Toni de la Fuente
a8c244849f
feat(api): add GitHub integration for sending findings as issues
...
Add complete GitHub integration to Prowler that allows sending security
findings as GitHub Issues, working similarly to the existing Jira integration.
Features:
- GitHub API client with Personal Access Token (PAT) authentication
- Support for creating issues from Prowler findings
- Automatic repository discovery and validation
- Label support for issue categorization
- Rich markdown-formatted issues with detailed finding information
- Full API integration with CRUD operations
- Async task processing for bulk operations
- Connection testing and validation
Implementation:
- Add GitHub API client in prowler/lib/outputs/github/
- Add GitHub to Integration model choices
- Create serializers and validators for GitHub credentials and configuration
- Implement IntegrationGitHubViewSet for API endpoints
- Add async tasks and job processing for sending findings
- Add URL routing for /integrations/{id}/github/dispatches endpoint
API Changes:
- New integration type: "github"
- Credentials: token (required), owner (optional)
- Configuration: repositories dict, owner string
- Dispatch endpoint accepts repository and optional labels
Issue Format:
- Title: [Prowler] SEVERITY - CHECK_ID - RESOURCE_UID
- Body includes: finding details, risk description, recommendations,
remediation code (CLI/Terraform/IaC), resource tags, compliance info
Security:
- GitHub PAT encrypted with Fernet before storage
- Repository access validated before dispatch
- All API calls use HTTPS
- Comprehensive error handling and logging
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2026-01-07 21:38:16 +01:00
Adrián Peña
df8d82345d
fix(api): update dependencies to patch security vulnerabilities ( #9730 )
2026-01-07 18:10:58 +01:00
Pepe Fagoaga
e58e939f55
chore(api): update lock for SDK ( #9673 )
2025-12-23 16:56:40 +01:00
Pepe Fagoaga
0719e31b58
chore(security-hub): handle SecurityHubNoEnabledRegionsError ( #9635 )
2025-12-22 16:50:36 +01:00
Adrián Peña
641dc78c3a
fix(api): add cleanup for orphan scheduled scans caused by transaction isolation ( #9633 )
2025-12-22 14:11:50 +01:00
Pedro Martín
3eb2595f6d
feat(api): support alibabacloud provider ( #9485 )
2025-12-22 12:46:50 +01:00
César Arroba
f4a78d64f1
chore(github): bump version for API, UI and Docs ( #9601 )
2025-12-22 09:35:00 +01:00
Víctor Fernández Poyatos
d1d03ba421
fix(migrations): missing help text and constraint ( #9591 )
2025-12-18 13:52:21 +01:00
Adrián Peña
bd47fe2072
chore(api): update changelog for 5.16 ( #9587 ) ( #9590 )
2025-12-18 13:23:50 +01:00
Víctor Fernández Poyatos
b395f52a00
fix(migrations): wrong fk definition ( #9589 )
2025-12-18 13:20:47 +01:00
Adrián Peña
d14bf31844
chore(api): update changelog for 5.16 ( #9587 )
2025-12-18 13:18:38 +01:00
Pedro Martín
594188f7ed
feat(report): add account id, alias and provider to PDF report ( #9574 )
2025-12-17 11:29:21 +01:00
Víctor Fernández Poyatos
cbc621cb43
fix(models): only update resources when tags are created ( #9569 )
2025-12-16 13:30:25 +01:00
Adrián Peña
b549c8dbad
fix: make scan_id mandatory in compliance overviews endpoint ( #9560 )
2025-12-15 17:27:45 +01:00
Víctor Fernández Poyatos
79ac7cf6d4
fix(beat): Increase scheduled scans countdown to 5 seconds ( #9558 )
2025-12-15 17:13:08 +01:00
Chandrapal Badshah
2b4b23c719
feat(lighthouse): filter out non-compatible OpenAI models ( #9523 )
...
Co-authored-by: Chandrapal Badshah <12944530+Chan9390@users.noreply.github.com >
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com >
2025-12-15 11:31:04 +01:00
Víctor Fernández Poyatos
b5151a8ee5
feat(api): new endpoint for categories overviews ( #9529 )
2025-12-12 13:30:59 +01:00
Adrián Peña
0e9ba4b116
fix(api): add one second countdown to scheduled scan task to ensure transaction completion ( #9516 )
2025-12-12 10:08:42 +01:00
Pepe Fagoaga
e2f30e0987
chore(changelog): v5.15.0 ( #9495 )
2025-12-11 09:29:55 +01:00
Adrián Peña
4addfcc848
chore: add migration to perform the backfill ( #9500 )
2025-12-10 16:39:12 +01:00
Pedro Martín
d264f3daff
fix(deps): install alibabacloud missing dep ( #9487 )
2025-12-09 17:18:32 +01:00
Adrián Peña
2170e5fe12
feat(api): add findings severity timeseries endpoint ( #9363 )
2025-12-05 11:19:37 +01:00
Pepe Fagoaga
902bc9ad57
fix(api): unlimited limit-request-line ( #9461 )
...
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2025-12-04 17:45:58 +01:00
Chandrapal Badshah
eb247360c3
fix: return human readable error messages from lighthouse celery tasks ( #9165 )
...
Co-authored-by: Chandrapal Badshah <12944530+Chan9390@users.noreply.github.com >
2025-12-04 14:17:14 +01:00
Pedro Martín
6dff4bfd8b
fix(ens): solve division by zero at reporting ( #9443 )
2025-12-04 10:08:12 +01:00
Víctor Fernández Poyatos
c8872dd6ac
feat(db): Add admin read replica connection ( #9440 )
2025-12-03 16:53:48 +01:00
Chandrapal Badshah
26fd7d3adc
feat(lighthouse): Support Amazon Bedrock Long-Term API Key ( #9343 )
...
Co-authored-by: Chandrapal Badshah <12944530+Chan9390@users.noreply.github.com >
2025-12-03 16:19:18 +01:00
Víctor Fernández Poyatos
cb84bd0f94
fix(sentry): mute foreign key constraints alerts ( #9439 )
2025-12-03 16:08:47 +01:00
Víctor Fernández Poyatos
f58c1fddfb
fix(compliance): ignore conflicts with unique summaries ( #9436 )
2025-12-03 15:37:04 +01:00
Adrián Peña
a4e12a94f9
refactor(api): update compliance report endpoints and enhance query parameters ( #9338 )
2025-12-03 11:41:07 +01:00
Víctor Fernández Poyatos
29a1034658
feat(exception): Add decorator for deleted providers during scans ( #9414 )
2025-12-03 09:46:59 +01:00
Víctor Fernández Poyatos
07e82bde56
feat(attack-surfaces): add new endpoints to retrieve overview data ( #9309 )
2025-12-02 12:12:47 +01:00
Víctor Fernández Poyatos
495aee015e
build: add gevent to API deps ( #9359 )
2025-12-01 13:11:38 +01:00
Pedro Martín
d3a000cbc4
fix(report): update logic for threatscore ( #9348 )
2025-12-01 09:11:08 +01:00
Pedro Martín
bb43e924ee
fix(report): use pagina for ENS in footer ( #9345 )
2025-11-28 12:04:30 +01:00
Adrián Jesús Peña Rodríguez
7e0c5540bb
feat(api): restore compliance overview endpoint ( #9330 )
2025-11-27 13:31:15 +01:00
Andoni Alonso
6e135abaa0
fix(iac): ignore mutelist in IaC scans ( #9331 )
2025-11-27 11:08:58 +01:00
Hugo Pereira Brito
127b8d8e56
fix: typo in pdf report generation ( #9322 )
...
Co-authored-by: Pepe Fagoaga <pepe@prowler.com >
2025-11-26 13:58:40 +01:00
Daniel Barranquero
0d59441c5f
fix(api): add alter to mongodbatlas migration ( #9308 )
2025-11-25 11:29:07 +01:00
Pepe Fagoaga
3b05a1430e
chore(changelog): reconcile for v5.14 ( #9277 )
...
Co-authored-by: Víctor Fernández Poyatos <victor@prowler.com >
2025-11-24 19:03:53 +01:00
Adrián Jesús Peña Rodríguez
75abd8f54d
fix(threatscore): exclude muted findings from aggregated statistics in threatscore utils ( #9296 )
2025-11-24 13:25:20 +01:00
Adrián Jesús Peña Rodríguez
2f184a493b
feat(threatscore): restore API threatscore snapshots ( #9291 )
2025-11-24 10:47:03 +01:00
Pepe Fagoaga
e2e06a78f9
fix(lock): update poetry lock for prowler ( #9290 )
2025-11-24 10:05:14 +01:00
Adrián Jesús Peña Rodríguez
de5aba6d4d
feat(api): add new endpoint for retrieving findings data by region with associated filters and response schema ( #9273 )
2025-11-21 11:23:31 +01:00
Pedro Martín
46bfe02ee8
feat(nis2): support PDF reporting ( #9170 )
...
Co-authored-by: alejandrobailo <alejandrobailo94@gmail.com >
Co-authored-by: Josema Camacho <josema@prowler.com >
2025-11-20 17:14:54 +01:00
Víctor Fernández Poyatos
789fc84e31
fix(overviews): exclude muted findings from severity overview ( #9283 )
2025-11-20 16:29:20 +01:00
Víctor Fernández Poyatos
ced122ac0d
feat(migrations): add missing remove index operation ( #9280 )
2025-11-20 15:09:14 +01:00
Hugo Pereira Brito
dc7d2d5aeb
fix(outputs): refresh scan timestamps per run ( #9272 )
2025-11-20 13:12:39 +01:00
Pedro Martín
94fe87b4a2
feat(ens): support PDF reporting ( #9158 )
...
Co-authored-by: alejandrobailo <alejandrobailo94@gmail.com >
2025-11-19 18:57:58 +01:00
Pedro Martín
219bc12365
feat(kubernetes): add Prowler ThreatScore compliance framework ( #9235 )
2025-11-19 18:31:54 +01:00