fix(deps): update toniblyx/prowler docker tag to v5.18.1

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change
toniblyx/prowler	minor	5.2.0 → 5.18.1

---

Release Notes

prowler-cloud/prowler (toniblyx/prowler)

v5.18.1: Prowler 5.18.1

Compare Source

UI

🐞 Fixed

• Scans page polling now only refreshes scan table data instead of re-rendering the entire server component tree, eliminating redundant API calls to providers, findings, and compliance endpoints every 5 seconds (#​9976)

v5.18.0: Prowler 5.18.0

Compare Source

✨ New features to highlight in this version

Enjoy these features and more at https://cloud.prowler.com

☁️ OpenStack Provider - CLI only

Prowler now supports OpenStack as a new cloud provider! This release introduces initial coverage with the Compute service and includes the first security check. This opens the door to assessing private cloud environments built on OpenStack.

Check the OpenStack documentation and all checks on Prowler Hub.

🔍 CloudTrail Timeline - Resource History Tracking - API only

A new CloudTrail Timeline abstraction enables querying resource modification history directly from the API. The new endpoint GET /resources/{id}/events retrieves AWS resource modification events from CloudTrail, giving you visibility into who changed what and when.

🕸️ Attack Paths Enhancements

• New privilege escalation queries for Bedrock Code Interpreter and AttachRolePolicy patterns
• Cartography upgraded to 0.126.1 with expanded AWS scans covering SageMaker, CloudFront, and Bedrock
• Neo4j database per tenant architecture for improved isolation and performance

🛡️ CodeBreach Vulnerability Detection

New check codebuild_project_webhook_filters_use_anchored_patterns helps detect the CodeBreach vulnerability in AWS CodeBuild projects by verifying webhook filters use properly anchored patterns.

📋 New Security Checks

• AWS: rds_instance_extended_support - Detect RDS instances using extended support
• M365: defender_zap_for_teams_enabled, exchange_shared_mailbox_sign_in_disabled
• GCP: compute_instance_suspended_without_persistent_disks

🏛️ HIPAA for Azure

The HIPAA compliance framework is now available for the Azure provider, helping healthcare organizations assess their Azure infrastructure against HIPAA requirements.

⚡ Performance Improvements

• Azure Key Vault parallelization - Vaults and contents retrieval now runs in parallel for faster
  scans
• Lazy-load providers and compliance data - Reduced API/worker startup memory and time
• Memory optimizations for large compliance report generation
• Partial database index on findings for faster new failed findings queries

🎨 UI Improvements

• Redesigned Resources view with an improved resource detail drawer
• Launch Scan page now displays all providers without pagination limits
• Next.js 16.1 upgrade with ESLint 9 flat config migration

⚙️ Cloudflare Enhancements

• New --account-id filter argument for Cloudflare CLI
• Cloudflare provider credentials now supported as constructor parameters for SDK usage

🛠️ AWS Cross-Account Configuration

Cross-account checks are now configurable through the trusted_account_ids config parameter, giving you control over which accounts are considered trusted for cross-account access patterns.

🐛 Bug Fixes

• Jira integration: Fixed summary truncation to 255 characters preventing INVALID_INPUT errors with long resource UIDs
• Azure: Fixed duplicated findings in entra_user_with_vm_access_has_mfa when users have multiple VM access roles

🙏 Community Contribution

Special thanks to @​AlienwareSec for contributing the fix for CSV/XLSX download failures in the Dashboard #​9946

---

UI

🔄 Changed

• Restyle resources view with improved resource detail drawer (#​9864)
• Launch Scan page now displays all providers without pagination limit (#​9700)
• Upgrade Next.js from 15.5.9 to 16.1.3 with ESLint 9 flat config migration (#​9826)

🔐 Security

• React from 19.2.3 to 19.2.4 and Next.js from 16.1.3 to 16.1.6, patching DoS vulnerability in React Server Components (GHSA-83fc-fqcc-2hmg) (#​9917)

API

🚀 Added

• Cloudflare provider support (#​9907)
• Attack Paths: Bedrock Code Interpreter and AttachRolePolicy privilege escalation queries (#​9885)
• provider_id and provider_id__in filters for resources endpoints (GET /resources and GET /resources/metadata/latest) (#​9864)
• Added memory optimizations for large compliance report generation (#​9444)
• GET /api/v1/resources/{id}/events endpoint to retrieve AWS resource modification history from CloudTrail (#​9101)
• Partial index on findings to speed up new failed findings queries (#​9904)

🔄 Changed

• Lazy-load providers and compliance data to reduce API/worker startup memory and time (#​9857)
• Attack Paths: Pinned Cartography to version 0.126.1, adding AWS scans for SageMaker, CloudFront and Bedrock (#​9893)
• Remove unused indexes (#​9904)
• Attack Paths: Modified the behaviour of the Cartography scans to use the same Neo4j database per tenant, instead of individual databases per scans (#​9955)

🐞 Fixed

• Attack Paths: aws-security-groups-open-internet-facing query returning no results due to incorrect relationship matching (#​9892)

SDK

🚀 Added

• defender_zap_for_teams_enabled check for M365 provider (#​9838)
• compute_instance_suspended_without_persistent_disks check for GCP provider (#​9747)
• codebuild_project_webhook_filters_use_anchored_patterns check for AWS provider to detect CodeBreach vulnerability (#​9840)
• exchange_shared_mailbox_sign_in_disabled check for M365 provider (#​9828)
• CloudTrail Timeline abstraction for querying resource modification history (#​9101)
• Cloudflare --account-id filter argument (#​9894)
• rds_instance_extended_support check for AWS provider (#​9865)
• OpenStack provider support with Compute service including 1 security check (#​9811)
• OpenStack documentation for the support in the CLI (#​9848)
• Add HIPAA compliance framework for the Azure provider (#​9957)
• Cloudflare provider credentials as constructor parameters (api_token, api_key, api_email) (#​9907)

🔄 Changed

• Update Azure App Service service metadata to new format (#​9613)
• Update Azure Application Insights service metadata to new format (#​9614)
• Update Azure Container Registry service metadata to new format (#​9615)
• Update Azure Cosmos DB service metadata to new format (#​9616)
• Update Azure Databricks service metadata to new format (#​9617)
• Parallelize Azure Key Vault vaults and vaults contents retrieval to improve performance (#​9876)
• Update Azure IAM service metadata to new format (#​9620)
• Update Azure Policy service metadata to new format (#​9625)
• Update Azure MySQL service metadata to new format (#​9623)
• Update Azure Defender service metadata to new format (#​9618)
• Make AWS cross-account checks configurable through trusted_account_ids config parameter (#​9692)
• Update Azure PostgreSQL service metadata to new format (#​9626)
• Update Azure SQL Server service metadata to new format (#​9627)
• Update Azure Network service metadata to new format (#​9624)
• Update Azure Storage service metadata to new format (#​9628)

🐛 Fixed

• Duplicated findings in entra_user_with_vm_access_has_mfa check when user has multiple VM access roles (#​9914)
• Jira integration failing with INVALID_INPUT error when sending findings with long resource UIDs exceeding 255-character summary limit (#​9926)
• CSV/XLSX download failure in dashboard (#​9946)

v5.17.1: Prowler 5.17.1

Compare Source

API

🐞 Fixed

• Improve API startup process by manage.py argument detection (#​9856)
• Deleting providers don't try to delete a None Neo4j database when an Attack Paths scan is scheduled (#​9858)
• Use replica database for reading Findings to add them to the Attack Paths graph (#​9861)
• Attack paths findings loading query to use streaming generator for O(batch_size) memory instead of O(total_findings) (#​9862)
• Lazy load Neo4j driver (#​9868)
• Use Findings.all_objects to avoid the ActiveProviderPartitionedManager (#​9869)
• Lazy load Neo4j driver for workers only (#​9872)
• Improve Cypher query for inserting Findings into Attack Paths scan graphs (#​9874)
• Clear Neo4j database cache after Attack Paths scan and each API query (#​9877)
• Deduplicated scheduled scans for long-running providers (#​9829)

v5.17.0: Prowler 5.17.0

Compare Source

✨ New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com

🕸️ Attack Paths

A brand new Attack Paths feature powered by Cartography and Neo4j graph database enables you to visualize and analyze potential attack vectors across your AWS environments. This feature allows security teams to:

• Execute graph-based queries against your cloud infrastructure
• Visualize attack paths as interactive graphs
• Identify privilege escalation paths and lateral movement opportunities
• Prioritize remediation based on actual exploitability

🗂️ Resource Groups Overview

A new Resource Groups feature provides aggregated views of your cloud resources organized by security-relevant groupings (e.g., Compute, Storage, Network, Identity). This helps you quickly understand which resource categories have the most security issues.

[!NOTE]
Resource group data will populate from scans executed after upgrading to v5.17.0. Previous scan data will not include resource group information.

📊 Redesigned Findings Table

The findings table has been completely rebuilt with a new design system, offering:

• Improved filtering UX with better multi-select support
• Enhanced table interactions and responsiveness
• Cleaner visual hierarchy for faster scanning
• Better integration with the new resource group filters

📋 Compliance Watchlist

A new Compliance Watchlist component on the Overview page lets you monitor your most critical compliance frameworks at a glance. Track pass/fail ratios and quickly navigate to detailed compliance views.

🎯 ThreatScore Pillar Breakdown

The Compliance Summary page now includes a detailed ThreatScore pillar breakdown, giving you visibility into how each security pillar (Identity, Data Protection, Network Security, etc.) contributes to your overall risk score.

📈 Enhanced Risk Plot

The Risk Plot has been improved with:

• Gradient background for visual risk context
• Better correlation between finding volume and security impact

🏛️ AWS European Sovereign Cloud

Full support for AWS European Sovereign Cloud regions, enabling organizations with strict data residency requirements to leverage Prowler's security scanning capabilities.

Read more about it in our blog: AWS EUSC with Prowler

☁️ Alibaba Cloud Provider (Full Support)

Alibaba Cloud now has full support in the Prowler App! After being introduced in the CLI in v5.15.0, this release brings complete API and UI integration, enabling you to:

• Add and manage Alibaba Cloud providers from the UI
• Run security scans against your Alibaba Cloud infrastructure
• View findings and compliance status alongside other cloud providers
• Calculate Prowler ThreatScore for Alibaba Cloud environments

Explore all 63 Alibaba Cloud checks at Prowler Hub.

☁️ Cloudflare Provider - CLI Only

Prowler now supports Cloudflare as a first-class cloud provider! Scan your Cloudflare infrastructure for security misconfigurations across zones, DNS, email, WAF, and more.
Available checks include:

• TLS/SSL configuration validation
• DNS record security
• Email security (SPF, DKIM, DMARC)
• Bot protection settings
• WAF configuration
• Privacy and anti-scraping settings
• Zone configuration best practices

Explore all Cloudflare checks at Prowler Hub.

📚 New Compliance Frameworks

CIS 5.0 for Azure

The latest CIS Azure Foundations Benchmark v5.0 is now available, bringing updated security controls aligned with current Azure best practices.

CIS 6.0 for Microsoft 365

New CIS Microsoft 365 Benchmark v6.0 compliance framework for comprehensive M365 security assessment.

CIS 1.12 for Kubernetes

Updated CIS Kubernetes Benchmark v1.12 with the latest container security controls.

🤖 AI Skills Pack

Prowler now includes an AI Skills Pack for AI coding assistants like Claude Code, OpenCode, and Codex. Following the agentskills.io standard, this enables AI assistants to better understand Prowler's codebase and contribute more effectively.

🧩 New Checks

GCP - Compute (10 new checks)

• compute_instance_group_multiple_zones - Ensure instance groups span multiple zones for HA
• compute_instance_group_autohealing_enabled - Verify autohealing is configured
• compute_instance_group_load_balancer_attached - Check load balancer attachment
• compute_instance_disk_auto_delete_disabled - Prevent accidental data loss
• compute_configuration_changes - Detect configuration changes in Cloud Audit Logs
• compute_instance_single_network_interface - Enforce single NIC policy
• compute_image_not_publicly_shared - Prevent public image exposure
• compute_snapshot_not_outdated - Identify stale snapshots
• compute_project_os_login_2fa_enabled - Enforce 2FA for OS Login
• compute_instance_on_host_maintenance_migrate - Verify live migration settings

🚀 Azure Entra Performance

We've improved performance when retrieving user registration and MFA details from the Azure and M365 Entra services. As part of this enhancement, an additional API call is now required for Azure, which means that service principals used to scan Azure must be granted the AuditLog.Read.All permission. You can find more details in our documentation.

[!NOTE]
M365 apps don't need any update, since it was already required.

🔐 Security Updates

Security patches across all components:

• Django 5.1.15 (CVE-2025-64460, CVE-2025-13372)
• Node.js 24.13.0 LTS (8 CVEs from January 2026 advisory)
• Werkzeug 3.1.4 (CVE-2025-66221)
• django-allauth v65.13.0 (CVE-2025-65431)
• pyasn1 v0.6.2 (CVE-2026-23490)
• safety 3.7.0 (CVE-2025-68146)
• LangChain 1.2.10 and @​langchain/core 1.1.15

---

UI

🚀 Added

• Search bar when adding a provider (#​9634)
• New findings table UI with new design system components, improved filtering UX, and enhanced table interactions (#​9699)
• Gradient background to Risk Plot for visual risk context (#​9664)
• ThreatScore pillar breakdown to Compliance Summary page and detail view (#​9773)
• Provider and Group filters to Resources page (#​9492)
• Compliance Watchlist component in Overview page (#​9786)
• Add a new main section for list Attack Paths scans, execute queries on them and view their result as a graph (#​9805)
• Resource group label filter to Resources page (#​9820)

🔄 Changed

• Refactor Lighthouse AI MCP tool filtering from blacklist to whitelist approach for improved security (#​9802)
• Refactor ScatterPlot as reusable generic component with TypeScript generics (#​9664)
• Rename resource_group filter to group in Resources page and Overview cards (#​9492)
• Update Resources filters to use __in format for multi-select support (#​9492)
• Swap Risk Plot axes: X = Fail Findings, Y = Prowler ThreatScore (#​9664)
• Remove duplicate scan_id filter badge from Findings page (#​9664)
• Remove unused hasDots prop from RadialChart component (#​9664)

🐞 Fixed

• OCI update credentials form failing silently due to missing provider UID (#​9746)

🔐 Security

• Node.js from 20.x to 24.13.0 LTS, patching 8 CVEs from January 2026 security advisory (#​9797)
• langchain from 1.1.5 to 1.2.10 and @​langchain/core from 1.1.8 to 1.1.15 (#​9797)

API

🚀 Added

• /api/v1/overviews/compliance-watchlist endpoint to retrieve the compliance watchlist (#​9596)
• AlibabaCloud provider support (#​9485)
• /api/v1/overviews/resource-groups endpoint to retrieve an overview of resource groups based on finding severities (#​9694)
• group filter for GET /findings and GET /findings/metadata/latest endpoints (#​9694)
• provider_id and provider_id__in filter aliases for findings endpoints to enable consistent frontend parameter naming (#​9701)
• Attack Paths: /api/v1/attack-paths-scans for AWS providers backed by Neo4j (#​9805)

🔐 Security

• Django 5.1.15 (CVE-2025-64460, CVE-2025-13372), Werkzeug 3.1.4 (CVE-2025-66221), sqlparse 0.5.5 (PVE-2025-82038), fonttools 4.60.2 (CVE-2025-66034) (#​9730)
• safety to 3.7.0 and filelock to 3.20.3 due to Safety vulnerability 82754 (CVE-2025-68146) (#​9816)
• pyasn1 to v0.6.2 to address CVE-2026-23490 (#​9818)
• django-allauth[saml] to v65.13.0 to address CVE-2025-65431 (#​9575)

SDK

🚀 Added

• AI Skills pack for AI coding assistants (Claude Code, OpenCode, Codex) following agentskills.io standard (#​9728)
• Prowler ThreatScore for the Alibaba Cloud provider (#​9511)
• compute_instance_group_multiple_zones check for GCP provider (#​9566)
• compute_instance_group_autohealing_enabled check for GCP provider (#​9690)
• Support AWS European Sovereign Cloud (#​9649)
• compute_instance_disk_auto_delete_disabled check for GCP provider (#​9604)
• Bedrock service pagination (#​9606) - Thanks to @​sonofagl1tch
• ResourceGroup field to all check metadata for resource classification (#​9656)
• compute_configuration_changes check for GCP provider to detect Compute Engine configuration changes in Cloud Audit Logs (#​9698)
• compute_instance_group_load_balancer_attached check for GCP provider (#​9695)
• Cloudflare provider with critical security checks (#​9423)
• CloudFlare TLS/SSL, records and email checks for zone service (#​9424)
• compute_instance_single_network_interface check for GCP provider (#​9702)
• compute_image_not_publicly_shared check for GCP provider (#​9718)
• compute_snapshot_not_outdated check for GCP provider (#​9774)
• compute_project_os_login_2fa_enabled check for GCP provider (#​9839)
• compute_instance_on_host_maintenance_migrate check for GCP provider (#​9834)
• CIS 1.12 compliance framework for Kubernetes (#​9778)
• CIS 6.0 for M365 provider (#​9779)
• CIS 5.0 compliance framework for the Azure provider (#​9777)
• Cloudflare Bot protection, WAF, Privacy, Anti-Scraping and Zone configuration checks (#​9425)

🔄 Changed

• Update AWS Step Functions service metadata to new format (#​9432)
• Update AWS Route 53 service metadata to new format (#​9406)
• Update AWS SQS service metadata to new format (#​9429)
• Update AWS Shield service metadata to new format (#​9427)
• Update AWS Secrets Manager service metadata to new format (#​9408)
• Improve SageMaker service tag retrieval with parallel execution (#​9609) - Thanks to @​sonofagl1tch
• Update AWS Redshift service metadata to new format (#​9385)
• Update AWS Storage Gateway service metadata to new format (#​9433)
• Update AWS Well-Architected service metadata to new format (#​9482)
• Update AWS SSM service metadata to new format (#​9430)
• Update AWS Organizations service metadata to new format (#​9384)
• Update AWS Resource Explorer v2 service metadata to new format (#​9386)
• Update AWS SageMaker service metadata to new format (#​9407)
• Update AWS Security Hub service metadata to new format (#​9409)
• Update AWS SES service metadata to new format (#​9411)
• Update AWS SSM Incidents service metadata to new format (#​9431)
• Update AWS WorkSpaces service metadata to new format (#​9483)
• Update AWS OpenSearch service metadata to new format (#​9383)
• Update AWS VPC service metadata to new format (#​9479)
• Update AWS Transfer service metadata to new format (#​9434)
• Update AWS S3 service metadata to new format (#​9552)
• Update AWS DataSync service metadata to new format (#​8854)
• Update AWS RDS service metadata to new format (#​9551)
• Update AWS Bedrock service metadata to new format (#​8827)
• Update AWS IAM service metadata to new format (#​9550)
• Enhance user_registration_details perfomance and user mfa evaluation (#​9236)
• Update AWS Cognito service metadata to new format (#​8853)
• Update AWS EC2 service metadata to new format (#​9549)
• Update Azure AI Search service metadata to new format (#​9087)
• Update Azure AKS service metadata to new format (#​9611)
• Update Azure API Management service metadata to new format (#​9612)

🐞 Fixed

• OCI authentication error handling and validation (#​9738)
• Python mutable default argument in AWS EC2 Security Group lib (#​9216) - Thanks to @​leetrout

🔐 Security

• safety to 3.7.0 and filelock to 3.20.3 due to Safety vulnerability 82754 (CVE-2025-68146) (#​9816)
• pyasn1 to v0.6.2 to address CVE-2026-23490 (#​9817)

v5.16.1: Prowler 5.16.1

Compare Source

UI

🔄 Changed

• Lighthouse AI meta tools descriptions updated for clarity with more representative examples (#​9632)

API

🔄 Changed

• Security Hub integration error when no regions (#​9635)

🐞 Fixed

• Orphan scheduled scans caused by transaction isolation during provider creation (#​9633)

SDK

🐞 Fixed

• ZeroDivision error from Prowler ThreatScore (#​9653)

v5.16.0: Prowler 5.16.0

Compare Source

✨ New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com

🤖 Lighthouse AI + MCP Server

This release introduces major improvements to Lighthouse AI, now powered by Prowler’s official MCP Server, significantly enhancing performance, reliability, and the quality of AI-driven interactions across the platform:

• Lighthouse AI now runs on the official MCP Server, providing a standardized and reliable foundation for AI interactions across Prowler.
• Improved Lighthouse AI architecture, delivering faster responses and a more consistent, structured output format.
• Smarter AI model selection for the OpenAI provider, automatically loading only chat-compatible models with tool-calling support to ensure a smoother experience.
• New MCP tools for Compliance Framework Management, enabling AI assistants to query compliance status across multiple frameworks and drill down to requirement-level details.
• AI-optimized MCP tool responses across Prowler Hub and Docs, with standardized formats designed for faster and more accurate natural language interactions.

Together, these improvements make Lighthouse AI more robust, scalable, and capable of delivering actionable security and compliance insights through natural language.

🔇 Simple Mutelist

Findings can be muted after scanning from the finding table. A new page is available in /mutelist where the user can handle simple and advanced Mutelist configuration.

🗂️ Category Overview & Filtering

We've introduced a powerful new way to analyze your security posture by category. A new endpoint provides an overview of categories based on finding severities, giving you instant visibility into how different security domains are performing across your environment. Additionally, both GET /findings and GET /findings/latest endpoints now support category filtering, making it easier to drill down into specific security domains.

📄 Enhanced PDF Reporting

PDF reports now include richer context with Account ID, Alias, and Provider Name directly in the reporting table. This makes exported reports more actionable and easier to share across teams, providing all the context needed without cross-referencing other sources.

⚡ Performance & Reliability Improvements

The GET /overviews/attack-surfaces endpoint has been streamlined by removing related check IDs from the response, improving performance and reducing payload size. Additionally, scheduled scan tasks now have a more reliable initialization with optimized execution timing.

🛡️ New AWS Security Categories

Two new AWS check categories have been added: privilege-escalation and ec2-imdsv1.
These categories improve visibility into high-risk misconfigurations, helping teams more easily identify paths to privilege escalation and legacy EC2 Instance Metadata Service v1 usage.

🔄 Updated AWS Service Metadata

Multiple AWS services have been migrated to the new service metadata format, including Glue, Kafka, KMS, MemoryDB, Inspector v2, Service Catalog, SNS, Trusted Advisor, and WAF (v1 and v2).
These updates improve consistency, accuracy, and long-term maintainability across AWS checks.

🧹 Data & Category Consistency Fixes

Several fixes improve correctness and normalization across providers:

• Corrected the trust-boundaries category naming.
• Fixed Bedrock Agent regional availability using official AWS documentation.
• Normalized region storage to lowercase for MongoDB Atlas and GCP Cloud Storage buckets.

---

UI

🚀 Added

• SSO and API Key link cards to Integrations page for better discoverability (#​9570)
• Risk Radar component with category-based severity breakdown to Overview page (#​9532)
• More extensive resource details (partition, details and metadata) within Findings detail and Resources detail view (#​9515)
• Integrated Prowler MCP server with Lighthouse AI for dynamic tool execution (#​9255)
• Implement "MuteList Simple" feature allowing users to mute findings directly from the findings table with checkbox selection, and a new dedicated /mutelist route with Simple (mute rules list) and Advanced (YAML config) tabs. (#​9577)

🔄 Changed

• Lighthouse AI markdown rendering with strict markdownlint compliance and nested list styling (#​9586)
• Lighthouse AI default model updated from gpt-4o to gpt-5.2 (#​9586)
• Lighthouse AI destructive MCP tools blocked from LLM access (delete, trigger scan, etc.) (#​9586)

🐞 Fixed

• Lighthouse AI angle-bracket placeholders now render correctly in chat messages (#​9586)
• Lighthouse AI recommended model badge contrast improved (#​9586)

API

🚀 Added

• New endpoint to retrieve and overview of the categories based on finding severities (#​9529)
• Endpoints GET /findings and GET /findings/latests can now use the category filter (#​9529)
• Account id, alias and provider name to PDF reporting table (#​9574)

🔄 Changed

• Endpoint GET /overviews/attack-surfaces no longer returns the related check IDs (#​9529)
• OpenAI provider to only load chat-compatible models with tool calling support (#​9523)
• Increased execution delay for the first scheduled scan tasks to 5 seconds(#​9558)

🐞 Fixed

• Made scan_id a required filter in the compliance overview endpoint (#​9560)
• Reduced unnecessary UPDATE resources operations by only saving when tag mappings change, lowering write load during scans (#​9569)

SDK

🚀 Added

• privilege-escalation and ec2-imdsv1 categories for AWS checks (#​9537)
• Supported IaC formats and scanner documentation for the IaC provider (#​9553)

🔄 Changed

• Update AWS Glue service metadata to new format (#​9258)
• Update AWS Kafka service metadata to new format (#​9261)
• Update AWS KMS service metadata to new format (#​9263)
• Update AWS MemoryDB service metadata to new format (#​9266)
• Update AWS Inspector v2 service metadata to new format (#​9260)
• Update AWS Service Catalog service metadata to new format (#​9410)
• Update AWS SNS service metadata to new format (#​9428)
• Update AWS Trusted Advisor service metadata to new format (#​9435)
• Update AWS WAF service metadata to new format (#​9480)
• Update AWS WAF v2 service metadata to new format (#​9481)

🐞 Fixed

• Fix typo trustboundaries category to trust-boundaries (#​9536)
• Fix incorrect bedrock-agent regional availability, now using official AWS docs instead of copying from bedrock
• Store MongoDB Atlas provider regions as lowercase (#​9554)
• Store GCP Cloud Storage bucket regions as lowercase (#​9567)

MCP

🚀 Added

• Add new MCP Server tools for Prowler Compliance Framework Management (#​9568)

🔄 Changed

• Update API base URL environment variable to include complete path (#​9542)
• Standardize Prowler Hub and Docs tools format for AI optimization (#​9578)

v5.15.1: Prowler 5.15.1

Compare Source

UI

🔐 Security

• Bump Next.js to version 15.5.9 (#​9522), (#​9513)
• Bump React to version 19.2.2 (#​9534)

API

🐞 Fixed

• Race condition in scheduled scan creation by adding countdown to task (#​9516)

SDK

🐞 Fixed

• Fix false negative in AWS apigateway_restapi_logging_enabled check by refining stage logging evaluation to ensure logging level is not set to "OFF" (#​9304) - Thanks to @​bota4go

v5.15.0: Prowler 5.15.0

Compare Source

✨ New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com

🎯 New Overview Experience

We've expanded and refined the Overview to give you a clearer, more actionable understanding of your cloud security posture at a glance. The new panels bring richer visual context, better prioritization cues, and faster navigation across your environments.

🚨 Attack Surface

Instantly understand your most exposed risks, including internet-facing resources, leaked secrets, privilege-escalation paths, and critical misconfigurations.

From this release forward, this view will display data as soon as new scans are run.

📡 Service Watchlist

A real-time view of your riskiest cloud services, helping you focus remediation on the areas with the highest impact.

📈 Findings Severity Over Time

Track how your security posture evolves. This panel visualizes severity trends (Critical, High, Medium, Low, Informational) across days, weeks, or months so you can measure progress and detect regressions.

🧬 Risk Pipeline

A complete flow of findings from their source providers (AWS, Azure, Google Cloud, Kubernetes, GitHub, Microsoft 365, OCI, IaC, MongoDB Atlas) into their severity levels. Ideal for understanding where risk originates and how it distributes across your environments.

🌍 Threat Map

A global, region-based view of findings to help you quickly pinpoint where misconfigurations occur geographically, with pass/fail ratios per region.

🧮 Risk Plot

A severity-weighted visualization of your Threat Score, enabling you to immediately identify high-risk environments and understand how critical findings influence overall exposure, not just by volume but by impact.

⏳ Navigation Loading Bar

To improve the overall user experience, we've introduced a new navigation loading bar. This subtle progress indicator replaces silent page transitions, giving users immediate feedback that something is happening in the background. It makes the interface feel faster, smoother, and more responsive, especially when loading large datasets.

🤖 MCP Server - Prowler Management

The Prowler MCP Server has been completely redesigned to give AI assistants and LLMs control over your Prowler environment. The new version introduces comprehensive tools for:

• Findings: Query security findings directly
• Provider Management: Add, configure, and manage cloud provider connections
• Resource Management: Browse and inspect your cloud resources
• Muting Management: Mute and unmute findings programmatically
• Scan Management: Trigger and monitor security scans

This enables powerful AI-driven security workflows. Ask your AI assistant to scan your accounts, identify critical findings, or generate compliance reports, all through natural language.

🌐 New Cloud Providers

🍃 MongoDB Atlas

MongoDB Atlas is now fully supported in the Prowler App, enabling you to assess and monitor the security posture of your managed database clusters directly from the UI.

☁️ Alibaba Cloud (CLI Only)

Alibaba Cloud is now available in the Prowler CLI. Full Prowler App support is coming in the next release!

See the 63 available checks in Prowler Hub

🤖 Lighthouse AI - Amazon Bedrock API Key Support

Lighthouse AI now supports Amazon Bedrock API key authentication as an alternative to IAM access keys. This simplifies onboarding by allowing users to authenticate with a single API key instead of managing IAM credentials. Both authentication methods (IAM Access Key Pair and Bedrock API Key) are fully supported.

Read more about it here.

📚 Compliance Improvements

🔒 CIS 2.0 for Alibaba Cloud

New CIS Alibaba Cloud Foundation Benchmark v2.0.0 compliance framework, providing comprehensive security configuration guidelines for Alibaba Cloud environments.

✅ SOC 2 Processing Integrity

Added Processing Integrity requirements to the SOC 2 compliance framework for AWS, Azure, and GCP providers, expanding coverage for data processing controls.

🏦 RBI Cyber Security Framework - Thanks to @​KonstGolfi

New RBI Cyber Security Framework compliance support for Azure provider, helping organizations in the Indian financial sector meet regulatory requirements.

📦 pnpm Migration

The UI has migrated from npm to pnpm for package management, bringing faster installs, stricter dependency resolution, and more consistent builds across environments.

🔍 All Providers in Prowler Hub

Explore all Prowler security checks, compliance frameworks, and supported providers in one place at Prowler Hub. Browse checks by provider, search for specific security controls, and discover which compliance frameworks map to each check, all in a beautifully designed, searchable interface.

🧩 New Checks

GitHub - Repository

• repository_immutable_releases_enabled - Thanks to @​Sakeeb91

GCP - Compute & CloudStorage

• compute_instance_preemptible_vm_disabled
• compute_instance_automatic_restart_enabled
• compute_instance_deletion_protection_enabled
• cloudstorage_uses_vpc_service_controls

---

UI

🚀 Added

• Risk Plot component with interactive legend and severity navigation to Overview page (#​9469)
• Navigation progress bar for page transitions using Next.js onRouterTransitionStart (#​9465)
• Findings Severity Over Time chart component to Overview page (#​9405)
• Attack Surface component to Overview page (#​9412)

🔄 Changed

• Migrate package manager from npm to pnpm for faster installs and stricter dependency resolution (#​9442)
• Pin pnpm to version 10 in Dockerfile for consistent builds (#​9452)
• Compliance Watchlist component to Overview page (#​9199)
• Service Watchlist component to Overview page (#​9316)
• Risk Pipeline component with Sankey chart to Overview page (#​9317)
• Threat Map component to Overview Page (#​9324)
• MongoDB Atlas provider support (#​9253)
• Lighthouse AI support for Amazon Bedrock API key (#​9343)

🐞 Fixed

• Show top failed requirements in compliance specific view for compliance without sections (#​9471)

API

🚀 Added

• New endpoint to retrieve an overview of the attack surfaces (#​9309)
• New endpoint GET /api/v1/overviews/findings_severity/timeseries to retrieve daily aggregated findings by severity level (#​9363)
• Lighthouse AI support for Amazon Bedrock API key (#​9343)
• Exception handler for provider deletions during scans (#​9414)
• Support to use admin credentials through the read replica database (#​9440)

🔄 Changed

• Error messages from Lighthouse celery tasks (#​9165)
• Restore the compliance overview endpoint's mandatory filters (#​9338)

SDK

🚀 Added

• cloudstorage_uses_vpc_service_controls check for GCP provider (#​9256)
• Alibaba Cloud provider with CIS 2.0 benchmark (#​9329)
• repository_immutable_releases_enabled check for GitHub provider (#​9162)
• compute_instance_preemptible_vm_disabled check for GCP provider (#​9342)
• compute_instance_automatic_restart_enabled check for GCP provider (#​9271)
• compute_instance_deletion_protection_enabled check for GCP provider (#​9358)
• Update SOC2 - Azure with Processing Integrity requirements (#​9463)
• Update SOC2 - GCP with Processing Integrity requirements (#​9464)
• Update SOC2 - AWS with Processing Integrity requirements (#​9462)
• RBI Cyber Security Framework compliance for Azure provider (#​8822)

🔄 Changed

• Update AWS Macie service metadata to new format (#​9265)
• Update AWS Lightsail service metadata to new format (#​9264)
• Update AWS GuardDuty service metadata to new format (#​9259)
• Update AWS Network Firewall service metadata to new format (#​9382)
• Update AWS MQ service metadata to new format (#​9267)
• Update AWS Macie service metadata to new format (#​9265)
• Update AWS Lightsail service metadata to new format (#​9264)

🐞 Fixed

• Fix duplicate requirement IDs in ISO 27001:2013 AWS compliance framework by adding unique letter suffixes
• Removed incorrect threat-detection category from checks metadata (#​9489)
• GCP cloudstorage_uses_vpc_service_controls check to handle VPC Service Controls blocked API access (#​9478)

MCP

🚀 Added

• Remove all Prowler

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

---

• Branch has one or more failed status checks