ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-04-12 20:58:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,040 Commits 426 Branches 180 Tags
def59a8cc23905ab463cfd2cafe0cc831ce971d2
Commit Graph

479 Commits

Author SHA1 Message Date
dependabot[bot]
379df7800d chore(deps): bump aiohttp from 3.13.3 to 3.13.5 in /api (#10538) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
 2026-04-09 09:27:55 +02:00
Adrián Peña
e6aedcb207 feat(api): support sort by delta on finding-groups endpoints (#10606) 2026-04-08 11:04:57 +02:00
Adrián Peña
abaacd7dbf feat(api): finding group first_seen_at semantics and resource delta (#10595) 2026-04-07 16:41:08 +02:00
Davidm4r
33efd72b97 chore(deps): bump authlib from 1.6.5 to 1.6.9 (#10579) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 13:31:59 +02:00
Josema Camacho
8bc03f8d04 fix(api): remove clear_cache from attack paths read-only query endpoints (#10586) 2026-04-07 12:46:51 +02:00
Adrián Peña
5fff3b920d fix(api): exclude spurious retrieve from Jira docs and add known limitations (#10580) 2026-04-06 14:30:38 +02:00
Pablo Fernandez Guerra (PFE)
961f9c86da feat(ui): Add tenant management (#10491) 
Co-authored-by: Pablo Fernandez <pfe@NB0240.local>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Pablo F.G <pablo.fernandez@prowler.com>
Co-authored-by: David <david.copo@gmail.com>
 2026-04-06 10:31:30 +02:00
Alan Buscaglia
509ec74c3d fix(ui): findings groups improvements — security fixes, code quality, and UX feedback (#10513) 
Co-authored-by: alejandrobailo <alejandrobailo94@gmail.com>
 2026-04-01 15:54:46 +02:00
Adrián Peña
ab8e83da3f fix(api,ui): dynamically fetch Jira issue types instead of hardcoding "Task" (#10534) 
Co-authored-by: alejandrobailo <alejandrobailo94@gmail.com>
 2026-04-01 14:37:49 +02:00
Alejandro Bailo
af6198e6c2 feat(api): integrate Vercel provider into API layer (#10190) 
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
 2026-04-01 13:20:49 +02:00
Adrián Peña
2a8b6261e1 fix(api): false 404 and sorting on finding group resources endpoints (#10510) 2026-03-30 12:47:16 +02:00
Josema Camacho
94e234cefb fix(api): use raw FK ids in membership post_delete signal to avoid cascade lookup failures (#10497) 2026-03-27 16:16:28 +01:00
Josema Camacho
8bfeee238b feat(api): replace _provider_id property with label-based isolation and regex injection for custom queries (#10402) 2026-03-27 14:31:56 +01:00
Josema Camacho
cc197ea901 feat(api): add periodic cleanup of stale Attack Paths scans with dead-worker detection (#10387) 2026-03-27 14:17:22 +01:00
Adrián Peña
73e0ac6892 chore: update dependencies (#10492) 2026-03-27 13:13:47 +01:00
Terry Franklin
0a11ca4a68 feat(celery): VALKEY_SCHEME environment variable (#10420) 
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
 2026-03-27 09:22:35 +01:00
Adrián Peña
c953fa7e67 fix(api): resolve check_title filter to check_id for consistent finding-group counts (#10486) 2026-03-27 09:05:02 +01:00
stepsecurity-app[bot]
716c130140 feat(security): security best practices from StepSecurity (#10480) 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
 2026-03-26 13:58:19 +01:00
Adrián Peña
dd00d71a07 fix(api): fix finding groups muted filter, counters and reaggregation (#10477) 2026-03-26 10:35:21 +01:00
Davidm4r
2cf45c72b6 fix(api): remove MANAGE_ACCOUNT permission requirement for listing or create a tenant (#10468) 2026-03-26 09:41:16 +01:00
Adrián Peña
45f0909c3e chore(api): pin all unpinned dependencies to exact versions (#10469) 2026-03-25 13:27:04 +01:00
Davidm4r
9bf2a13177 fix: resolve 403 error for admin users listing tenants (#10460) 2026-03-25 10:13:54 +01:00
Josema Camacho
d15e67e2e5 fix(api): filter neo4j.io defunct connection logs in Sentry before_send (#10452) 2026-03-25 09:55:12 +01:00
Adrián Peña
aa3641718b fix(api): populate compliance data in check_metadata for findings (#10449) 2026-03-24 17:19:53 +01:00
Adrián Peña
bb80797392 fix(api): support finding-group aggregated filters (#10428) 2026-03-24 16:39:26 +01:00
Prowler Bot
0984cfd75b chore(api): Bump version to v1.24.0 (#10440) 
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
 2026-03-24 14:05:48 +01:00
Josema Camacho
55ed7a0663 docs(CHANGELOG): cutting for 5.22.0 (#10437) 2026-03-24 12:15:44 +01:00
Josema Camacho
844efbd046 perf(api): deduplicate nodes before ProwlerFinding lookup in Attack Paths queries (#10424) 2026-03-23 17:16:15 +01:00
Josema Camacho
d60b4f0f52 fix(api): Update Flask and Werkzeug to address vulnerabilities (#10430) 2026-03-23 16:59:03 +01:00
Adrián Peña
591f5a8603 fix(api): align finding-group latest aggregation (#10419) 2026-03-23 12:43:45 +01:00
Adrián Peña
ad6368a446 chore: add defusedxml as api dependency (#10401) 2026-03-19 18:26:55 +01:00
Adrián Peña
3361393b7d chore: update changelog (#10400) 2026-03-19 17:55:18 +01:00
Sandiyo Christan
0b7a21a70c fix(api): [security] use defusedxml to prevent XML bomb DoS in SAML metadata parsing (#10165) 
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Adrián Peña <adrianjpr@gmail.com>
 2026-03-19 17:44:52 +01:00
Josema Camacho
872e6e239c perf(api): replace JOINs with pre-check in threat score aggregation query (#10394) 2026-03-19 17:30:06 +01:00
Adrián Peña
2fe92cfce3 feat(api): add check title search for finding groups (#10377) 2026-03-19 16:48:26 +01:00
Adrián Peña
ab266080d0 perf(api): add trigram indexes for finding groups (#10378) 2026-03-19 13:54:50 +01:00
Prowler Bot
4638b39ed4 chore(api): Bump version to v1.23.0 (#10393) 
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
 2026-03-19 13:42:46 +01:00
Pepe Fagoaga
8317eff67b chore(changelog): prepare for v5.21.0 (#10380) 2026-03-19 11:09:51 +01:00
Josema Camacho
1da10611e7 perf(attack-paths): reduce sync and findings memory usage with smaller batches and cursor iteration (#10359) 2026-03-18 10:08:30 +01:00
Josema Camacho
f5f1f1ab2d fix(attack-paths): recover graph_data_ready when scan fails during graph swap (#10354) 2026-03-18 09:49:45 +01:00
Sandiyo Christan
88ce188103 fix(api): [security] use psycopg2.sql to safely compose DDL in PostgresEnumMigration (#10166) 
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Adrián Peña <adrianjpr@gmail.com>
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
 2026-03-17 13:24:24 +01:00
Zakir Jiwani
887a20f06e feat: CORS_ALLOWED_ORIGINS configurable via environment variable (#10355) 
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
 2026-03-17 09:55:06 +01:00
Josema Camacho
6a4278ed4d fix(docs): setting a couple of API PRs in the next release instead of 5.20 (#10357) 2026-03-17 09:00:56 +01:00
Josema Camacho
787a339cd9 feat(attack-paths): scans add tenant and provider related labels to nodes (#10308) 2026-03-16 16:31:15 +01:00
Josema Camacho
ad02801c74 refactor(attack-paths): complete migration to private graph labels and properties (phase 2) (#10268) 2026-03-16 12:34:58 +01:00
Pepe Fagoaga
b8c6f3ba67 chore(skills): add Django migrations skills (#10260) 2026-03-12 18:37:43 +01:00
Prowler Bot
80a814afce chore(api): Bump version to v1.22.0 (#10326) 
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
 2026-03-12 18:26:23 +01:00
Josema Camacho
97a91bfaaa docs(changelog): fix formatting for v5.20.0 release (#10316) 2026-03-12 12:58:02 +01:00
Josema Camacho
4dc3765670 fix(api): add security hardening for Attack Paths custom query endpoint (#10238) 2026-03-12 10:46:29 +01:00
Josema Camacho
628a076118 docs(attack-paths): add module docstring to scan orchestrator (#10277) 2026-03-12 08:49:48 +01:00