coderabbitai[bot]
dee534ee2a
📝 CodeRabbit Chat: Implement requested code changes
2026-06-12 08:45:27 +00:00
Rubén De la Torre Vico
64d62557f4
docs(api): add SSE infrastructure entry to the changelog
2026-06-11 16:25:43 +02:00
Rubén De la Torre Vico
c46d25b2a5
docs(developer-guide): add Server-Sent Events guide
...
Document the SSE infrastructure for backend developers: when to use SSE,
the architecture and ASGI transport, a step-by-step worked example for
adding an endpoint to a feature, the resource.verb event-naming
convention, authentication, the tenant-isolation model, and reconnect/
state-recovery. Register the page in the Developer Guide navigation.
2026-06-11 16:19:59 +02:00
Rubén De la Torre Vico
6c46dbce8a
feat(api): add Server-Sent Events infrastructure
...
Add the platform SSE layer that wires django-eventstream into the API:
- BaseSSEViewSet: a base viewset features subclass to expose an SSE
endpoint, reusing the regular DRF stack (auth, RBAC permissions, tenant
transaction) and delegating the stream to django-eventstream.
- SSEChannelManager: resolves the channel set off the request and enforces
a tenant gate by parsing the tenant id embedded in the channel name.
- make_channel_name/tenant_id_from_channel: the single source of truth for
the <prefix>:<tenant_id>:<resource_id> channel format.
- eventstream settings: Valkey Pub/Sub backend on a dedicated DB, the
channel manager, and allowed headers; registered in Django settings.
No endpoint streams over SSE yet; this is the reusable base.
2026-06-11 16:19:41 +02:00
Rubén De la Torre Vico
92c270ffc4
feat(api): add SSE authentication with access_token fallback
...
Browser EventSource cannot set the Authorization header, so add an
SSEAuthentication class that extends the standard JWT/API-key stack with
an ?access_token=<jwt> query-parameter fallback (RFC 6750 section 2.3),
consulted only when no Authorization header is present. The query path
accepts a JWT only; API keys remain header-only.
2026-06-11 16:17:26 +02:00
Rubén De la Torre Vico
a55f276965
feat(api): serve the API through the gunicorn ASGI worker
...
Run gunicorn with the native asgi worker against config.asgi so SSE
streams are parked on the event loop instead of holding a sync worker
per open connection; sync CRUD views keep running in the thread-sensitive
executor. Disable preload under DEBUG so dev reload picks up edited code,
and point the dev and prod entrypoints at the ASGI application.
2026-06-11 16:15:52 +02:00
Rubén De la Torre Vico
cb6df8c775
build(api): add django-eventstream and bump gunicorn to the ASGI worker
...
Add the django-eventstream dependency that backs Server-Sent Events and
bump gunicorn to a release that ships the native asgi worker class, so
SSE streams can run on the event loop.
2026-06-11 16:14:44 +02:00
Hugo Pereira Brito
f1d741214a
fix(ui): adapt risk pipeline sankey layout ( #11527 )
2026-06-11 09:44:17 +02:00
Pepe Fagoaga
285974b7d4
chore(changelog): v5.30.0 ( #11540 )
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
Co-authored-by: Daniel Barranquero <74871504+danibarranqueroo@users.noreply.github.com >
2026-06-11 09:08:25 +02:00
Daniel Barranquero
989c3b174e
fix(bedrock): per-finding severity for long-term API key check ( #11526 )
2026-06-11 08:31:08 +02:00
Pedro Martín
75f95559d6
fix(api): warm compliance caches when starting the worker ( #11530 )
2026-06-10 19:04:40 +02:00
sahil-sols
e085e14247
fix(aws): order-independent CloudWatch metric filter pattern checks ( #11345 )
...
Co-authored-by: Sahil Pugalia <sahil-sols@users.noreply.github.com >
Co-authored-by: Cursor <cursoragent@cursor.com >
Co-authored-by: Lydia Vilchez <lydiavilchezlopez@gmail.com >
2026-06-10 18:49:06 +02:00
Johannes Engler
368d3a2661
feat(stackit): add objectstorage checks ( #11397 )
...
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com >
Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com >
2026-06-10 18:43:24 +02:00
Pedro Martín
3c8fde25ee
chore(cli): add banner about Prowler Cloud ( #11528 )
2026-06-10 18:19:50 +02:00
Aryan Bhaskar
ec0bb53839
feat(bedrock): add bedrock_agent_role_least_privilege check ( #11335 )
...
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com >
2026-06-10 12:40:54 +02:00
Pedro Martín
bfb3fcea4c
fix(e2e): use branch SDK changes to create the container ( #11522 )
2026-06-10 11:34:35 +02:00
Pedro Martín
61cd4aea3f
feat(compliance): add Okta IDaaS STIG V1R2 framework ( #11428 )
...
Co-authored-by: Alejandro Bailo <59607668+alejandrobailo@users.noreply.github.com >
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com >
2026-06-10 11:22:42 +02:00
StylusFrost
01b49f0743
feat(dashboard): render dynamic-provider compliance frameworks ( #11503 )
...
Co-authored-by: pedrooot <pedromarting3@gmail.com >
2026-06-10 11:16:39 +02:00
Pedro Martín
4a5a49b5bb
fix(api): store and refresh Resource.name on every scan ( #11476 )
...
Co-authored-by: Josema Camacho <josema@prowler.com >
2026-06-10 10:55:31 +02:00
Alan Buscaglia
a21cb64a94
fix(ui): extend integration poll timeouts to 60s ( #11519 )
2026-06-10 10:34:50 +02:00
Hugo Pereira Brito
9a50dffaa0
feat(gcp): split kms_key_rotation_enabled into enabled and max-90-days checks ( #11516 )
2026-06-09 16:52:49 +02:00
Jasmine
e710ebff1c
feat(m365): add exchange_mailbox_primary_smtp_custom_domain check ( #11215 )
...
Co-authored-by: Jasmine Sullivan <20147180@tafe.wa.edu.au >
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com >
2026-06-09 16:24:25 +02:00
Hugo Pereira Brito
b3caee88e4
fix(m365): skip future hires in MFA capable check ( #11511 )
2026-06-09 15:42:06 +02:00
Hugo Pereira Brito
d9f90e50b8
fix(m365): paginate admincenter group enumeration ( #11510 )
2026-06-09 15:23:35 +02:00
Alan Buscaglia
58efb719fa
docs(skills): correct setup symlink paths in README ( #11514 )
2026-06-09 14:41:18 +02:00
Alan Buscaglia
355b7071aa
docs: add skills installation and usage guide ( #11513 )
2026-06-09 14:41:13 +02:00
Pepe Fagoaga
b994b0b14e
chore(ui): rename customer support to support desk ( #11508 )
2026-06-09 13:53:21 +02:00
StylusFrost
6c559fbb8d
feat(sdk): discover external universal compliance frameworks via entry points ( #11490 )
2026-06-09 13:45:34 +02:00
César Arroba
b2d74711d9
chore(deps): bump dulwich to 1.2.5 and pyjwt to 2.13.0 for osv-scanner ( #11499 )
2026-06-09 13:01:46 +02:00
Ashishraymajhi
7e60e8f8da
feat(m365): add entra_service_prinicipal_privileged_role_no_owners_check ( #11189 )
...
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com >
2026-06-09 11:29:03 +02:00
Hugo Pereira Brito
62955dd16b
feat(okta): add authenticator STIG checks ( #11465 )
...
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com >
2026-06-09 10:17:23 +02:00
Adrián Peña
1f7caa6394
feat(api): make orphan-task recovery configurable and drop the Jira idempotency table ( #11472 )
2026-06-09 09:16:48 +02:00
Pepe Fagoaga
662e7e9e18
chore(changelog): prepare for v5.29.3 ( #11505 )
2026-06-09 08:13:12 +02:00
StylusFrost
e3013d9918
feat(sdk): Dynamic provider loading and compliance framework ( #10700 )
...
Co-authored-by: Pedro Martín <pedromarting3@gmail.com >
2026-06-08 17:47:22 +02:00
Hugo Pereira Brito
0ea2f6d67e
feat(okta): add API token STIG checks ( #11464 )
...
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com >
2026-06-08 17:11:54 +02:00
Hugo Pereira Brito
7692a1d76a
feat(okta): add network zone STIG check ( #11463 )
...
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com >
2026-06-08 16:51:58 +02:00
Aline Almeida
1c9afc714e
fix(gcp): honour org-aggregated sinks in metric-filter checks ( #11488 )
...
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com >
2026-06-08 16:46:48 +02:00
Daniel Barranquero
466f1a3d73
feat(okta): add user, systemlog, and idp services with DISA STIG checks ( #11496 )
...
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com >
Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com >
2026-06-08 14:59:50 +02:00
César Arroba
061fbaa7bb
feat(api): label Postgres connections with application_name per component and alias ( #11494 )
2026-06-08 13:45:06 +02:00
Josema Camacho
28b045302f
fix(api): create Neo4j driver lazily so an outage can't block API startup ( #11491 )
2026-06-08 13:30:18 +02:00
Alejandro Bailo
5a2226c02c
fix(ui): preserve active tab styling with tooltips ( #11493 )
2026-06-08 11:54:51 +02:00
potato-20
6f172a5c19
feat(elbv2): add elbv2_alb_drop_invalid_header_fields_enabled check (FSBP ELB.4) ( #11471 )
...
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com >
2026-06-05 14:26:07 +02:00
Pedro Martín
a7d180ea5b
feat(dashboard): add AWS AI Security Framework compliance view ( #11475 )
2026-06-05 13:28:31 +02:00
Pedro Martín
d4bbc8b5ad
fix(jira): avoid 400 INVALID_INPUT on findings with empty field ( #11474 )
2026-06-05 13:26:28 +02:00
Aline Almeida
a5bc226f11
fix(gcp): pass iam_service_account_unused for disabled service accounts ( #11467 )
2026-06-05 12:07:30 +02:00
Pablo Fernandez Guerra (PFE)
3a3d9d6146
chore(ui): type process.env via ambient NodeJS.ProcessEnv ( #11328 )
...
Co-authored-by: Pablo F.G <pablo.fernandez@prowler.com >
2026-06-05 08:31:16 +02:00
Oleksandr_Sanin
bcd282d3d0
fix(gcp): honour org-level aggregated sinks in logging_sink_created check ( #11355 )
...
Signed-off-by: Oleksandr Sanin <alexaaander.sanin@gmail.com >
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com >
2026-06-04 12:07:01 +02:00
Pedro Martín
eb7949c884
fix(ui): show delete user action only for the current user ( #11447 )
...
Co-authored-by: Pepe Fagoaga <pepe@prowler.com >
2026-06-03 17:03:12 +02:00
Alejandro Bailo
e60a4462e5
fix(ui): refine add-provider wizard flow between scans and providers ( #11424 )
2026-06-03 16:08:06 +02:00
Pedro Martín
f7f8747512
feat(compliance): add DORA framework for AWS ( #11131 )
2026-06-03 11:43:55 +02:00