New features to highlight in this version

🔐 Social Login with Google and GitHub

Prowler now supports social login via Google and GitHub!
From this release on, you can authenticate with your existing Google or GitHub account to access Prowler — no need to manage separate credentials.

This is just the beginning — future updates will include:

• Support for more identity providers
• Enhanced access control and user management
• Org-level identity integrations (e.g., SSO)

🔇 Muted Findings Support

Starting with this release, the Prowler App now supports muted findings. Findings returned by the API will be automatically muted based on the SDK provider’s default mutelist.

This is the first step toward more flexible muting capabilities. In upcoming versions, users will be able to:

• Mute specific findings via the API
• Filter muted findings
• Import and manage custom mutelist files
• Create and edit mutelists to fit their specific security requirements

🛡️ 17 New Microsoft 365 Entra Checks

We’ve expanded Prowler’s Microsoft 365 coverage with 17 new checks for the Entra service, giving you deeper visibility and control over identity and access management.

* entra_admin_consent_workflow_enabled
* entra_admin_portals_access_restriction
* entra_admin_users_cloud_only
* entra_admin_users_mfa_enabled
* entra_admin_users_phishing_resistant_mfa_enabled
* entra_admin_users_sign_in_frequency_enabled
* entra_dynamic_group_for_guests_created
* entra_identity_protection_sign_in_risk_enabled
* entra_identity_protection_user_risk_enabled
* entra_legacy_authentication_blocked
* entra_managed_device_required_for_authentication
* entra_managed_device_required_for_mfa_registration
* entra_password_hash_sync_enabled
* entra_policy_guest_invite_only_for_admin_roles
* entra_policy_guest_users_access_restrictions
* entra_policy_restricts_user_consent_for_apps
* entra_users_mfa_enabled

🕒 More Control Over Daily Scans

You now have the option to skip scheduling the daily scan when adding a new provider.

This gives you more flexibility during setup — especially useful if you want to configure the provider, test things out, or onboard gradually before enabling automatic daily scans.

📈 Expanded Compliance Coverage

We’re continuously working to expand and improve our compliance coverage — and in this release, we’ve added support for 4 new compliance frameworks:

• SOC 2 for Google Cloud Platform (GCP)
• ISO 27001:2022 for Azure, GCP, and Kubernetes

This means better visibility, more accurate reporting, and stronger alignment with industry standards across your cloud environments.

🌐 New (Unofficial) Cloud Provider: NHN Cloud

Prowler now includes initial support for NHN Cloud with 6 security checks across compute and networking services.

Note: NHN Cloud is not an officially supported provider.

Available NHN checks:

* compute_instance_login_user
* compute_instance_public_ip
* compute_instance_security_groups
* network_vpc_has_empty_routingtables
* network_vpc_subnet_enable_dhcp
* network_vpc_subnet_has_external_router

We’re exploring support for more providers based on community interest. Try it out and let us know what you think!

Many thanks to @eeche for the work creating this new provider 🥇

🎨 UI

🚀 Features

• Social login integration with Google and GitHub (#7218)
• Added one-time scan feature: Adds support for single scan execution. (#7188)
• Accepted invitations can no longer be edited. (#7198)
• Added download column in scans table to download reports for completed scans. (#7353)
• Show muted icon when a finding is muted. (#7378)
• Added static status icon with link to service status page. (#7468)

🔄 Changed

• Tweak styles for compliance cards. (#7148).
• Upgrade Next.js to v14.2.25 to fix a middleware authorization vulnerability. (#7339)
• Apply default filter to show only failed items when coming from scan table. (#7356)
• Fix link behavior in scan cards: only disable "View Findings" when scan is not completed or executing. (#7368)

💻 API

🚀 Features

• Support for developing new integrations (#7167).
• HTTP Security Headers (#7289).
• New endpoint to get the compliance overviews metadata (#7333).
• Support for muted findings (#7378).
• Added missing fields to API findings and resources (#7318).

🔧 SDK

🚀 Features

• Added 17 new Microsoft 365 Entra checks
• Added basic authentication to the SDK Jira integration
• 4 new Compliance Frameworks for Azure, GCP and Kubernetes

Full Changelog: 5.4.4...5.5.0