github prowler-cloud/prowler 5.3.0
Prowler 5.3.0
on GitHub

13 hours ago

🎨 UI

Improved UX in Forms

  • Enhanced the sign-in and sign-up forms to provide a smoother user experience.
  • Improved form validation and error handling for better clarity and guidance.

πŸš€ Real-Time Scan Visibility

  • New! πŸŽ‰ Scans now appear immediately after launching them, eliminating the previous delay.
  • When setting up a provider and initiating the first scan, it will be displayed right away instead of requiring users to wait several minutes.
  • This improvement provides instant feedback and a more seamless experience when running scans.

πŸ’» API

πŸ• Scheduled Scans

  • Daily scheduled scan instances are now created beforehand with SCHEDULED state, making scheduled scans visible before launching them.

πŸ”Ž Findings

  • Findings endpoints now require at least one date filter to get all the findings.
  • Findings metadata endpoint received a performance improvement.

☁️ Providers

  • Increased the allowed length of the provider UID for Kubernetes providers to support AWS EKS, Azure AKS and GCP GKE.

πŸ”§ SDK

Microsoft365 Provider πŸŽ‰

We’re excited to announce that Prowler now supports Microsoft365 as a new cloud provider! This release introduces several dedicated security and compliance checks tailored for Microsoft365 environments. These new assessments help you identify configuration gaps, enforce best practices, and maintain a strong security posture across your Microsoft365 deployments.

This is only available in Prowler CLI and will be added to the API and UI πŸ”œ

Try it out now with: prowler microsoft365 {--sp-env-auth | --az-cli-auth | --browser-auth} πŸš€

Choose the authentication method that best suits your needs:

  1. Service Principal Credentials: Uses a registered app in Entra (formerly Azure AD) with client credentials (tenant ID, client ID and client secret).
  2. Azure CLI: Uses your logged-in Azure CLI session.
  3. Interactive Browser: Opens a browser window to sign in manually.

Five new checks ❗

This release includes several new security and compliance checks designed specifically for Microsoft365 environments:

  • admincenter_groups_not_public_visibility
  • admincenter_settings_password_never_expire
  • admincenter_users_admins_reduced_license_footprint
  • admincenter_users_between_two_and_four_global_admins
  • entra_thirdparty_integrated_apps_not_allowed

You can see all the Microsoft365 checks with prowler microsoft365 --list-checks

πŸ“– 1 new Compliance Framework

  • CIS (Center for Internet Security) Microsoft 365 Foundations Benchmark v4.0.0

New AWS Check βœ…

We’ve added a new security check in AWS KMS:

  • kms_cmk_not_multi_region

This check ensures that KMS Customer Managed Keys (CMKs) are not multi-region, helping enforce security best practices for key management.

πŸŽ‰ Special thanks to our external contributor wunzeco for this contribution!

Full Changelog: 5.2.3...5.3.0

Check out latest releases or
releases around prowler-cloud/prowler 5.3.0

Don't miss a new prowler release

NewReleases is sending notifications on new releases.

Get notifications