coderabbitai[bot]
dee534ee2a
📝 CodeRabbit Chat: Implement requested code changes
2026-06-12 08:45:27 +00:00
Rubén De la Torre Vico
64d62557f4
docs(api): add SSE infrastructure entry to the changelog
2026-06-11 16:25:43 +02:00
Rubén De la Torre Vico
6c46dbce8a
feat(api): add Server-Sent Events infrastructure
...
Add the platform SSE layer that wires django-eventstream into the API:
- BaseSSEViewSet: a base viewset features subclass to expose an SSE
endpoint, reusing the regular DRF stack (auth, RBAC permissions, tenant
transaction) and delegating the stream to django-eventstream.
- SSEChannelManager: resolves the channel set off the request and enforces
a tenant gate by parsing the tenant id embedded in the channel name.
- make_channel_name/tenant_id_from_channel: the single source of truth for
the <prefix>:<tenant_id>:<resource_id> channel format.
- eventstream settings: Valkey Pub/Sub backend on a dedicated DB, the
channel manager, and allowed headers; registered in Django settings.
No endpoint streams over SSE yet; this is the reusable base.
2026-06-11 16:19:41 +02:00
Rubén De la Torre Vico
92c270ffc4
feat(api): add SSE authentication with access_token fallback
...
Browser EventSource cannot set the Authorization header, so add an
SSEAuthentication class that extends the standard JWT/API-key stack with
an ?access_token=<jwt> query-parameter fallback (RFC 6750 section 2.3),
consulted only when no Authorization header is present. The query path
accepts a JWT only; API keys remain header-only.
2026-06-11 16:17:26 +02:00
Rubén De la Torre Vico
a55f276965
feat(api): serve the API through the gunicorn ASGI worker
...
Run gunicorn with the native asgi worker against config.asgi so SSE
streams are parked on the event loop instead of holding a sync worker
per open connection; sync CRUD views keep running in the thread-sensitive
executor. Disable preload under DEBUG so dev reload picks up edited code,
and point the dev and prod entrypoints at the ASGI application.
2026-06-11 16:15:52 +02:00
Rubén De la Torre Vico
cb6df8c775
build(api): add django-eventstream and bump gunicorn to the ASGI worker
...
Add the django-eventstream dependency that backs Server-Sent Events and
bump gunicorn to a release that ships the native asgi worker class, so
SSE streams can run on the event loop.
2026-06-11 16:14:44 +02:00
Pepe Fagoaga
285974b7d4
chore(changelog): v5.30.0 ( #11540 )
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
Co-authored-by: Daniel Barranquero <74871504+danibarranqueroo@users.noreply.github.com >
2026-06-11 09:08:25 +02:00
Pedro Martín
75f95559d6
fix(api): warm compliance caches when starting the worker ( #11530 )
2026-06-10 19:04:40 +02:00
Pedro Martín
61cd4aea3f
feat(compliance): add Okta IDaaS STIG V1R2 framework ( #11428 )
...
Co-authored-by: Alejandro Bailo <59607668+alejandrobailo@users.noreply.github.com >
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com >
2026-06-10 11:22:42 +02:00
Pedro Martín
4a5a49b5bb
fix(api): store and refresh Resource.name on every scan ( #11476 )
...
Co-authored-by: Josema Camacho <josema@prowler.com >
2026-06-10 10:55:31 +02:00
César Arroba
b2d74711d9
chore(deps): bump dulwich to 1.2.5 and pyjwt to 2.13.0 for osv-scanner ( #11499 )
2026-06-09 13:01:46 +02:00
Adrián Peña
1f7caa6394
feat(api): make orphan-task recovery configurable and drop the Jira idempotency table ( #11472 )
2026-06-09 09:16:48 +02:00
César Arroba
061fbaa7bb
feat(api): label Postgres connections with application_name per component and alias ( #11494 )
2026-06-08 13:45:06 +02:00
Josema Camacho
28b045302f
fix(api): create Neo4j driver lazily so an outage can't block API startup ( #11491 )
2026-06-08 13:30:18 +02:00
Pedro Martín
f7f8747512
feat(compliance): add DORA framework for AWS ( #11131 )
2026-06-03 11:43:55 +02:00
Adrián Peña
cf9beb8234
feat(api): recover orphaned background tasks and make task re-runs idempotent ( #11416 )
2026-06-02 14:00:17 +02:00
Davidm4r
7f67eac1bf
perf(api): avoid N+1 query loading finding resource tags ( #11420 )
...
Co-authored-by: Pepe Fagoaga <pepe@prowler.com >
2026-06-02 13:19:21 +02:00
Pedro Martín
a652e28b4a
fix(api): clean up scan tmp output failure to avoid disk fill ( #11421 )
...
Co-authored-by: Pepe Fagoaga <pepe@prowler.com >
2026-06-02 11:37:05 +02:00
Prowler Bot
c2cef99b33
chore(release): Bump versions to v5.30.0 ( #11418 )
...
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com >
2026-06-01 18:37:51 +02:00
Pepe Fagoaga
9422eff8ab
chore: changelog v5.29.0 ( #11390 )
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-05-29 17:29:52 +02:00
Adrián Peña
81226cd837
perf(api): use literal scan_ids in finding-groups /latest aggregation ( #11380 )
2026-05-28 13:46:15 +02:00
Pablo Fernandez Guerra (PFE)
ad1261ce54
ci(docs): add markdownlint foundation (prek + CI) ( #11210 )
...
Co-authored-by: Pablo F.G <pablo.fernandez@prowler.com >
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-27 16:42:01 +02:00
Adrián Peña
329dfdf8e6
perf(api): reduce DB load in scan hot loop by 13x ( #11249 )
...
Co-authored-by: Pepe Fagoaga <pepe@prowler.com >
2026-05-25 19:09:28 +02:00
Pepe Fagoaga
546eb2d85a
chore: changelog v5.28.1 ( #11347 )
2026-05-25 10:18:42 +02:00
Josema Camacho
528d32601b
perf(api): speed up finding-groups endpoint for finding-level filters ( #11326 )
2026-05-22 13:59:05 +02:00
Prowler Bot
56b3044aae
chore(release): Bump versions to v5.29.0 ( #11332 )
...
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com >
2026-05-22 13:34:30 +02:00
Pepe Fagoaga
13e2ede763
chore(changelog): prepare for v5.28.0 ( #11321 )
2026-05-22 09:33:40 +02:00
Pedro Martín
dbbefd0558
feat(compliance): add resource metadata tab inside req find ( #11187 )
2026-05-21 15:09:43 +02:00
César Arroba
7d03bc5e17
fix(api): chown src/backend and docker-entrypoint to prowler user ( #11276 )
2026-05-21 10:21:33 +02:00
Daniel Barranquero
6eebfcfe77
feat(api): add okta provider support ( #11184 )
2026-05-20 10:46:29 +02:00
Pepe Fagoaga
9d8b69abda
fix(api): uv.lock permissions during docker build ( #11243 )
...
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com >
2026-05-19 19:08:35 +02:00
Pedro Martín
60aa601e92
fix(docker): chown copied files to prowler pin uv sync --locked ( #11234 )
2026-05-19 18:03:05 +02:00
Prowler Bot
476e7d1010
chore(release): Bump versions to v5.28.0 ( #11227 )
...
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com >
2026-05-19 15:11:44 +02:00
Pepe Fagoaga
cb01769237
chore(changelog): prepare for v5.27.0 ( #11218 )
2026-05-19 11:42:10 +02:00
Adrián Peña
37aa290d1c
feat(api): add health/live and health/ready probe endpoints ( #11200 )
2026-05-18 16:28:36 +02:00
Pedro Martín
5d34577b0b
feat(reporting): bound PDF compliance report memory and CPU ( #11160 )
2026-05-18 11:46:26 +02:00
Pedro Martín
855e74add0
chore(deps): fix osv-scanner from API ( #11192 )
2026-05-18 10:20:43 +02:00
Adrián Peña
40b7cb3991
fix(api): skip scan tasks when provider was deleted ( #11185 )
2026-05-15 13:48:02 +02:00
Pepe Fagoaga
3410fc927a
chore(security): replace safety with osv-scanner ( #11167 )
2026-05-14 14:35:09 +02:00
AOrps
fb0ef391f2
ci(api): replace poetry with uv (api) ( #10775 )
...
Signed-off-by: AOrps <aorbeandrews@gmail.com >
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com >
2026-05-14 11:17:17 +02:00
Rubén De la Torre Vico
9293c7b58d
fix(api): correct service principal for Bedrock AgentCore attack paths ( #11141 )
2026-05-13 10:14:59 +02:00
Josema Camacho
a30b6623ed
fix(api): make findings GIN index migration idempotent ( #11129 )
2026-05-12 13:47:08 +02:00
Josema Camacho
6dfa135755
perf(api): add multi-column GIN index on findings array fields ( #11001 )
2026-05-12 11:45:16 +02:00
Adrián Peña
9cedbd3582
fix(api): defer scan broker publish until transaction commits ( #11122 )
2026-05-12 11:04:39 +02:00
Prowler Bot
500b395125
chore(api): Bump version to v1.28.0 ( #11112 )
...
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com >
2026-05-11 15:36:36 +02:00
Pepe Fagoaga
02cdcb29db
chore: changelog for v5.26.0 ( #11105 )
2026-05-11 13:04:24 +02:00
Pedro Martín
7971b40f49
feat(api): ASD Essential Eight compliance framework support ( #10982 )
...
Co-authored-by: César Arroba <cesar@prowler.com >
2026-05-06 14:03:00 +02:00
Pedro Martín
4c3e741af7
chore(pyproject): revert API changes ( #11049 )
...
Co-authored-by: César Arroba <cesar@prowler.com >
2026-05-06 12:09:46 +02:00
Pedro Martín
22b233f206
chore(deps): bump requests to 2.33.1 to fix CVE-2026-25645 ( #10983 )
2026-05-05 16:43:18 +02:00
Daniel Barranquero
aa759ab6b7
fix(attack-surface): restore ec2-imdsv1 category alignment ( #10998 )
2026-05-05 16:42:47 +02:00