[dependency-groups] dev = [ "bandit==1.7.9", "coverage==7.5.4", "django-silk==5.3.2", "docker==7.1.0", "filelock==3.20.3", "freezegun==1.5.1", "mypy==1.10.1", "pylint==3.2.5", "pytest==9.0.3", "pytest-cov==5.0.0", "pytest-django==4.8.0", "pytest-env==1.1.3", "pytest-randomly==3.15.0", "pytest-xdist==3.6.1", "ruff==0.15.11", "tqdm==4.67.1", "vulture==2.14", "prek==0.3.9" ] [project] authors = [{name = "Prowler Engineering", email = "engineering@prowler.com"}] dependencies = [ "celery (==5.6.2)", "dj-rest-auth[with_social,jwt] (==7.0.1)", "django (==5.1.15)", "django-allauth[saml] (==65.15.0)", "django-celery-beat (==2.9.0)", "django-celery-results (==2.6.0)", "django-cors-headers==4.4.0", "django-environ==0.11.2", "django-filter==24.3", "django-guid==3.5.0", "django-postgres-extra (==2.0.9)", "djangorestframework==3.15.2", "djangorestframework-jsonapi==7.0.2", "djangorestframework-simplejwt (==5.5.1)", "drf-nested-routers (==0.95.0)", "drf-spectacular==0.27.2", "drf-spectacular-jsonapi==0.5.1", "defusedxml==0.7.1", "django-eventstream==5.3.3", "gunicorn==26.0.0", "uvloop==0.22.1", "lxml==6.1.0", "prowler @ git+https://github.com/prowler-cloud/prowler.git@master", "psycopg2-binary==2.9.9", "pytest-celery[redis] (==1.3.0)", "sentry-sdk[django] (==2.56.0)", "uuid6==2024.7.10", "openai (==1.109.1)", "xmlsec==1.3.17", "h2 (==4.3.0)", "markdown (==3.10.2)", "drf-simple-apikey (==2.2.1)", "matplotlib (==3.10.8)", "reportlab (==4.4.10)", "neo4j (==6.1.0)", "cartography (==0.135.0)", "gevent (==25.9.1)", "werkzeug (==3.1.7)", "sqlparse (==0.5.5)", "fonttools (==4.62.1)", "uvicorn-worker (==0.4.0)", ] description = "Prowler's API (Django/DRF)" license = "Apache-2.0" name = "prowler-api" package-mode = false # Needed for the SDK compatibility requires-python = ">=3.11,<3.13" version = "1.33.0" # Shared ruff baseline (kept in sync with mcp_server/pyproject.toml). # target-version tracks this project's lowest supported Python. [tool.ruff] src = ["src"] target-version = "py311" [tool.ruff.lint] # Defaults (E4/E7/E9, F) plus import sorting, modern-syntax upgrades, and # comprehension lints — all mechanically auto-fixable. flake8-bugbear (B) is a # good next step but needs manual cleanup (e.g. B904 raise-from), so it is left # out of the shared baseline for now. extend-select = [ "I", # isort — import ordering (prek's isort hook covers only the SDK) "UP", # pyupgrade — modern syntax for the min supported Python "C4" # flake8-comprehensions ] [tool.uv] # Transitive pins matching master to avoid silent drift; bump deliberately. constraint-dependencies = [ "about-time==4.2.1", "adal==1.2.7", "aioboto3==15.5.0", "aiobotocore==2.25.1", "aiofiles==24.1.0", "aiohappyeyeballs==2.6.1", "aiohttp==3.14.0", "aioitertools==0.13.0", "aiosignal==1.4.0", "alibabacloud-actiontrail20200706==2.4.1", "alibabacloud-credentials==1.0.3", "alibabacloud-credentials-api==1.0.0", "alibabacloud-cs20151215==6.1.0", "alibabacloud-darabonba-array==0.1.0", "alibabacloud-darabonba-encode-util==0.0.2", "alibabacloud-darabonba-map==0.0.1", "alibabacloud-darabonba-signature-util==0.0.4", "alibabacloud-darabonba-string==0.0.4", "alibabacloud-darabonba-time==0.0.1", "alibabacloud-ecs20140526==7.2.5", "alibabacloud-endpoint-util==0.0.4", "alibabacloud-gateway-oss==0.0.17", "alibabacloud-gateway-oss-util==0.0.3", "alibabacloud-gateway-sls==0.4.0", "alibabacloud-gateway-sls-util==0.4.0", "alibabacloud-gateway-spi==0.0.3", "alibabacloud-openapi-util==0.2.4", "alibabacloud-oss-util==0.0.6", "alibabacloud-oss20190517==1.0.6", "alibabacloud-ram20150501==1.2.0", "alibabacloud-rds20140815==12.0.0", "alibabacloud-sas20181203==6.1.0", "alibabacloud-sls20201230==5.9.0", "alibabacloud-sts20150401==1.1.6", "alibabacloud-tea==0.4.3", "alibabacloud-tea-openapi==0.4.4", "alibabacloud-tea-util==0.3.14", "alibabacloud-tea-xml==0.0.3", "alibabacloud-vpc20160428==6.13.0", "alive-progress==3.3.0", "aliyun-log-fastpb==0.2.0", "amqp==5.3.1", "annotated-types==0.7.0", "anyio==4.12.1", "applicationinsights==0.11.10", "apscheduler==3.11.2", "argcomplete==3.5.3", "asgiref==3.11.0", "astroid==3.2.4", "async-timeout==5.0.1", "attrs==25.4.0", "authlib==1.6.12", "autopep8==2.3.2", "azure-cli-core==2.83.0", "azure-cli-telemetry==1.1.0", "azure-common==1.1.28", "azure-core==1.38.1", "azure-identity==1.21.0", "azure-keyvault-certificates==4.10.0", "azure-keyvault-keys==4.10.0", "azure-keyvault-secrets==4.10.0", "azure-mgmt-apimanagement==5.0.0", "azure-mgmt-applicationinsights==4.1.0", "azure-mgmt-authorization==4.0.0", "azure-mgmt-compute==34.0.0", "azure-mgmt-containerinstance==10.1.0", "azure-mgmt-containerregistry==12.0.0", "azure-mgmt-containerservice==34.1.0", "azure-mgmt-core==1.6.0", "azure-mgmt-cosmosdb==9.7.0", "azure-mgmt-databricks==2.0.0", "azure-mgmt-datafactory==9.2.0", "azure-mgmt-eventgrid==10.4.0", "azure-mgmt-eventhub==11.2.0", "azure-mgmt-keyvault==10.3.1", "azure-mgmt-loganalytics==12.0.0", "azure-mgmt-logic==10.0.0", "azure-mgmt-monitor==6.0.2", "azure-mgmt-network==28.1.0", "azure-mgmt-postgresqlflexibleservers==1.1.0", "azure-mgmt-rdbms==10.1.0", "azure-mgmt-recoveryservices==3.1.0", "azure-mgmt-recoveryservicesbackup==9.2.0", "azure-mgmt-resource==24.0.0", "azure-mgmt-search==9.1.0", "azure-mgmt-security==7.0.0", "azure-mgmt-sql==3.0.1", "azure-mgmt-storage==22.1.1", "azure-mgmt-subscription==3.1.1", "azure-mgmt-synapse==2.0.0", "azure-mgmt-web==8.0.0", "azure-monitor-query==2.0.0", "azure-storage-blob==12.24.1", "azure-synapse-artifacts==0.21.0", "backoff==2.2.1", "bandit==1.7.9", "billiard==4.2.4", "blinker==1.9.0", "boto3==1.40.61", "botocore==1.40.61", "cartography==0.135.0", "celery==5.6.2", "certifi==2026.1.4", "cffi==2.0.0", "charset-normalizer==3.4.4", "circuitbreaker==2.1.3", "click==8.3.1", "click-didyoumean==0.3.1", "click-plugins==1.1.1.2", "click-repl==0.3.0", "cloudflare==4.3.1", "colorama==0.4.6", "contextlib2==21.6.0", "contourpy==1.3.3", "coverage==7.5.4", "cron-descriptor==1.4.5", "crowdstrike-falconpy==1.6.0", "cryptography==46.0.7", "cycler==0.12.1", "darabonba-core==1.0.5", "dash==3.1.1", "dash-bootstrap-components==2.0.3", "debugpy==1.8.20", "decorator==5.2.1", "defusedxml==0.7.1", "detect-secrets==1.5.0", "dill==0.4.1", "distro==1.9.0", "dj-rest-auth==7.0.1", "django==5.1.15", "django-allauth==65.15.0", "django-celery-beat==2.9.0", "django-celery-results==2.6.0", "django-cors-headers==4.4.0", "django-environ==0.11.2", "django-eventstream==5.3.3", "django-filter==24.3", "django-guid==3.5.0", "django-postgres-extra==2.0.9", "django-silk==5.3.2", "django-timezone-field==7.2.1", "djangorestframework==3.15.2", "djangorestframework-jsonapi==7.0.2", "djangorestframework-simplejwt==5.5.1", "dnspython==2.8.0", "docker==7.1.0", "dogpile-cache==1.5.0", "dparse==0.6.4", "drf-extensions==0.8.0", "drf-nested-routers==0.95.0", "drf-simple-apikey==2.2.1", "drf-spectacular==0.27.2", "drf-spectacular-jsonapi==0.5.1", "dulwich==1.2.5", "duo-client==5.5.0", "durationpy==0.10", "email-validator==2.2.0", "execnet==2.1.2", "filelock==3.20.3", "flask==3.1.3", "fonttools==4.62.1", "freezegun==1.5.1", "frozenlist==1.8.0", "gevent==25.9.1", "google-api-core==2.29.0", "google-api-python-client==2.163.0", "google-auth==2.48.0", "google-auth-httplib2==0.2.0", "google-cloud-access-context-manager==0.3.0", "google-cloud-asset==4.2.0", "google-cloud-org-policy==1.16.0", "google-cloud-os-config==1.23.0", "google-cloud-resource-manager==1.16.0", "googleapis-common-protos==1.72.0", "gprof2dot==2025.4.14", "graphemeu==0.7.2", "greenlet==3.3.1", "grpc-google-iam-v1==0.14.3", "grpcio==1.76.0", "grpcio-status==1.76.0", "gunicorn==26.0.0", "h11==0.16.0", "h2==4.3.0", "hpack==4.1.0", "httpcore==1.0.9", "httplib2==0.31.2", "httpx==0.28.1", "humanfriendly==10.0", "hyperframe==6.1.0", "iamdata==0.1.202605131", "idna==3.15", "importlib-metadata==8.7.1", "inflection==0.5.1", "iniconfig==2.3.0", "iso8601==2.1.0", "isodate==0.7.2", "isort==5.13.2", "itsdangerous==2.2.0", "jinja2==3.1.6", "jiter==0.13.0", "jmespath==1.1.0", "joblib==1.5.3", "jsonpatch==1.33", "jsonpickle==4.1.1", "jsonpointer==3.0.0", "jsonschema==4.23.0", "jsonschema-specifications==2025.9.1", "keystoneauth1==5.13.0", "kiwisolver==1.4.9", "knack==0.11.0", "kombu==5.6.2", "kubernetes==32.0.1", "lxml==6.1.0", "lz4==4.4.5", "markdown==3.10.2", "markdown-it-py==4.0.0", "markupsafe==3.0.3", "marshmallow==4.3.0", "matplotlib==3.10.8", "mccabe==0.7.0", "mdurl==0.1.2", "microsoft-kiota-abstractions==1.9.9", "microsoft-kiota-authentication-azure==1.9.9", "microsoft-kiota-http==1.9.9", "microsoft-kiota-serialization-form==1.9.9", "microsoft-kiota-serialization-json==1.9.9", "microsoft-kiota-serialization-multipart==1.9.9", "microsoft-kiota-serialization-text==1.9.9", "microsoft-security-utilities-secret-masker==1.0.0b4", "msal==1.35.0b1", "msal-extensions==1.2.0", "msgraph-core==1.3.8", "msgraph-sdk==1.55.0", "msrest==0.7.1", "msrestazure==0.6.4.post1", "multidict==6.7.1", "mypy==1.10.1", "mypy-extensions==1.1.0", "narwhals==2.16.0", "neo4j==6.1.0", "nest-asyncio==1.6.0", "nltk==3.9.4", "numpy==2.2.6", "oauthlib==3.3.1", "oci==2.169.0", "openai==1.109.1", "openstacksdk==4.2.0", "opentelemetry-api==1.39.1", "opentelemetry-sdk==1.39.1", "opentelemetry-semantic-conventions==0.60b1", "os-service-types==1.8.2", "packageurl-python==0.17.6", "packaging==26.0", "pagerduty==6.1.0", "pandas==2.2.3", "pbr==7.0.3", "pillow==12.2.0", "pkginfo==1.12.1.2", "platformdirs==4.5.1", "plotly==6.5.2", "pluggy==1.6.0", "policyuniverse==1.5.1.20231109", "portalocker==2.10.1", "prek==0.3.9", "prompt-toolkit==3.0.52", "propcache==0.4.1", "proto-plus==1.27.0", "protobuf==6.33.5", "psutil==7.2.2", "psycopg2-binary==2.9.9", "py-deviceid==0.1.1", "py-iam-expand==0.3.0", "py-ocsf-models==0.8.1", "pyasn1==0.6.3", "pyasn1-modules==0.4.2", "pycodestyle==2.14.0", "pycparser==3.0", "pydantic==2.12.5", "pydantic-core==2.41.5", "pygithub==2.8.0", "pygments==2.20.0", "pyjwt==2.13.0", "pylint==3.2.5", "pymsalruntime==0.18.1", "pynacl==1.6.2", "pyopenssl==26.0.0", "pyparsing==3.3.2", "pyreadline3==3.5.4", "pysocks==1.7.1", "pytest==9.0.3", "pytest-celery==1.3.0", "pytest-cov==5.0.0", "pytest-django==4.8.0", "pytest-docker-tools==3.1.9", "pytest-env==1.1.3", "pytest-randomly==3.15.0", "pytest-xdist==3.6.1", "python-crontab==3.3.0", "python-dateutil==2.9.0.post0", "python-digitalocean==1.17.0", "python3-saml==1.16.0", "pytz==2025.1", "pywin32==311", "pyyaml==6.0.3", "redis==7.1.0", "referencing==0.37.0", "regex==2026.1.15", "reportlab==4.4.10", "requests==2.33.1", "requests-file==3.0.1", "requests-oauthlib==2.0.0", "requestsexceptions==1.4.0", "retrying==1.4.2", "rich==14.3.2", "rpds-py==0.30.0", "rsa==4.9.1", "ruamel-yaml==0.19.1", "ruff==0.15.11", "s3transfer==0.14.0", "scaleway==2.10.3", "scaleway-core==2.10.3", "schema==0.7.5", "sentry-sdk==2.56.0", "setuptools==80.10.2", "shellingham==1.5.4", "shodan==1.31.0", "six==1.17.0", "slack-sdk==3.39.0", "sniffio==1.3.1", "sqlparse==0.5.5", "statsd==4.0.1", "std-uritemplate==2.0.8", "stevedore==5.6.0", "tabulate==0.9.0", "tenacity==9.1.2", "tldextract==5.3.1", "tomlkit==0.14.0", "tqdm==4.67.1", "typer==0.21.1", "types-aiobotocore-ecr==3.1.1", "typing-extensions==4.15.0", "typing-inspection==0.4.2", "tzdata==2025.3", "tzlocal==5.3.1", "uritemplate==4.2.0", "urllib3==2.7.0", "uuid6==2024.7.10", "uvicorn==0.49.0", "uvloop==0.22.1", "vine==5.1.0", "vulture==2.14", "wcwidth==0.5.3", "websocket-client==1.9.0", "werkzeug==3.1.7", "workos==6.0.4", "wrapt==1.17.3", "xlsxwriter==3.2.9", "xmlsec==1.3.17", "xmltodict==1.0.2", "yarl==1.22.0", "zipp==3.23.0", "zope-event==6.1", "zope-interface==8.2", "zstd==1.5.7.3" ] # prowler@master needs okta==3.4.2; cartography 0.135.0 declares okta<1.0.0 for an # integration prowler does not import. # # prowler@master hard-pins microsoft-kiota-abstractions==1.9.2 in [project.dependencies]. # The microsoft-kiota-http security bump to 1.9.9 (GHSA-7j59-v9qr-6fq9) requires # microsoft-kiota-abstractions>=1.9.9, which a constraint cannot satisfy against the # SDK's hard pin; override it to the patched, kiota-aligned version. # # prowler@master hard-pins dulwich==0.23.0 and pyjwt==2.12.1 in [project.dependencies]. # dulwich 1.2.5 patches GHSA-897w-fcg9-f6xj (arbitrary file write) and pyjwt 2.13.0 # patches PYSEC-2026-179 (HMAC/JWK key-confusion); a constraint cannot satisfy these # against the SDK's hard pins, so override them to the patched versions until the SDK # bump propagates to the pinned master rev. pyjwt keeps the [crypto] extra because an # override replaces the whole requirement; bare pyjwt would drop it from the consumers # that request pyjwt[crypto] and leave cryptography (needed for RS256) only transitive. override-dependencies = [ "okta==3.4.2", "microsoft-kiota-abstractions==1.9.9", "dulwich==1.2.5", "pyjwt[crypto]==2.13.0" ]