8631 Commits

Author SHA1 Message Date
Prowler Bot 0c79414c6f chore(api): Update prowler dependency to v5.31 for release 5.31.0 (#11672)
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
5.31.0
2026-06-23 14:30:02 +02:00
Josema Camacho fb995a79bf chore: modify changelogs for 5.31.0 release (#11671) 2026-06-23 14:09:52 +02:00
s1ns3nz0 9d8c060c49 feat(azure): add recovery_vault_backup_policy_retention_adequate check (#11047)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-23 13:56:52 +02:00
Alejandro Bailo 0cabceb09c feat(ui): source scheduled scans tab from /schedules endpoint (#11670)
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-23 13:44:37 +02:00
s1ns3nz0 3ee24fba51 feat(azure): add entra_user_with_recent_sign_in check (#11040)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-23 13:13:02 +02:00
s1ns3nz0 48acb3bd2e feat(gcp): add secretmanager_secret_rotation_enabled check (#11026)
Co-authored-by: Lydia Vilchez <lydiavilchezlopez@gmail.com>
2026-06-23 11:30:15 +02:00
Alejandro Bailo c6c07957a6 fix(ui): use shared scan launch action errors (#11664) 2026-06-23 09:52:20 +02:00
Pedro Martín 0610866b73 feat(config): add SDK config's validator (#11518)
Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-06-23 09:40:32 +02:00
Hugo Pereira Brito 2afa18d3da fix(changelog): move recovery vault entry to 5.31 (#11666) 2026-06-22 20:37:07 +01:00
s1ns3nz0 a0fdc96649 feat(azure): add recovery_vault_has_protected_items check (#11048)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
2026-06-22 19:59:25 +01:00
Nikhil Kumar b6caaa4268 feat(kubernetes): checks for memory limits, memory requests, and image tag (#11373)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
2026-06-22 19:39:39 +01:00
Pedro Martín 04e6e330a7 feat(aws): add rolesanywhere service and pqc trust anchor check (#11319)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
2026-06-22 18:39:16 +01:00
s1ns3nz0 29329f6203 feat(azure): add entra_authentication_methods_policy_strong_auth_enforced check (#11039)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-22 18:18:22 +02:00
Pedro Martín bdd44a0dce feat(aws): add acmpca service and pqc key algorithm check (#11318)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
2026-06-22 17:13:17 +01:00
Pedro Martín 10d9fc35e6 feat(aws): add cloudfront_distributions_pqc_tls_enabled check (#11317)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
2026-06-22 16:44:51 +01:00
s1ns3nz0 6826422a6a feat(azure): add entra_app_registration_credential_not_expired check (#11038)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-22 17:30:18 +02:00
Pedro Martín ca48fd0719 feat(aws): add apigateway_domain_name_pqc_tls_enabled check (#11316)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
2026-06-22 16:12:01 +01:00
s1ns3nz0 b9298b4023 feat(azure): add network_vnet_ddos_protection_enabled check (#11044)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-22 16:34:52 +02:00
Josema Camacho 2375f1d962 fix(api): uvicorn worker keepalive (#11663)
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-22 16:30:33 +02:00
Alejandro Bailo 5ee8b9680d feat(ui): add organization bulk scan scheduling (#11643) 2026-06-22 16:21:35 +02:00
Pedro Martín 45cfe4e411 feat(aws): add transfer_server_pqc_ssh_kex_enabled check (#11315)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
2026-06-22 14:30:15 +01:00
abdou 30d737c7d7 fix(api): bound Celery worker concurrency to a configurable default (#11075)
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com>
2026-06-22 14:05:11 +02:00
s1ns3nz0 869f0726f5 feat(azure): add network_subnet_nsg_associated check (#11043)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-22 14:03:54 +02:00
s1ns3nz0 6dda1ae485 feat(azure): add aks_cluster_local_accounts_disabled check (#11030)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-22 13:38:17 +02:00
s1ns3nz0 13f51de5c1 feat(azure): add aks_cluster_azure_monitor_enabled check (#11029)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-22 13:17:23 +02:00
s1ns3nz0 5d5f0676e0 feat(gcp): add secretmanager_secret_not_publicly_accessible check (#11025)
Co-authored-by: Lydia Vilchez <lydiavilchezlopez@gmail.com>
2026-06-22 12:55:42 +02:00
varunmamillapalli 8a1d7bcd6b feat(linode): add provider with administration compute and networking services (#11633)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
2026-06-22 11:19:20 +02:00
s1ns3nz0 ccc1f161d2 feat(gcp): add cloudfunction_function_not_publicly_accessible check (#11022)
Co-authored-by: Lydia Vilchez <lydiavilchezlopez@gmail.com>
2026-06-22 10:26:03 +02:00
Pepe Fagoaga a7917f779a chore(sdk): changelog for v5.30.3 (#11651) 2026-06-19 15:21:38 +02:00
Pepe Fagoaga 7f96d895bb fix: API changelog from advisory merge (#11649) 2026-06-19 13:48:47 +02:00
Adrián Peña bf3b5c2ba7 Merge commit from fork
* fix(saml): cross-tenant account takeover via SAML domain claiming

* chore(changelog): add PR #

* fix(api): bind SAML tokens to validated domain

- Reject SAML assertions with mismatched email domains
- Issue SAML tokens from the validated ACS tenant
- Add regression coverage for cross-tenant SAML token issuance

* fix(api): resolve SAML tenant inside RLS context

- Load the SAML tenant relation before leaving the RLS transaction
- Avoid lazy tenant lookups during the SAML ACS finish flow

---------

Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-06-19 13:38:51 +02:00
Hugo Pereira Brito 218f64595a fix(metadata): tag IAM policy privilege escalation check (#11648) 2026-06-19 13:09:35 +02:00
Josema Camacho 6d8d553610 fix(api): set gunicorn keep-alive above the load balancer idle timeout to stop 502s (#11647) 2026-06-19 12:49:49 +02:00
Pedro Martín e10cf34ad6 feat(compliance): DORA compliance framework for Alibaba Cloud (#11646) 2026-06-19 12:17:33 +02:00
s1ns3nz0 bbf54011ea feat(azure): add postgresql_flexible_server_high_availability_enabled check (#11046)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-19 11:59:37 +02:00
Pedro Martín 9e173978dc feat(compliance): add DORA compliance framework for Cloudflare (#11645) 2026-06-19 10:37:07 +02:00
s1ns3nz0 d27ec7d62e feat(azure): add postgresql_flexible_server_geo_redundant_backup_enabled check (#11045)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-19 10:21:38 +02:00
Pedro Martín 151dcd2895 feat(compliance): add DORA compliance framework for GCP (#11642) 2026-06-19 09:07:54 +02:00
s1ns3nz0 d961d7efe4 feat(azure): add mysql_flexible_server_high_availability_enabled check (#11042)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-19 09:00:46 +02:00
Josema Camacho 99285d4656 fix(api): close DB connections per request to stop ASGI replica connection leak (#11640) 2026-06-18 17:42:19 +02:00
Adrián Peña 19629e9bb8 fix: simplify local dev launch workflow (#11641) 2026-06-18 16:51:02 +02:00
Adrián Peña b89b427a86 feat: add Makefile local development stack (#11637) 2026-06-18 16:37:42 +02:00
Alejandro Bailo 908d2ce766 feat(ui): per-provider scan schedule management gated by capability (#11521) 2026-06-18 15:47:03 +02:00
Pablo Fernandez Guerra (PFE) 853610bbbf feat(ui): resolve public SaaS config at container runtime (#11500)
Co-authored-by: Pablo F.G <pablo.fernandez@prowler.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-18 15:12:18 +02:00
Pepe Fagoaga 751c7fc29f chore(jira): timeout to 90 seconds (#11638) 2026-06-18 13:03:19 +02:00
s1ns3nz0 7dd08bc6bf feat(azure): add mysql_flexible_server_geo_redundant_backup_enabled check (#11041)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-18 12:41:04 +02:00
Alejandro Bailo 2111d083df fix(ui): bump transitive dompurify to 3.4.10 to patch XSS advisories (#11636) 2026-06-18 12:00:58 +02:00
s1ns3nz0 82d37c4978 feat(azure): add aks_cluster_defender_enabled check (#11028)
Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
2026-06-18 10:22:51 +01:00
Pedro Martín aee3b392a7 fix(compliance): multi-section undercount & leaked provider tab (#11567) 2026-06-18 10:30:27 +02:00
s1ns3nz0 ddbf3405a0 feat(azure): add defender_ensure_defender_cspm_is_on check (#11037)
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-06-18 10:05:02 +02:00