Prowler 5.5.1

🔧 SDK

Fixes

• Add default name to contacts in Azure Defender (#7483)
• Handle projects without ID in GCP (#7496)
• Restore packages location in PyProject (#7510) to restore prowler and prowler dashboard

Full Changelog: 5.5.0...5.5.1

Prowler 5.5.0

New features to highlight in this version

🔐 Social Login with Google and GitHub

Prowler now supports social login via Google and GitHub!
From this release on, you can authenticate with your existing Google or GitHub account to access Prowler — no need to manage separate credentials.

This is just the beginning — future updates will include:

• Support for more identity providers
• Enhanced access control and user management
• Org-level identity integrations (e.g., SSO)

🔇 Muted Findings Support

Starting with this release, the Prowler App now supports muted findings. Findings returned by the API will be automatically muted based on the SDK provider’s default mutelist.

This is the first step toward more flexible muting capabilities. In upcoming versions, users will be able to:

• Mute specific findings via the API
• Filter muted findings
• Import and manage custom mutelist files
• Create and edit mutelists to fit their specific security requirements

🛡️ 17 New Microsoft 365 Entra Checks

We’ve expanded Prowler’s Microsoft 365 coverage with 17 new checks for the Entra service, giving you deeper visibility and control over identity and access management.

* entra_admin_consent_workflow_enabled
* entra_admin_portals_access_restriction
* entra_admin_users_cloud_only
* entra_admin_users_mfa_enabled
* entra_admin_users_phishing_resistant_mfa_enabled
* entra_admin_users_sign_in_frequency_enabled
* entra_dynamic_group_for_guests_created
* entra_identity_protection_sign_in_risk_enabled
* entra_identity_protection_user_risk_enabled
* entra_legacy_authentication_blocked
* entra_managed_device_required_for_authentication
* entra_managed_device_required_for_mfa_registration
* entra_password_hash_sync_enabled
* entra_policy_guest_invite_only_for_admin_roles
* entra_policy_guest_users_access_restrictions
* entra_policy_restricts_user_consent_for_apps
* entra_users_mfa_enabled

🕒 More Control Over Daily Scans

You now have the option to skip scheduling the daily scan when adding a new provider.

This gives you more flexibility during setup — especially useful if you want to configure the provider, test things out, or onboard gradually before enabling automatic daily scans.

📈 Expanded Compliance Coverage

We’re continuously working to expand and improve our compliance coverage — and in this release, we’ve added support for 4 new compliance frameworks:

• SOC 2 for Google Cloud Platform (GCP)
• ISO 27001:2022 for Azure, GCP, and Kubernetes

This means better visibility, more accurate reporting, and stronger alignment with industry standards across your cloud environments.

🌐 New (Unofficial) Cloud Provider: NHN Cloud

Prowler now includes initial support for NHN Cloud with 6 security checks across compute and networking services.

Note: NHN Cloud is not an officially supported provider.

Available NHN checks:

* compute_instance_login_user
* compute_instance_public_ip
* compute_instance_security_groups
* network_vpc_has_empty_routingtables
* network_vpc_subnet_enable_dhcp
* network_vpc_subnet_has_external_router

We’re exploring support for more providers based on community interest. Try it out and let us know what you think!

Many thanks to @eeche for the work creating this new provider 🥇

---

🎨 UI

🚀 Features

• Social login integration with Google and GitHub (#7218)
• Added one-time scan feature: Adds support for single scan execution. (#7188)
• Accepted invitations can no longer be edited. (#7198)
• Added download column in scans table to download reports for completed scans. (#7353)
• Show muted icon when a finding is muted. (#7378)
• Added static status icon with link to service status page. (#7468)

🔄 Changed

• Tweak styles for compliance cards. (#7148).
• Upgrade Next.js to v14.2.25 to fix a middleware authorization vulnerability. (#7339)
• Apply default filter to show only failed items when coming from scan table. (#7356)
• Fix link behavior in scan cards: only disable "View Findings" when scan is not completed or executing. (#7368)

💻 API

🚀 Features

• Support for developing new integrations (#7167).
• HTTP Security Headers (#7289).
• New endpoint to get the compliance overviews metadata (#7333).
• Support for muted findings (#7378).
• Added missing fields to API findings and resources (#7318).

🔧 SDK

🚀 Features

• Added 17 new Microsoft 365 Entra checks
• Added basic authentication to the SDK Jira integration
• 4 new Compliance Frameworks for Azure, GCP and Kubernetes

Full Changelog: 5.4.4...5.5.0

Prowler 5.4.4

💻 API

Fixes

• Fixed a bug with periodic tasks when trying to delete a provider (#7466)

🔧 SDK

Fixes

• Handle errors in AWS, Azure, and GCP with None attributes (#7471)
• Update SOC2 AWS compliance and remove some requirements (#7455)
• Handle logic for empty project names in GCP (#7450)
• Add resource ARN for AWS transit gateways (#7448)
• Ignore redirect balancers and add regional ones in GCP (#7449)
• Add default resource name in Azure Defender contacts (#7441)
• Solve multiple errors with None attributes (#7440)
• Remove resource_name inside the Check_Report for Azure (#7430)
• Make logging sink check at project level in GCP (#7428)

Full Changelog: 5.4.3...5.4.4

Prowler 5.4.3

💻 API

Fixes

• Added duplicated scheduled scans handling (#7401)
• Added environment variable to configure the deletion task batch size (#7423)

🔧 SDK

Fixes

• Ignore exception when aws service not available in a region (#7398)
• Add the correct id and names for resources (#7414)
• Log as error when Resource ID or Name do not exist (#7412)
• Validation error for Cluster.multi_az (#7400)
• Handle Certificate rds-ca-2019 not found (#7392)
• Nonetype object has no attribute level in stepfunctions (#7389)
• Resource metadata could not be converted to dict in FMS (#7388)
• Handle Nonetype is not iterable for extensions in VM (#7377)
• Handle None S3 account public access block (#7376)
• Describe smb/nfs share per region in StorageGateway (#7375)
• Handle Nonetype is not iterable for security groups (#7372)
• Handle NoneType accessing security_profile (#7373)
• Handle none SAML Providers (#7371)
• Handle UnboundLocalError cannot access local variable 'report' (#7370)

Full Changelog: 5.4.2...5.4.3

Prowler 5.4.2

🎨 UI

Security

• Remove x-powered-by header (#7347)
• Upgrade NextJS to 14.2.25 to fix auth middleware vulnerability (#7340)

💻 API

Fixes

• Refactored deletion logic and implemented retry mechanism for deletion tasks (#7349)

🔧 SDK

Fixes

• Update obsolete AWS Lambda runtimes (#7351)

Full Changelog: 5.4.1...5.4.2

Prowler 5.4.1

🎨 UI

Fixes

• Improve copy in Compliance cards (#7148)
• Read Scan ID from the Scan object instead of the task (#7324)

💻 API

Fixes

• Added a handled response in case local files are missing (#7183)
• Fixed a race condition when deleting export files after the S3 upload (#7172)
• Handled exception when a provider has no secret in test connection (#7283)

🔧 SDK

Fixes

• Make provider id mandatory in GCPProvider.test_connection (#7315)
• Solve false positive in route53_public_hosted_zones_cloudwatch_logging_enabled (#7293)
• Typo in Microsoft365NotTenantIdButClientIdAndClienSecretError exception (#7258)
• Add missing Compliance information inside Finding (#7247)
• Handle None metric alarms (#7207)
• Ignore new exceptions in Sentry (#7189)
• Ignore expected errors in GCP API (#7186)
• Remove and change duplicated IDs in ENS Compliance Framework (#7180)
• Correct check title for SQL Server Unrestricted (#7160)
• Match type with check results (#7155)
• Typo in ec2_securitygroup_allow_wide_open_public_ipv4 (#7158)
• Improve ecs_task_definitions_no_environment_secrets metadata (#7153)

Full Changelog: 5.4.0...5.4.1

Prowler 5.4.0

🎨 UI

• New sidebar and layout
• Animation scan running, don't need to push the button to see the progress
• Scan ID is now under scan details
• Status extended has been added to the finding details
• Triggers a sidebar re-render when an account is renamed
• Show Prowler version in the sidebar

Fixes

• When role is deleted the page reloads
• Create role allow to remove the groups visibility
• Display the correct error message when deleting a user

💻 API

• Social login integration with Google and GitHub

It will be available via Prowler App in the next version

• Add API scan report system, now all scans launched from the API will generate a compressed file with the report in OCSF, CSV and HTML formats
• Configurable Sentry integration
• Optimized GET /findings endpoint to improve response time and size

🔧 SDK

Microsoft 365

Sharepoint

We are now covering the Sharepoint service with 4 new checks:

• sharepoint_external_sharing_managed
• sharepoint_external_sharing_restricted
• sharepoint_guest_sharing_restricted
• sharepoint_modern_authentication_required

You can execute it now with prowler microsoft365 --service sharepoint

Entra

We have included a new check for the Entra service entra_policy_ensure_default_user_cannot_create_tenants.

You can execute it now with prowler microsoft365 --check entra_policy_ensure_default_user_cannot_create_tenants

6 Compliance Frameworks

We keep working on improving Compliance coverage and quality with the following new frameworks:

• AWS ISO 27001 2022
• Azure PCI DSS 4.0
• Kubernetes PCI DSS 4.0
• GCP PCI DSS 4.0
• AWS PCI DSS 4.0
• AWS CIS 4.0

Full Changelog: 5.3.0...5.4.0

Prowler 5.3.0

🎨 UI

Improved UX in Forms

• Enhanced the sign-in and sign-up forms to provide a smoother user experience.
• Improved form validation and error handling for better clarity and guidance.

🚀 Real-Time Scan Visibility

• New! 🎉 Scans now appear immediately after launching them, eliminating the previous delay.
• When setting up a provider and initiating the first scan, it will be displayed right away instead of requiring users to wait several minutes.
• This improvement provides instant feedback and a more seamless experience when running scans.

💻 API

🕐 Scheduled Scans

• Daily scheduled scan instances are now created beforehand with SCHEDULED state, making scheduled scans visible before launching them.

🔎 Findings

• Findings endpoints now require at least one date filter to get all the findings.
• Findings metadata endpoint received a performance improvement.

☁️ Providers

• Increased the allowed length of the provider UID for Kubernetes providers to support AWS EKS, Azure AKS and GCP GKE.

🔧 SDK

Microsoft365 Provider 🎉

We’re excited to announce that Prowler now supports Microsoft365 as a new cloud provider! This release introduces several dedicated security and compliance checks tailored for Microsoft365 environments. These new assessments help you identify configuration gaps, enforce best practices, and maintain a strong security posture across your Microsoft365 deployments.

This is only available in Prowler CLI and will be added to the API and UI 🔜

Try it out now with: prowler microsoft365 {--sp-env-auth | --az-cli-auth | --browser-auth} 🚀

Choose the authentication method that best suits your needs:

1. Service Principal Credentials: Uses a registered app in Entra (formerly Azure AD) with client credentials (tenant ID, client ID and client secret).
2. Azure CLI: Uses your logged-in Azure CLI session.
3. Interactive Browser: Opens a browser window to sign in manually.

Five new checks ❗

This release includes several new security and compliance checks designed specifically for Microsoft365 environments:

• admincenter_groups_not_public_visibility
• admincenter_settings_password_never_expire
• admincenter_users_admins_reduced_license_footprint
• admincenter_users_between_two_and_four_global_admins
• entra_thirdparty_integrated_apps_not_allowed

You can see all the Microsoft365 checks with prowler microsoft365 --list-checks

📖 1 new Compliance Framework

• CIS (Center for Internet Security) Microsoft 365 Foundations Benchmark v4.0.0

New AWS Check ✅

We’ve added a new security check in AWS KMS:

• kms_cmk_not_multi_region

This check ensures that KMS Customer Managed Keys (CMKs) are not multi-region, helping enforce security best practices for key management.

🎉 Special thanks to our external contributor wunzeco for this contribution!

Full Changelog: 5.2.3...5.3.0

Prowler 5.2.3

Task Runner

Fixes

• fix(celery): Kill celery worker process after every task to release memory by @prowler-bot in #6763

Full Changelog: 5.2.2...5.2.3

Prowler 5.2.2

API

Improvements

• feat(findings): Improve /findings/metadata performance by @prowler-bot in #6749
• feat(scans): Optimize read queries during scans by @prowler-bot in #6756

SDK

Fixes

• fix(sns): Add region to subscriptions by @prowler-bot in #6740
• fix(finding): raise when generating invalid findings by @prowler-bot in #6745
• fix(acm): Key Error DomainName by @prowler-bot in #6744
• fix(aws): iam_user_with_temporary_credentials resource in OCSF by @prowler-bot in #6741
• fix(neptune): correct service name by @prowler-bot in #6747
• fix(set_report_color): Add more details to error by @prowler-bot in #6755
• fix(db_event): Handle other events by @prowler-bot in #6757

Full Changelog: 5.2.1...5.2.2