Hugo P.Brito
d9b7cc031f
docs(changelog): add attack-paths template-graph entries
...
Document the API (account stripping + outcome metadata + filtered catalog) and UI (grouped template view with expand-on-click, outcome node, arrowheads) changes under the current API/UI version sections, referencing PR #11357 .
2026-05-26 09:13:25 +02:00
Hugo P.Brito
99a11ecfb6
feat(api): strip account nodes and surface attack outcome metadata
...
- Drop account/root-labeled nodes (AWSAccount, AzureSubscription, AzureTenant, GCPProject, KubernetesCluster, GitHubAccount) and their relationships from the serialized attack-paths graph. The account stays the Cypher MATCH anchor; tenant/provider isolation is unaffected.
- Add AttackPathsQueryOutcome (label, description, severity) and an outcome field on AttackPathsQueryDefinition. Assign outcomes to every real attack-path query by id pattern in aws.py (privesc-passrole and code-exec to 'Code execution', IAM/STS privesc to 'Privilege escalation', internet-exposed chain to 'Data exfiltration'). The 11 inventory queries keep outcome=None.
- execute_query attaches outcome to the run-query response; expose it via new AttackPathsQueryOutcomeSerializer in AttackPathsQuerySerializer and AttackPathsQueryResultSerializer (allow_null).
- attack_paths_queries action filters the catalog to queries with an outcome (78 -> 67 surfaced; 11 inventory hidden).
- Existing tests that used AWSAccount as a generic node updated to AWSRole; new tests cover account stripping and outcome passthrough.
2026-05-26 09:10:58 +02:00
Pepe Fagoaga
13e2ede763
chore(changelog): prepare for v5.28.0 ( #11321 )
2026-05-22 09:33:40 +02:00
Pedro Martín
dbbefd0558
feat(compliance): add resource metadata tab inside req find ( #11187 )
2026-05-21 15:09:43 +02:00
César Arroba
7d03bc5e17
fix(api): chown src/backend and docker-entrypoint to prowler user ( #11276 )
2026-05-21 10:21:33 +02:00
Daniel Barranquero
6eebfcfe77
feat(api): add okta provider support ( #11184 )
2026-05-20 10:46:29 +02:00
Pepe Fagoaga
9d8b69abda
fix(api): uv.lock permissions during docker build ( #11243 )
...
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com >
2026-05-19 19:08:35 +02:00
Pedro Martín
60aa601e92
fix(docker): chown copied files to prowler pin uv sync --locked ( #11234 )
2026-05-19 18:03:05 +02:00
Prowler Bot
476e7d1010
chore(release): Bump versions to v5.28.0 ( #11227 )
...
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com >
2026-05-19 15:11:44 +02:00
Pepe Fagoaga
cb01769237
chore(changelog): prepare for v5.27.0 ( #11218 )
2026-05-19 11:42:10 +02:00
Adrián Peña
37aa290d1c
feat(api): add health/live and health/ready probe endpoints ( #11200 )
2026-05-18 16:28:36 +02:00
Pedro Martín
5d34577b0b
feat(reporting): bound PDF compliance report memory and CPU ( #11160 )
2026-05-18 11:46:26 +02:00
Pedro Martín
855e74add0
chore(deps): fix osv-scanner from API ( #11192 )
2026-05-18 10:20:43 +02:00
Adrián Peña
40b7cb3991
fix(api): skip scan tasks when provider was deleted ( #11185 )
2026-05-15 13:48:02 +02:00
Pepe Fagoaga
3410fc927a
chore(security): replace safety with osv-scanner ( #11167 )
2026-05-14 14:35:09 +02:00
AOrps
fb0ef391f2
ci(api): replace poetry with uv (api) ( #10775 )
...
Signed-off-by: AOrps <aorbeandrews@gmail.com >
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com >
2026-05-14 11:17:17 +02:00
Rubén De la Torre Vico
9293c7b58d
fix(api): correct service principal for Bedrock AgentCore attack paths ( #11141 )
2026-05-13 10:14:59 +02:00
Josema Camacho
a30b6623ed
fix(api): make findings GIN index migration idempotent ( #11129 )
2026-05-12 13:47:08 +02:00
Josema Camacho
6dfa135755
perf(api): add multi-column GIN index on findings array fields ( #11001 )
2026-05-12 11:45:16 +02:00
Adrián Peña
9cedbd3582
fix(api): defer scan broker publish until transaction commits ( #11122 )
2026-05-12 11:04:39 +02:00
Prowler Bot
500b395125
chore(api): Bump version to v1.28.0 ( #11112 )
...
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com >
2026-05-11 15:36:36 +02:00
Pepe Fagoaga
02cdcb29db
chore: changelog for v5.26.0 ( #11105 )
2026-05-11 13:04:24 +02:00
Pedro Martín
7971b40f49
feat(api): ASD Essential Eight compliance framework support ( #10982 )
...
Co-authored-by: César Arroba <cesar@prowler.com >
2026-05-06 14:03:00 +02:00
Pedro Martín
4c3e741af7
chore(pyproject): revert API changes ( #11049 )
...
Co-authored-by: César Arroba <cesar@prowler.com >
2026-05-06 12:09:46 +02:00
Pedro Martín
22b233f206
chore(deps): bump requests to 2.33.1 to fix CVE-2026-25645 ( #10983 )
2026-05-05 16:43:18 +02:00
Daniel Barranquero
aa759ab6b7
fix(attack-surface): restore ec2-imdsv1 category alignment ( #10998 )
2026-05-05 16:42:47 +02:00
Hugo Pereira Brito
369d6cecc1
fix: patch CVE-2026-39892 and CVE-2026-33186 across SDK, API and MCP images ( #10978 )
...
Co-authored-by: Pepe Fagoaga <pepe@prowler.com >
2026-05-05 15:04:44 +01:00
Pepe Fagoaga
703a33108c
chore(changelog): prepare for v5.25.2 ( #10991 )
2026-05-05 08:47:28 +02:00
Pepe Fagoaga
85d38b5f71
feat(scans): Reset resource failed findings to 0 for ephemeral resources ( #10929 )
2026-04-29 19:08:16 +02:00
Pepe Fagoaga
20f36f7c84
chore: changelog v5.25.1 ( #10934 )
2026-04-29 14:00:53 +02:00
Josema Camacho
5d90352a0f
fix(api): redirect scan report and compliance downloads to presigned S3 URLs ( #10927 )
2026-04-29 13:19:19 +02:00
Josema Camacho
d2086cad3f
fix(api): Attack Paths AWS region fallback and stale SCHEDULED cleanup ( #10917 )
2026-04-29 12:20:43 +02:00
Prowler Bot
2242689295
chore(api): Bump version to v1.27.0 ( #10913 )
...
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com >
2026-04-28 12:34:43 +02:00
Pepe Fagoaga
37e6c9761f
chore: changelog for v5.25.0 ( #10900 )
2026-04-28 08:47:20 +02:00
Josema Camacho
15ca69942d
fix(api): align get_compliance_frameworks with Compliance.get_bulk ( #10903 )
2026-04-27 18:10:08 +02:00
Adrián Peña
df76efc197
fix(api): skip null service/region in scan summary aggregation ( #10902 )
2026-04-27 17:46:46 +02:00
Adrián Peña
fb6da427f8
fix(api): prevent /tmp saturation from compliance report generation ( #10874 )
2026-04-27 11:05:34 +02:00
Adrián Peña
65fd3335d3
fix(api): reaggregate resource inventory and attack surface after muting findings ( #10843 )
2026-04-27 11:03:28 +02:00
Andoni Alonso
b668770480
feat(github): add zizmor GitHub Actions scanning as a service of the GitHub provider ( #10607 )
2026-04-27 08:55:07 +02:00
Pepe Fagoaga
7a0e107617
chore(api): changelog for v5.24.4 ( #10882 )
2026-04-24 11:57:02 +02:00
Josema Camacho
0df24eeff6
fix(api): make Neo4j connection acquisition timeout configurable and enable Sentry tracing ( #10873 )
2026-04-23 17:52:14 +02:00
Pedro Martín
2304bf0093
feat(compliance): add CIS pdf reporting ( #10650 )
2026-04-23 13:28:30 +02:00
Pepe Fagoaga
2ca74102a9
chore(poetry): lock poetry with 2.3.4 and install git as required ( #10868 )
2026-04-23 12:30:14 +02:00
Josema Camacho
1093f6c99b
fix(api): merge Attack Paths findings on short UIDs for AWS resources ( #10839 )
2026-04-22 12:19:03 +02:00
Adrián Peña
1456def7d4
fix(api): reaggregate overview summaries after muting findings ( #10827 )
2026-04-22 10:44:21 +02:00
Davidm4r
97a085bf21
feat(ui): Add user expulsion from tenants with JWT authentication fix ( #10787 )
...
Co-authored-by: Pablo F.G <pablo.fernandez@prowler.com >
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
Co-authored-by: Adrián Peña <adrianjpr@gmail.com >
2026-04-22 09:28:39 +02:00
dependabot[bot]
72c94db1cf
chore(deps): bump pygments from 2.19.2 to 2.20.0 in /api ( #10522 )
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 08:59:21 +02:00
Adrián Peña
61a62fd6e0
fix(api): treat muted findings as resolved in finding-groups status ( #10825 )
2026-04-21 17:31:44 +02:00
Adrián Peña
548389d79f
perf(api): speed up finding-groups /resources endpoint ( #10816 )
2026-04-21 12:53:59 +02:00
Adrián Peña
4346401a0a
fix(api): align latest_resources scan selection with completed_at ( #10802 )
2026-04-20 17:16:01 +02:00