, and failing for duration, then open the resource detail drawer for the full finding context: Risk, Description, Status Extended, Remediation, a direct "View in Prowler Hub" link, and a one-click Analyze This Finding With Lighthouse AI button. Bulk-mute an entire group in a single action instead of chasing duplicates across the list.

Inside the drawer, a new Other Findings For This Resource tab lists every finding that hits the same resource (passing, failing, and muted) alongside the one you opened — so when you're looking at "WAF not enabled" on a Vercel project, you immediately see skew protection, rate limiting, IP blocking, custom firewall rules, and password protection findings for that same project, instead of going back to the main list and filtering by resource UID. Pair it with the Scans and Events tabs for full context without leaving the drawer.

🏢 New Provider — Vercel

Connect Vercel teams via API token and audit deployments, domains, projects, and team settings. Ships with 26 security checks out of the box.

Explore all Vercel checks at Prowler Hub (no login required).

Read more in the Vercel provider documentation.

🏛️ Multi-Organization Management

Create, switch, edit, and delete organizations from the profile page. The active organization is switched automatically before deletion so JWTs are never rejected mid-flow.

🔒 RBAC role lookup is now scoped by tenant_id to prevent cross-tenant privilege leaks, and admin tenant listing no longer requires the MANAGE_ACCOUNT permission.

Read more in the Multi-Tenant management documentation.

💡 Thanks to @pfe-nazaries and @Davidm4r for their first contributions as part of the Prowler Team 🚀

🤖 MCP Server — Resource Events Timeline

New resource events tool in the Prowler MCP Server that returns a who/what/when timeline for a given resource. For AWS, this surfaces CloudTrail events directly to your LLM: actor identity, event name, source IP, user agent, request parameters, and response payloads — the same data that powers the Events tab in the UI, now accessible from any MCP client.

Pair it with Lighthouse AI or your own agent to ask natural-language questions like "who modified this S3 bucket policy in the last 24 hours?" or "what actions has this IAM role performed recently?" without leaving your chat interface or jumping to the AWS console.

🕸️ Attack Paths — Custom Queries Editor Improvements

Custom query editor has been improved with syntax highlighting and line numbering to help you write openCypher queries.

Read more in the Attack Paths documentation.

📚 New Compliance Frameworks for Google Workspace

More compliance coverage this time for the Google Workspace provider:

• CISA SCuBA Baselines
• CIS Foundations Benchmark v1.3.0

💡Check’s coverage will increase in the next versions.

☁️ Oracle Cloud Infrastructure Improvements

• Multi-region filtering via --region across filestorage, blockstorage, kms, compute, and identity services, including regions outside the tenancy home region
• Mutelist support now passes tenancy_id to is_finding_muted, and the example Mutelist uses the proper Accounts key
• False positive fixes in kms_key_rotation_enabled and events_rule_idp_group_mapping_changes

Explore all OCI checks at Prowler Hub.

Read more in the Oracle Cloud Infrastructure documentation.

💡 Thanks to @rchotacode for most of the OCI work this release!

🆕 Checks

AWS

• cloudfront_distributions_logging_enabled — now detects Standard Logging v2 via CloudWatch Log Delivery — thanks to @mcrolly!
• ec2_securitygroup_allow_ingress_from_internet_to_any_port_from_ip — uses ipaddress.is_global for accurate public IP detection — thanks to @raajheshkannaa!
• glue_etl_jobs_no_secrets_in_arguments — detects plaintext secrets in Glue ETL job arguments — thanks to @raajheshkannaa!
• awslambda_function_no_dead_letter_queue, awslambda_function_using_cross_account_layers, and awslambda_function_env_vars_not_encrypted_with_cmk — thanks to @sandiyochristan!
• stepfunctions_statemachine_no_secrets_in_definition — thanks to @Jeevan-88

Explore all AWS checks at Prowler Hub.

GCP — Generative Language (Gemini) API Coverage

Two new checks covering the Gemini API surface — thanks to @F30:

• apikeys_api_restricted_with_gemini_api
• gemini_api_disabled

Explore all GCP checks at Prowler Hub.

Google Workspace

15 new checks, one to increase coverage in the directory service, three for the new calendar service and eleven for drive and docs services:

• directory_super_admin_only_admin_roles
• calendar_external_sharing_primary_calendar
• calendar_external_sharing_secondary_calendar
• calendar_external_invitations_warning
• drive_external_sharing_warn_users
• drive_publishing_files_disabled
• drive_sharing_allowlisted_domains
• drive_warn_sharing_with_allowlisted_domains
• drive_access_checker_recipients_only
• drive_internal_users_distribute_content
• drive_shared_drive_creation_allowed
• drive_shared_drive_managers_cannot_override
• drive_shared_drive_members_only_access
• drive_shared_drive_disable_download_print_copy
• drive_desktop_access_disabled

Explore all Google Workspace checks at Prowler Hub.

Microsoft 365 — Conditional Access Hardening

Four new Conditional Access Policy checks for Entra ID, all aligned with Microsoft security baselines:

• entra_conditional_access_policy_mdm_compliant_device_required
• entra_conditional_access_policy_device_registration_mfa_required (plus entra_intune_enrollment_sign_in_frequency_every_time hardening)
• entra_conditional_access_policy_block_elevated_insider_risk
• entra_conditional_access_policy_block_o365_elevated_insider_risk

Explore all M365 checks at Prowler Hub.

🐍 Python 3.9 EndOfLife

Minimum Python version bumped to 3.10 as 3.9 reached end of life in October 2025.

Read more about it in this community announcement.

🛠️ CLI Improvements

• New --resource-group and --list-resource-groups flags to filter checks by resource group across all providers
• --list-checks and --list-checks-json now include the threat-detection category — thanks to @kaiisfree!
• prowler image --registry no longer fails with ImageNoImagesProvidedError — registry arguments are forwarded through init_global_provider — thanks to @eblume!

🔐 Security Updates

• Harden-Runner enabled across GitHub Actions workflows to monitor and restrict outbound network traffic during CI runs, detect unexpected endpoints, and protect against compromised dependencies exfiltrating secrets from the build environment
• CVE-2026-28802 — authlib bumped from 1.6.5 to 1.6.9 (JWT alg: none validation bypass)
• CVE-2026-26007 and CVE-2026-34073 — cryptography bumped from 44.0.3 to 46.0.6; oci to 2.169.0; alibabacloud-tea-openapi to 0.4.4
• Sensitive CLI flag values (tokens, keys, passwords) in HTML output "Parameters used" field are now redacted to prevent credential leaks
• All previously unpinned API dependencies pinned to exact versions to prevent supply chain attacks and ensure reproducible builds

🙌 Community Contributors

Thank you to our community contributors for this release!

• @rchotacode — OCI mutelist support (#10566)
• @rchotacode — Fix OCI identity clients for multi-region configuration in blockstorage, identity, and filestorage (#10520)
• @rchotacode — Add multi-region filtering argument support for OCI (#10473)
• @rchotacode — Fix OCI service region support outside tenancy home region (#10472)
• @raajheshkannaa — Add internet-exposed category to 13 AWS checks (CloudFront, CodeArtifact, EC2, EFS, RDS, SageMaker, Shield, VPC) (#10502)
• @raajheshkannaa — Add ec2_securitygroup_allow_ingress_from_internet_to_any_port_from_ip check using ipaddress.is_global for accurate public IP detection (#10335)
• @raajheshkannaa — Add glue_etl_jobs_no_secrets_in_arguments check for plaintext secrets in AWS Glue ETL job arguments (#10368)
• @sandiyochristan — Enrich AWS Lambda Function model with inventory fields and add awslambda_function_no_dead_letter_queue, awslambda_function_using_cross_account_layers, and awslambda_function_env_vars_not_encrypted_with_cmk checks (#10381)
• @mcrolly — Detect CloudFront Standard Logging v2 via CloudWatch Log Delivery in cloudfront_distributions_logging_enabled (#10090)
• @F30 — Add apikeys_api_restricted_with_gemini_api and gemini_api_disabled checks for GCP Generative Language (Gemini) API (#10280)
• @kagahd — Create distinct report per key/secret in Azure Key Vault checks (#10332)
• @terryf82 — Add VALKEY_SCHEME, VALKEY_USERNAME, and VALKEY_PASSWORD environment variables to configure Celery broker TLS/auth for Valkey/ElastiCache (#10420)
• @apoorvdarshan — Remove return statements from finally blocks across IAM, Organizations, GCP provider, and custom checks metadata to stop silently swallowing exceptions (#10102)
• @eblume — Pass registry arguments through init_global_provider to fix prowler image --registry failing with ImageNoImagesProvidedError (#10470)
• @kaiisfree — Include threat-detection category checks in -list-checks and -list-checks-json output (#10578)
• @Jeevan-88 — Add stepfunctions_statemachine_no_secrets_in_definition (#10625)

UI

🚀 Added

• Invitation accept smart router for handling invitation flow routing (#10573)
• Invitation link backward compatibility (#10583)
• Updated invitation link to use smart router (#10575)
• Multi-tenant organization management: create, switch, edit, and delete organizations from the profile page (#10491)
• Findings grouped view with drill-down table showing resources per check, resource detail drawer, infinite scroll pagination, and bulk mute support (#10425)
• Resource events tool to Lighthouse AI (#10412)
• Vercel provider: connect Vercel teams via API token, scan deployments, domains, projects, and team settings (#10191)

🔄 Changed

• Attack Paths custom openCypher queries now use a code editor with syntax highlighting and line numbers (#10445)
• Attack Paths custom openCypher queries now link to the Prowler documentation with examples and how-to guidance instead of the upstream Cartography schema URL
• Filter summary strip: removed redundant "Clear all" link next to pills (use top-bar Clear Filters instead) and switched chip variant from outline to tag for consistency (#10481)

🐞 Fixed

• Preserve query parameters in callbackUrl during invitation flow (#10571)
• Deleting the active organization now switches to the target org before deleting, preventing JWT rejection from the backend (#10491)
• Clear Filters now resets all filters including muted findings and auto-applies, Clear all in pills only removes pill-visible sub-filters, and the discard icon is now an Undo text button (#10446)
• Send to Jira modal now dynamically fetches and displays available issue types per project instead of hardcoding "Task", fixing failures on non-English Jira instances (#10534)
• Exclude service filter from finding group resources endpoint to prevent empty results when a service filter is active (#10652)

API

🚀 Added

• RBAC role lookup filtered by tenant_id to prevent cross-tenant privilege leak (#10491)
• VALKEY_SCHEME, VALKEY_USERNAME, and VALKEY_PASSWORD environment variables to configure Celery broker TLS/auth connection details for Valkey/ElastiCache (#10420)
• Vercel provider support (#10190)
• Finding groups list and latest endpoints support sort=delta, ordering by new_count then changed_count so groups with the most new findings rank highest (#10606)
• Finding group resources endpoints (/finding-groups/{check_id}/resources and /finding-groups/latest/{check_id}/resources) now expose finding_id per row, pointing to the most recent matching Finding for each resource. UUIDv7 ordering guarantees Max(finding__id) resolves to the latest snapshot (#10630)
• Handle CIS and CISA SCuBA compliance framework from google workspace (#10629)

🔄 Changed

• Finding groups list/latest/resources now expose status ∈ {FAIL, PASS, MANUAL} and muted: bool as orthogonal fields. The aggregated status reflects the underlying check outcome regardless of mute state, and muted=true signals that every finding in the group/resource is muted. New manual_count is exposed alongside pass_count/fail_count, plus pass_muted_count/fail_muted_count/manual_muted_count siblings so clients can isolate the muted half of each status. The new_*/changed_* deltas are now broken down by status and mute state via 12 new counters (new_fail_count, new_fail_muted_count, new_pass_count, new_pass_muted_count, new_manual_count, new_manual_muted_count and the matching changed_* set). New filter[muted]=true|false and sort=status (FAIL > PASS > MANUAL) / sort=muted are supported. filter[status]=MUTED is no longer accepted (#10630)
• Attack Paths: Periodic cleanup of stale scans with dead-worker detection via Celery inspect, marking orphaned EXECUTING scans as FAILED and recovering graph_data_ready (#10387)
• Attack Paths: Replace _provider_id property with _Provider_{uuid} label for provider isolation, add regex-based label injection for custom queries (#10402)

🐞 Fixed

• reaggregate_all_finding_group_summaries_task now refreshes finding group daily summaries for every (provider, day) combination instead of only the latest scan per provider, matching the unbounded scope of mute_historical_findings_task. Mute rule operations no longer leave older daily summaries drifting from the underlying muted findings (#10630)
• Finding groups list/latest now apply computed status/severity filters and finding-level prefilters (delta, region, service, category, resource group, scan, resource type), plus check_title support for sort/filter consistency (#10428)
• Populate compliance data inside check_metadata for findings, which was always returned as null (#10449)
• 403 error for admin users listing tenants due to roles query not using the admin database connection (#10460)
• Filter transient Neo4j defunct connection logs in Sentry before_send to suppress false-positive alerts handled by RetryableSession retries (#10452)
• MANAGE_ACCOUNT permission no longer required for listing and creating tenants (#10468)
• Finding groups muted filter, counters, metadata extraction and mute reaggregation (#10477)
• Finding groups check_title__icontains resolution, name__icontains resource filter and resource_group field in /resources response (#10486)
• Membership post_delete signal using raw FK ids to avoid DoesNotExist during cascade deletions (#10497)
• Finding group resources endpoints returning false 404 when filters match no results, and sort parameter being ignored (#10510)
• Jira integration failing with JiraInvalidIssueTypeError on non-English Jira instances due to hardcoded "Task" issue type; now dynamically fetches available issue types per project (#10534)
• Finding group first_seen_at now reflects when a new finding appeared in the scan instead of the oldest carry-forward date across all unchanged findings (#10595)
• Attack Paths: Remove clear_cache call from read-only query endpoints; cache clearing belongs to the scan/ingestion flow, not API queries (#10586)

🔐 Security

• Pin all unpinned dependencies to exact versions to prevent supply chain attacks and ensure reproducible builds (#10469)
• authlib bumped from 1.6.6 to 1.6.9 to fix CVE-2026-28802 (JWT alg: none validation bypass) (#10579)
• aiohttp bumped from 3.13.3 to 3.13.5 to fix CVE-2026-34520 (the C parser accepted null bytes and control characters in response headers) (#10538)

SDK

🚀 Added

• apikeys_api_restricted_with_gemini_api and gemini_api_disabled checks for GCP provider (#10280)
• cloudfront_distributions_logging_enabled detects Standard Logging v2 via CloudWatch Log Delivery (#10090)
• glue_etl_jobs_no_secrets_in_arguments check for plaintext secrets in AWS Glue ETL job arguments (#10368)
• awslambda_function_no_dead_letter_queue, awslambda_function_using_cross_account_layers, and awslambda_function_env_vars_not_encrypted_with_cmk checks for AWS Lambda (#10381)
• entra_conditional_access_policy_mdm_compliant_device_required check for M365 provider (#10220)
• directory_super_admin_only_admin_roles check for Google Workspace provider (#10488)
• ec2_securitygroup_allow_ingress_from_internet_to_any_port_from_ip check for AWS provider using ipaddress.is_global for accurate public IP detection (#10335)
• entra_conditional_access_policy_block_o365_elevated_insider_risk check for M365 provider (#10232)
• --resource-group and --list-resource-groups CLI flags to filter checks by resource group across all providers (#10479)
• CISA SCuBA Google Workspace Baselines compliance (#10466)
• CIS Google Workspace Foundations Benchmark v1.3.0 compliance (#10462)
• calendar_external_sharing_primary_calendar, calendar_external_sharing_secondary_calendar, and calendar_external_invitations_warning checks for Google Workspace provider using the Cloud Identity Policy API (#10597)
• 11 Drive and Docs checks for Google Workspace provider (drive_external_sharing_warn_users, drive_publishing_files_disabled, drive_sharing_allowlisted_domains, drive_warn_sharing_with_allowlisted_domains, drive_access_checker_recipients_only, drive_internal_users_distribute_content, drive_shared_drive_creation_allowed, drive_shared_drive_managers_cannot_override, drive_shared_drive_members_only_access, drive_shared_drive_disable_download_print_copy, drive_desktop_access_disabled) using the Cloud Identity Policy API (#10648)
• entra_conditional_access_policy_device_registration_mfa_required check and entra_intune_enrollment_sign_in_frequency_every_time enhancement for M365 provider (#10222)
• entra_conditional_access_policy_block_elevated_insider_risk check for M365 provider (#10234)
• Vercel provider support with 30 checks (#10189)
• internet-exposed category for 13 AWS checks (CloudFront, CodeArtifact, EC2, EFS, RDS, SageMaker, Shield, VPC) (#10502)
• stepfunctions_statemachine_no_secrets_in_definition check for hardcoded secrets in AWS Step Functions state machine definitions (#10570)
• CCC improvements with the latest checks and new mappings (#10625)

🔄 Changed

• Minimum Python version from 3.9 to 3.10 and updated classifiers to reflect supported versions (3.10, 3.11, 3.12) (#10464)
• Pin direct SDK dependencies to exact versions and rely on poetry.lock artifact hashes for reproducible installs (#10593)
• Sensitive CLI flags now warn when values are passed directly, recommending environment variables instead (#10532)

🐞 Fixed

• OCI mutelist support: pass tenancy_id to is_finding_muted and update oraclecloud_mutelist_example.yaml to use Accounts key (#10566)
• return statements in finally blocks replaced across IAM, Organizations, GCP provider, and custom checks metadata to stop silently swallowing exceptions (#10102)
• JiraConnection now includes issue types per project fetched during test_connection, fixing JiraInvalidIssueTypeError on non-English Jira instances (#10534)
• --list-checks and --list-checks-json now include threat-detection category checks in their output (#10578)
• Missing __init__.py in codebuild_project_uses_allowed_github_organizations check preventing discovery by --list-checks (#10584)
• Azure Key Vault checks emitting incorrect findings for keys, secrets, and vault logging (#10332)
• is_policy_public now recognizes kms:CallerAccount, kms:ViaService, aws:CalledVia, aws:CalledViaFirst, and aws:CalledViaLast as restrictive condition keys, fixing false positives in kms_key_policy_is_not_public and other checks that use is_condition_block_restrictive (#10600)
• _enabled_regions empty-set bug in AwsProvider.generate_regional_clients creating boto3 clients for all 36 AWS regions instead of the audited ones, causing random CI timeouts and slow test runs (#10598)
• Retrieve only the latest version from a package in AWS CodeArtifact (#10243)
• AWS global services (CloudFront, Route53, Shield, FMS) now use the partition's global region instead of the profile's default region (#10458)
• Oracle Cloud events_rule_idp_group_mapping_changes now recognizes the CIS 3.1 add/remove event names to avoid false positives (#10416)
• Oracle Cloud password policy checks now exclude immutable system-managed policies (SimplePasswordPolicy, StandardPasswordPolicy) to avoid false positives (#10453)
• Oracle Cloud kms_key_rotation_enabled now checks current key version age to avoid false positives on vaults without auto-rotation support (#10450)
• OCI filestorage, blockstorage, KMS, and compute services now honor --region for scanning outside the tenancy home region (#10472)
• OCI provider now supports multi-region filtering via --region (#10473)
• prowler image --registry failing with ImageNoImagesProvidedError due to registry arguments not being forwarded to ImageProvider in init_global_provider (#10470)
• OCI multi-region support for identity client configuration in blockstorage, identity, and filestorage services (#10520)
• Google Workspace Calendar checks now filter for customer-level policies only, skipping OU and group overrides that could produce incorrect audit results (#10658)

🔐 Security

• Sensitive CLI flag values (tokens, keys, passwords) in HTML output "Parameters used" field now redacted to prevent credential leaks (#10518)
• authlib bumped from 1.6.5 to 1.6.9 to fix CVE-2026-28802 (JWT alg: none validation bypass) (#10579)
• cryptography bumped from 44.0.3 to 46.0.6 (CVE-2026-26007, CVE-2026-34073), oci to 2.169.0, and alibabacloud-tea-openapi to 0.4.4 (#10535)
• aiohttp bumped from 3.13.3 to 3.13.5 to fix CVE-2026-34520 (the C parser accepted null bytes and control characters in response headers) (#10537)

MCP

🚀 Added

• Resource events tool to get timeline for a resource (who, what, when) (#10412)

🔄 Changed

• Pin httpx dependency to exact version for reproducible installs (#10593)

🔐 Security

• authlib bumped from 1.6.5 to 1.6.9 to fix CVE-2026-28802 (JWT alg: none validation bypass) (#10579)