Andoni A.
60350794da
feat(api): show only production URL in API reference playground
2025-11-12 09:47:28 +01:00
Andoni Alonso
6a876a3205
Merge branch 'master' into DEVREL-98-include-open-api-specification-in-mintlify
2025-11-12 09:22:08 +01:00
Pedro Martín
427dab6810
fix(compliance): handle check_id not in Prowler Checks ( #9208 )
2025-11-12 09:11:34 +01:00
Josema Camacho
7cb0ed052d
chore(security): upgrading django to 5.1.14 ( #9176 )
2025-11-11 16:51:28 +01:00
Adrián Jesús Peña Rodríguez
beec37b0da
feat(threatscore): implement ThreatScoreSnapshot model, filter, serializer, and view for ThreatScore metrics retrieval ( #9148 )
2025-11-11 10:19:48 +01:00
Andoni A.
e9f6bc8604
chore: update CHANGELOG
2025-11-11 07:36:18 +01:00
Andoni A.
dc71d86c35
chore(api): regenerate openapi schema
2025-11-10 08:57:34 +01:00
Andoni Alonso
7a54900a62
Merge branch 'master' into DEVREL-98-include-open-api-specification-in-mintlify
2025-11-10 08:39:59 +01:00
Rakan Farhouda
f0b1c4c29e
fix(api): update unique constraint for Provider model to exclude soft… ( #9054 )
2025-11-07 13:16:55 +01:00
Daniel Barranquero
7e03b423dd
feat(api): add MongoDBAtlas provider to api ( #9167 )
2025-11-06 16:37:38 -05:00
Andoni A.
1d62b8d64e
fix(docs): json version is not needed
2025-11-05 14:52:23 +01:00
Andoni A.
676a11bb13
feat(docs): use symlink to point to openapi spec
2025-11-05 12:43:16 +01:00
Andoni A.
4b80544f0a
chore: update CHANGELOG
2025-11-05 12:35:44 +01:00
Andoni A.
6815a9dd86
feat(api): add dynamic server URL configuration to OpenAPI schema
...
Add a new postprocessing hook 'add_api_servers' that dynamically configures
the servers array in the OpenAPI specification based on the request environment.
This hook:
- Detects the current environment (local, staging, or production) from the
request host
- Adds the current server URL as the primary option
- Includes production (https://api.prowler.com ) as a fallback option when
generating from non-production environments
- Enables users to toggle between local and production servers in Mintlify's
API playground via a dropdown
Server detection logic:
- localhost/127.0.0.1 → "Local Development Server"
- hosts with 'dev' or 'staging' → "Development/Staging API"
- api.prowler.com → "Prowler Cloud API"
This enables the "Try it out" feature in Mintlify documentation and allows
testing against different environments without modifying the spec.
2025-11-05 12:04:18 +01:00
Andoni A.
00441e776d
feat(api): add OpenAPI schema postprocessing hooks for Mintlify compatibility
...
Add three postprocessing hooks to fix OpenAPI 3.0.x compatibility issues
generated by drf-spectacular-jsonapi:
1. fix_empty_id_fields: Fixes empty id field definitions ({}) in JSON:API
request schemas (particularly PATCH/update requests) by replacing them
with proper schema: {"type": "string", "format": "uuid", "description": "..."}
2. fix_pattern_properties: Converts patternProperties to additionalProperties
for OpenAPI 3.0 compatibility. patternProperties is only available in
OpenAPI 3.1+, but drf-spectacular generates 3.0.3 specs. This is needed
for the Prowler mutelist configuration which uses dynamic keys.
3. fix_type_formats: Fixes invalid type values like "email" that
drf-spectacular generates from Django's EmailField. Converts them to
proper OpenAPI format: "type": "string" with "format": "email".
Also handles "url" → "uri" and "uuid" formats.
These hooks ensure the generated OpenAPI schema validates correctly with
Mintlify and other OpenAPI 3.0.x tools.
2025-11-05 11:36:24 +01:00
Andoni A.
4037927c61
Merge branch 'master' into try-openapi
2025-11-05 10:36:07 +01:00
Sergio Garcia
f16f94acf3
chore(oci): rename OCI provider to oraclecloud with oci alias ( #9126 )
2025-11-04 11:44:56 -05:00
Andoni Alonso
601495166c
feat(iac): add IaC to Prowler App ( #8751 )
2025-11-04 10:01:58 +01:00
Sergio Garcia
39710a6841
fix(api): correct OCI provider compliance directory mapping ( #9111 )
2025-10-31 10:33:13 -04:00
Chandrapal Badshah
c3940c7454
feat: Add Amazon Bedrock & OpenAI Compatible provider to Lighthouse AI ( #8957 )
...
Co-authored-by: Chandrapal Badshah <12944530+Chan9390@users.noreply.github.com >
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com >
Co-authored-by: Víctor Fernández Poyatos <victor@prowler.com >
2025-10-31 13:54:15 +01:00
Víctor Fernández Poyatos
c5e88f4a74
feat(rls-transaction): add retry for read replica connections ( #9064 )
2025-10-31 11:09:05 +01:00
Víctor Fernández Poyatos
5d4415d090
feat(mute-rules): Support simple muting in API ( #9051 )
2025-10-31 10:49:17 +01:00
Andoni A.
20337b7e0c
poc: test yq to create json schema
2025-10-31 08:24:21 +01:00
Pedro Martín
f831171a21
feat(compliance): add C5 for GCP provider ( #9097 )
2025-10-30 15:55:07 +01:00
Chandrapal Badshah
f9afb50ed9
fix(api): standardize JSON:API resource types for Lighthouse endpoints ( #9085 )
...
Co-authored-by: Chandrapal Badshah <12944530+Chan9390@users.noreply.github.com >
2025-10-30 13:36:51 +01:00
Adrián Jesús Peña Rodríguez
aa8be0b2fe
fix(api): update database routing logic in MainRouter ( #9080 )
2025-10-30 12:30:53 +01:00
Pedro Martín
fcf817618a
feat(compliance): add c5 azure base ( #9081 )
...
Co-authored-by: Sergio Garcia <hello@mistercloudsec.com >
2025-10-30 09:54:50 +01:00
Pepe Fagoaga
3b7eba64aa
chore: remove not used admin interface ( #9059 )
2025-10-29 17:37:09 +05:45
Adrián Jesús Peña Rodríguez
6c34945829
feat(api): enhance overview provider aggregation and resource counting ( #9053 )
2025-10-29 10:31:40 +01:00
Sergio Garcia
dad100b87a
feat(api): add Oracle Cloud Infrastructure (OCI) provider support ( #8927 )
...
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com >
2025-10-28 16:43:24 +01:00
Adrián Jesús Peña Rodríguez
662296aa0e
feat(api): enhance provider filtering and pagination capabilities ( #8975 )
2025-10-28 16:36:35 +01:00
Chandrapal Badshah
8ebefb8aa1
feat: add lighthouse support for multiple providers ( #8772 )
...
Co-authored-by: Chandrapal Badshah <12944530+Chan9390@users.noreply.github.com >
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com >
Co-authored-by: Víctor Fernández Poyatos <victor@prowler.com >
2025-10-27 16:23:54 +01:00
Víctor Fernández Poyatos
ba8dbb0d28
fix(s3): file uploading for threatscore ( #8993 )
2025-10-23 16:07:06 +05:45
Josema Camacho
51baa88644
chore(api): Update changelog for API's version 1.14.0 to Prowler 5.13.0 ( #8992 )
2025-10-23 12:03:07 +02:00
Pedro Martín
9f372902ad
feat(threatscore): support compliance pdf reporting ( #8867 )
...
Co-authored-by: Sergio Garcia <hello@mistercloudsec.com >
Co-authored-by: alejandrobailo <alejandrobailo94@gmail.com >
Co-authored-by: Víctor Fernández Poyatos <victor@prowler.com >
2025-10-22 15:59:56 +02:00
Adrián Jesús Peña Rodríguez
524209bdf2
feat(api): add provider_id__in filter for ScanSummary queries ( #8951 )
2025-10-21 15:24:09 +02:00
Pedro Martín
4a61578dd8
feat(compliance): add CCC catalogs for AWS, Azure and GCP ( #8000 )
...
Co-authored-by: Alan Buscaglia <gentlemanprogramming@gmail.com >
2025-10-15 21:48:20 +05:45
Hugo Pereira Brito
8773751779
chore(api): enhance m365 user auth deprecation ( #8913 )
...
Co-authored-by: Víctor Fernández Poyatos <victor@prowler.com >
2025-10-15 15:41:40 +02:00
Pedro Martín
564ad56d2f
feat(compliance): add C5 Germany for aws ( #8830 )
...
Co-authored-by: Alan Buscaglia <gentlemanprogramming@gmail.com >
2025-10-15 11:47:23 +02:00
dependabot[bot]
fc1d3d4a47
chore(deps-dev): bump authlib from 1.6.4 to 1.6.5 in /api ( #8910 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-14 09:49:52 -04:00
Víctor Fernández Poyatos
5789e87f4f
fix(api-keys): update created field to never update ( #8908 )
2025-10-14 13:30:41 +02:00
Víctor Fernández Poyatos
8794515318
fix(api-keys): make name required and unique ( #8891 )
2025-10-10 12:35:27 +02:00
Víctor Fernández Poyatos
335db928dc
feat(database): add db read replica support ( #8869 )
2025-10-10 12:27:43 +02:00
Hugo Pereira Brito
b74744b135
feat(m365): add M365 certificate auth to API ( #8538 )
2025-10-09 16:50:28 +02:00
Adrián Jesús Peña Rodríguez
1ba22f6f45
feat(api): update role mapping logic in TenantFinishACSView to handle single/manage account users ( #8882 )
2025-10-09 14:30:26 +02:00
Pedro Martín
1a7f52fc9c
fix(threatscore): improve the way ThreatScore is calculated ( #8582 )
...
Co-authored-by: Sergio Garcia <hello@mistercloudsec.com >
Co-authored-by: alejandrobailo <alejandrobailo94@gmail.com >
2025-10-09 11:50:10 +02:00
Víctor Fernández Poyatos
b630234cdf
fix(api-key): use admin connector to validate authentication ( #8883 )
2025-10-09 11:26:21 +02:00
Víctor Fernández Poyatos
d6685eec1f
feat(api-keys): support include parameter for entity details ( #8876 )
2025-10-09 11:14:13 +02:00
Rubén De la Torre Vico
71e444d4ae
chore: improve API docs for Provider endpoints ( #8723 )
...
Co-authored-by: Víctor Fernández Poyatos <victor@prowler.com >
2025-10-07 15:30:14 +02:00
Víctor Fernández Poyatos
42b7f0f1a9
fix(migrations): API key RLS migration ( #8863 )
2025-10-07 12:39:30 +02:00