Commit Graph

450 Commits

Author SHA1 Message Date
Josema Camacho 4e00cfd1b6 fix(api): avoid mutating API key manager during auth (#11686) 2026-06-24 16:50:55 +02:00
Davidm4r 917e5d07ff test(api): speed up API test suite (#11681) 2026-06-24 15:15:29 +02:00
Rubén De la Torre Vico 058a1dc8fe chore: unify ruff tooling and route code quality through the Makefile (#11675) 2026-06-23 17:15:05 +02:00
Prowler Bot 3b0124d3fd chore(release): Bump versions to v5.32.0 (#11673)
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
2026-06-23 16:53:29 +02:00
Josema Camacho 2375f1d962 fix(api): uvicorn worker keepalive (#11663)
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-22 16:30:33 +02:00
abdou 30d737c7d7 fix(api): bound Celery worker concurrency to a configurable default (#11075)
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com>
2026-06-22 14:05:11 +02:00
Adrián Peña bf3b5c2ba7 Merge commit from fork
* fix(saml): cross-tenant account takeover via SAML domain claiming

* chore(changelog): add PR #

* fix(api): bind SAML tokens to validated domain

- Reject SAML assertions with mismatched email domains
- Issue SAML tokens from the validated ACS tenant
- Add regression coverage for cross-tenant SAML token issuance

* fix(api): resolve SAML tenant inside RLS context

- Load the SAML tenant relation before leaving the RLS transaction
- Avoid lazy tenant lookups during the SAML ACS finish flow

---------

Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-06-19 13:38:51 +02:00
Josema Camacho 6d8d553610 fix(api): set gunicorn keep-alive above the load balancer idle timeout to stop 502s (#11647) 2026-06-19 12:49:49 +02:00
Josema Camacho 99285d4656 fix(api): close DB connections per request to stop ASGI replica connection leak (#11640) 2026-06-18 17:42:19 +02:00
Pedro Martín c0ae8b9739 feat(compliance): add DORA compliance framework for Azure (#11551) 2026-06-18 08:56:04 +02:00
Josema Camacho bae74b8181 fix(api): ignore RequestAborted from health-check probe disconnects in Sentry (#11632) 2026-06-17 16:20:17 +02:00
Josema Camacho f1a30f706a fix(api): raise Gunicorn worker timeout to 120s via GUNICORN_TIMEOUT (#11631) 2026-06-17 14:04:36 +02:00
Rubén De la Torre Vico 0463cd1559 fix(api): disable ASGI lifespan probe and tune SSE worker loop/connections (#11626) 2026-06-17 11:16:58 +02:00
Adrián Peña e4d5ca11b3 feat(api): add provider group filters (#11573) 2026-06-16 14:18:34 +02:00
Adrián Peña 181197177c feat(api): only remap SAML user roles when the IdP sends userType (#11520) 2026-06-16 14:18:16 +02:00
Pedro Martín e419771b04 perf(api): optimize scan-compliance-overviews task (#11591) 2026-06-16 10:48:55 +02:00
Rubén De la Torre Vico 28c064a9b7 feat(api): add Server-Sent Events (SSE) infrastructure (#11556) 2026-06-16 10:26:20 +02:00
Josema Camacho a394c0fdf6 fix(api): drop_subgraph deletes relationships then nodes to cut Neo4j memory (#11557) 2026-06-11 18:32:35 +02:00
Pedro Martín 20eca78767 fix(compliance): resolve provider from scan in attributes endp (#11546) 2026-06-11 18:00:36 +02:00
Hugo Pereira Brito 65f00a197b fix(api): normalize OCI scan region credentials (#11558) 2026-06-11 17:32:28 +02:00
Prowler Bot c4378d5992 chore(release): Bump versions to v5.31.0 (#11548)
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
2026-06-11 15:28:25 +02:00
Pedro Martín 75f95559d6 fix(api): warm compliance caches when starting the worker (#11530) 2026-06-10 19:04:40 +02:00
Pedro Martín 61cd4aea3f feat(compliance): add Okta IDaaS STIG V1R2 framework (#11428)
Co-authored-by: Alejandro Bailo <59607668+alejandrobailo@users.noreply.github.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-10 11:22:42 +02:00
Pedro Martín 4a5a49b5bb fix(api): store and refresh Resource.name on every scan (#11476)
Co-authored-by: Josema Camacho <josema@prowler.com>
2026-06-10 10:55:31 +02:00
César Arroba b2d74711d9 chore(deps): bump dulwich to 1.2.5 and pyjwt to 2.13.0 for osv-scanner (#11499) 2026-06-09 13:01:46 +02:00
Adrián Peña 1f7caa6394 feat(api): make orphan-task recovery configurable and drop the Jira idempotency table (#11472) 2026-06-09 09:16:48 +02:00
César Arroba 061fbaa7bb feat(api): label Postgres connections with application_name per component and alias (#11494) 2026-06-08 13:45:06 +02:00
Josema Camacho 28b045302f fix(api): create Neo4j driver lazily so an outage can't block API startup (#11491) 2026-06-08 13:30:18 +02:00
Pedro Martín f7f8747512 feat(compliance): add DORA framework for AWS (#11131) 2026-06-03 11:43:55 +02:00
Adrián Peña cf9beb8234 feat(api): recover orphaned background tasks and make task re-runs idempotent (#11416) 2026-06-02 14:00:17 +02:00
Davidm4r 7f67eac1bf perf(api): avoid N+1 query loading finding resource tags (#11420)
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-06-02 13:19:21 +02:00
Pedro Martín a652e28b4a fix(api): clean up scan tmp output failure to avoid disk fill (#11421)
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-06-02 11:37:05 +02:00
Prowler Bot c2cef99b33 chore(release): Bump versions to v5.30.0 (#11418)
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
2026-06-01 18:37:51 +02:00
Adrián Peña 81226cd837 perf(api): use literal scan_ids in finding-groups /latest aggregation (#11380) 2026-05-28 13:46:15 +02:00
Adrián Peña 329dfdf8e6 perf(api): reduce DB load in scan hot loop by 13x (#11249)
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-05-25 19:09:28 +02:00
Josema Camacho 528d32601b perf(api): speed up finding-groups endpoint for finding-level filters (#11326) 2026-05-22 13:59:05 +02:00
Prowler Bot 56b3044aae chore(release): Bump versions to v5.29.0 (#11332)
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
2026-05-22 13:34:30 +02:00
Pedro Martín dbbefd0558 feat(compliance): add resource metadata tab inside req find (#11187) 2026-05-21 15:09:43 +02:00
Daniel Barranquero 6eebfcfe77 feat(api): add okta provider support (#11184) 2026-05-20 10:46:29 +02:00
Prowler Bot 476e7d1010 chore(release): Bump versions to v5.28.0 (#11227)
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
2026-05-19 15:11:44 +02:00
Adrián Peña 37aa290d1c feat(api): add health/live and health/ready probe endpoints (#11200) 2026-05-18 16:28:36 +02:00
Pedro Martín 5d34577b0b feat(reporting): bound PDF compliance report memory and CPU (#11160) 2026-05-18 11:46:26 +02:00
Adrián Peña 40b7cb3991 fix(api): skip scan tasks when provider was deleted (#11185) 2026-05-15 13:48:02 +02:00
Rubén De la Torre Vico 9293c7b58d fix(api): correct service principal for Bedrock AgentCore attack paths (#11141) 2026-05-13 10:14:59 +02:00
Josema Camacho a30b6623ed fix(api): make findings GIN index migration idempotent (#11129) 2026-05-12 13:47:08 +02:00
Josema Camacho 6dfa135755 perf(api): add multi-column GIN index on findings array fields (#11001) 2026-05-12 11:45:16 +02:00
Adrián Peña 9cedbd3582 fix(api): defer scan broker publish until transaction commits (#11122) 2026-05-12 11:04:39 +02:00
Prowler Bot 500b395125 chore(api): Bump version to v1.28.0 (#11112)
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
2026-05-11 15:36:36 +02:00
Pedro Martín 7971b40f49 feat(api): ASD Essential Eight compliance framework support (#10982)
Co-authored-by: César Arroba <cesar@prowler.com>
2026-05-06 14:03:00 +02:00
Daniel Barranquero aa759ab6b7 fix(attack-surface): restore ec2-imdsv1 category alignment (#10998) 2026-05-05 16:42:47 +02:00