StylusFrost
45e946cd87
Merge branch 'master' into PROWLER-1391-provider-contract-dynamic-discovery
2026-04-28 12:42:18 +02:00
César Arroba
d6288be472
chore(ci): align sdk-bump-version PR titles with other bump workflows ( #10897 )
2026-04-27 10:20:56 +02:00
César Arroba
0cddb71d1c
fix(ci): simplify docs-bump-version to a single master-only PR ( #10896 )
2026-04-27 10:20:47 +02:00
StylusFrost
a31fe9b618
Merge branch 'master' into PROWLER-1391-provider-contract-dynamic-discovery
...
Conflict in prowler/config/config.py resolved by combining both branches:
- HEAD: external compliance discovery via entry points (PROWLER-1391)
- master: multi-provider framework JSONs scanned at top-level compliance/ (#10300 )
Order: built-in per-provider -> built-in multi-provider -> external entry points.
Built-ins first so they win on name collisions against external registrations.
Supporting external plug-ins to register multi-provider frameworks is tracked
in PROWLER-1444.
2026-04-24 20:54:22 +02:00
César Arroba
b97d68fbd5
fix(ci): also gate cache-dependency-path on enable-cache in setup-python-poetry ( #10885 )
2026-04-24 12:38:13 +02:00
César Arroba
ca79300440
fix(ci): poetry cache post-step failure on release workflows ( #10881 )
2026-04-24 11:57:30 +02:00
César Arroba
6d3fcec5da
ci: bump docs version against master on patch releases ( #10879 )
2026-04-24 11:49:14 +02:00
César Arroba
ce1cf51d37
fix(ci): allow github.com egress in backport workflow ( #10876 )
2026-04-24 10:00:55 +02:00
Pedro Martín
dff5541e11
fix(ci): improve compliance check action ( #10850 )
2026-04-22 16:31:05 +02:00
Pepe Fagoaga
c27cb28a2a
chore(safety): define policy for high and critical ( #10845 )
2026-04-22 13:28:59 +02:00
StylusFrost
e27317437d
feat(external-provider): add dynamic loading tests and coverage for external provider
2026-04-21 14:37:50 +02:00
César Arroba
858dfc2a00
fix(ci): remove broken resolved_reference step from setup-python-poetry ( #10687 )
2026-04-21 08:58:24 +02:00
Pepe Fagoaga
8d48c26c1e
chore(secrets): don't block for trufflehog ( #10806 )
2026-04-20 17:57:32 +02:00
César Arroba
94a2ea1e8f
chore: update CODEOWNERS for new team hierarchy ( #10706 )
2026-04-20 11:39:00 +02:00
Rubén De la Torre Vico
04fe3f65e0
chore(deps): enable Dependabot pre-commit ecosystem and bump hooks ( #10732 )
2026-04-16 13:38:11 +02:00
stepsecurity-app[bot]
96e7d6cb3a
feat(security): security best practices from StepSecurity ( #10682 )
...
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io >
Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Co-authored-by: Pepe Fagoaga <pepe@prowler.com >
2026-04-14 15:13:12 +02:00
Josema Camacho
51591cb8cd
build: bump poetry to 2.3.4 and consolidate SDK workflows ( #10681 )
2026-04-14 13:32:46 +02:00
Pedro Martín
31b645ee53
chore(github): allow GitHub release CDN in trivy scan allowlist ( #10679 )
2026-04-14 10:09:54 +02:00
Adrián Peña
c6d5f44c5e
chore: update pyjwt ( #10661 )
2026-04-13 14:09:37 +02:00
dependabot[bot]
ad36938717
chore(deps): bump actions/download-artifact from 6.0.0 to 8.0.1 ( #10541 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:25:14 +02:00
dependabot[bot]
10dd9460e9
chore(deps): bump azure/setup-helm from 4.3.0 to 5.0.0 ( #10543 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:24:42 +02:00
dependabot[bot]
c8d41745dd
chore(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1 ( #10544 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:23:44 +02:00
dependabot[bot]
c6c000a369
chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 ( #10545 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:23:18 +02:00
dependabot[bot]
a2b083e8c8
chore(deps): bump actions/cache from 5.0.3 to 5.0.4 ( #10546 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:22:58 +02:00
dependabot[bot]
d2f7169537
chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 ( #10548 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:22:26 +02:00
dependabot[bot]
632f2633c1
chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 ( #10550 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:20:34 +02:00
dependabot[bot]
82d487a1e7
chore(deps): bump sorenlouv/backport-github-action from 10.2.0 to 11.0.0 ( #10540 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:20:11 +02:00
dependabot[bot]
9a6a43637d
chore(deps): bump pnpm/action-setup from 4.2.0 to 5.0.0 ( #10551 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:19:50 +02:00
dependabot[bot]
c21cf0ac20
chore(deps): bump tj-actions/changed-files from 47.0.4 to 47.0.5 ( #10552 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:19:28 +02:00
dependabot[bot]
f3b142c0cf
chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 ( #10554 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:19:00 +02:00
dependabot[bot]
eda90c4673
chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 ( #10555 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:18:16 +02:00
dependabot[bot]
def59a8cc2
chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 ( #10556 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:16:00 +02:00
dependabot[bot]
1bfed74db5
chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 ( #10557 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 10:14:27 +02:00
Josema Camacho
283259f34c
fix(sdk): resolve empty-set bug in _enabled_regions causing 36-region client creation and CI timeouts ( #10598 )
2026-04-08 08:40:58 +02:00
Pepe Fagoaga
b2788df8cc
chore(issues): automate conversation lock on issue close ( #10596 )
2026-04-07 13:07:02 +02:00
Andoni Alonso
b1b361af8b
chore(ci): update Pablo user for labeling purposes ( #10594 )
2026-04-07 12:54:04 +02:00
Pablo Fernandez Guerra (PFE)
6ac90eb1b5
chore(ui): add pnpm supply chain security protections ( #10471 )
...
Co-authored-by: Pablo F.G <pablo.fernandez@prowler.com >
Co-authored-by: César Arroba <cesar@prowler.com >
2026-04-01 14:10:01 +02:00
Alejandro Bailo
4f86667433
feat(sdk): add Vercel provider with 30 security checks ( #10189 )
...
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com >
Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com >
2026-03-31 16:21:22 +02:00
Pedro Martín
99b80ebbd9
chore(actions): add pr-check-compliance-mapping action ( #10526 )
2026-03-31 13:38:20 +02:00
César Arroba
6f6d62f51f
fix(ci): remove DOCKER_HUB_REPOSITORY secret and add toniblyx mirror push ( #10512 )
2026-03-30 11:53:04 +02:00
César Arroba
de492a770c
fix(ci): remove DOCKER_HUB_REPOSITORY secret from sdk container workflow ( #10509 )
2026-03-30 10:20:38 +02:00
César Arroba
e9009f783b
fix(ci): remove setup-buildx-action from create-manifest jobs ( #10508 )
2026-03-30 10:01:32 +02:00
Pepe Fagoaga
8267fc4813
fix(step_security): keep notify in audit mode ( #10496 )
2026-03-27 16:01:24 +01:00
Josema Camacho
cc197ea901
feat(api): add periodic cleanup of stale Attack Paths scans with dead-worker detection ( #10387 )
2026-03-27 14:17:22 +01:00
Pepe Fagoaga
2b5d015e09
feat(security): add missing endpoints to allowlist ( #10495 )
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-03-27 13:53:52 +01:00
Adrián Peña
700b51ddad
chore: update Python version references from 3.9 to 3.10 ( #10493 )
2026-03-27 13:13:36 +01:00
Pepe Fagoaga
417be55604
feat(security): block mode for hardened runners ( #10482 )
2026-03-27 13:08:59 +01:00
Terry Franklin
0a11ca4a68
feat(celery): VALKEY_SCHEME environment variable ( #10420 )
...
Co-authored-by: Pepe Fagoaga <pepe@prowler.com >
2026-03-27 09:22:35 +01:00
Pepe Fagoaga
73907db856
fix(trivy-scan): don't comment if PR from fork ( #10490 )
2026-03-27 08:37:19 +01:00
stepsecurity-app[bot]
716c130140
feat(security): security best practices from StepSecurity ( #10480 )
...
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io >
Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Co-authored-by: Pepe Fagoaga <pepe@prowler.com >
2026-03-26 13:58:19 +01:00