fix(deps): update toniblyx/prowler docker tag to v5.24.0

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change
toniblyx/prowler	minor	5.2.0 → 5.24.0

---

Release Notes

prowler-cloud/prowler (toniblyx/prowler)

v5.24.0: Prowler 5.24.0

Compare Source

✨ New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com/

🖥️ Redesigned Resources

The resources detail panel has been rebuilt from the ground up. The new side drawer consolidates resource metadata, associated findings, and events timeline into a cleaner, denser layout — designed to keep you inside the drawer while investigating a resource instead of bouncing back to the list.

🧹 UX and Data Consistency

A large sweep of fixes landed this release targeting the rough edges users actually hit day to day: filter behavior, headers, counters drifting from the underlying data, drawer layouts, and scan/compliance/finding views surfacing stale or mislabeled context.

🆕 AWS Checks

Bedrock Security Hardening

Four new AWS checks tightening the blast radius around Amazon Bedrock and the identities that can reach it:

• bedrock_full_access_policy_attached — flags IAM principals with AmazonBedrockFullAccess or equivalent wildcard Bedrock permissions attached
• iam_role_access_not_stale_to_bedrock and iam_user_access_not_stale_to_bedrock — catch roles and users with Bedrock privileges that haven't been used recently, so dormant GenAI access stops piling up as a standing risk
• bedrock_vpc_endpoints_configured — verifies Bedrock traffic stays on private VPC endpoints instead of traversing the public internet

Explore all AWS Bedrock checks at Prowler Hub.

IAM Marketplace Guardrails

Two new IAM checks to stop the silent path from a compromised identity to a paid marketplace subscription:

• iam_policy_no_wildcard_marketplace_subscribe
• iam_inline_policy_no_wildcard_marketplace_subscribe

Both detect aws-marketplace:Subscribe granted with wildcards on managed and inline policies — a vector that turns an IAM misconfiguration into a billing incident.

Explore all AWS IAM checks at Prowler Hub.

🆕 Microsoft 365 Checks

Entra Conditional Access

• entra_conditional_access_policy_all_apps_all_users — ensures at least one CA policy targets every app and every user
• entra_conditional_access_policy_mfa_enforced_for_guest_users - checks that guest and external users have MFA enforced. Without that compromised external accounts can access tenant resources using only a password
• entra_conditional_access_policy_block_unknown_device_platforms - block access from unknown device platforms
• entra_conditional_access_policy_corporate_device_sign_in_frequency_enforced - enforces sign in for non-corporate devices, without that user sessions may persist indefinitely on unmanaged devices
• entra_conditional_access_policy_directory_sync_account_excluded — validates that the directory sync service account is excluded from restrictive CA policies to prevent sync outages

Explore all M365 Entra checks at Prowler Hub.

Intune

• intune_device_compliance_policy_unassigned_devices_not_compliant_by_default — unassigned devices should not be marked compliant by default by the built-in device policy

Explore all M365 Intune checks at Prowler Hub.

Exchange Online

• exchange_organization_delicensing_resiliency_enabled — keeps mailbox data accessible for 30 days after a license is removed, preventing accidental data loss

Explore all M365 Exchange checks at Prowler Hub.

🆕 Exclude Regions in AWS scans

Prowler now lets you exclude specific AWS regions from scans, so you can keep your scan scope focused on the regions that matter to you. You can configure exclusions with

• --excluded-region
• PROWLER_AWS_DISALLOWED_REGIONS environment variable
• aws.disallowed_regions in config.yaml

See the AWS Regions and Partitions documentation for usage examples.

---

UI

🚀 Added

• Resources side drawer with redesigned detail panel (#​10673)
• Syntax highlighting for remediation code blocks in finding groups drawer with provider-aware auto-detection (Shell, HCL, YAML, Bicep) (#​10698)

🔄 Changed

• Attack Paths scan selection: contextual button labels based on graph availability, tooltips on disabled actions, green dot indicator for selectable scans, and a warning banner when viewing data from a previous scan cycle (#​10685)
• Remove legacy finding detail sheet, row-details wrapper, and resource detail panel; unify findings and resources around new side drawers (#​10692)
• Attack Paths "View Finding" now opens the finding drawer inline over the graph instead of navigating to /findings in a new tab, preserving graph zoom, selection, and filter state
• Attack Paths scan table: replace action buttons with radio buttons, add dedicated Graph column, use info-colored In Progress badge, remove redundant Progress column, and fix info banner variant (#​10704)

🐞 Fixed

• Findings group resource filters now strip unsupported scan parameters, display scan name instead of provider alias in filter badges, migrate mute modal from HeroUI to shadcn, and add searchable accounts/provider type selectors (#​10662)
• Compliance detail page header now reflects the actual provider, alias and UID of the selected scan instead of always defaulting to AWS (#​10674)
• Provider wizard modal moved to a stable page-level host so the providers table refreshes after link, authenticate, and connection check without closing the modal (#​10675)

API

🔄 Changed

• Bump Poetry to 2.3.4 in Dockerfile and pre-commit hooks. Regenerate api/poetry.lock (#​10681)
• Attack Paths: Remove dead cleanup_findings no-op and its supporting prowler_finding_lastupdated index (#​10684)

🐞 Fixed

• Worker-beat race condition on cold start: replaced sleep 15 with API service healthcheck dependency (Docker Compose) and init containers (Helm), aligned Gunicorn default port to 8080 (#​10603)
• API container startup crash on Linux due to root-owned bind-mount preventing JWT key generation (#​10646)

🔐 Security

• pytest from 8.2.2 to 9.0.3 to fix CVE-2025-71176 (#​10678)

SDK

🚀 Added

• entra_conditional_access_policy_directory_sync_account_excluded check for M365 provider (#​10620)
• intune_device_compliance_policy_unassigned_devices_not_compliant_by_default check for M365 provider (#​10599)
• entra_conditional_access_policy_all_apps_all_users check for M365 provider (#​10619)
• bedrock_full_access_policy_attached check for AWS provider (#​10577)
• iam_role_access_not_stale_to_bedrock and iam_user_access_not_stale_to_bedrock checks for AWS provider (#​10536)
• iam_policy_no_wildcard_marketplace_subscribe and iam_inline_policy_no_wildcard_marketplace_subscribe checks for AWS provider (#​10525)
• bedrock_vpc_endpoints_configured check for AWS provider (#​10591)
• exchange_organization_delicensing_resiliency_enabled check for M365 provider (#​10608)
• entra_conditional_access_policy_mfa_enforced_for_guest_users check for M365 provider (#​10616)
• entra_conditional_access_policy_corporate_device_sign_in_frequency_enforced check for M365 provider (#​10618)
• entra_conditional_access_policy_block_unknown_device_platforms check for M365 provider (#​10615)
• --excluded-region CLI flag, PROWLER_AWS_DISALLOWED_REGIONS environment variable, and aws.disallowed_regions config entry to skip specific AWS regions during scans (#​10688)

🔄 Changed

• Bump Poetry to 2.3.4 and consolidate SDK workflows onto the setup-python-poetry composite action with opt-in lockfile regeneration (#​10681)
• Normalize Conditional Access platform values in Entra models and simplify platform-based checks (#​10635)

🐞 Fixed

• Vercel firewall config handling for team-scoped projects and current API response shapes (#​10695)

v5.22.0: Prowler 5.22.0

Compare Source

✨ New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com

Findings page — Batch filter apply

Selecting filters no longer triggers a page re-render on each change. A new "Apply Filters" button lets you configure multiple filters before executing the query, fixing layout shifts and improving responsiveness.

Attack Paths — Custom queries

Run custom openCypher queries against your Attack Paths graph alongside predefined queries. Use Lighthouse AI to help generate them.

Predefined Attack Paths queries now run faster 🚀

Read more about it in Attack Paths documentation

🙌 Community Contributors

• @​sandiyochristan — Replace stdlib XML parser with defusedxml in SAML metadata parsing to prevent XML bomb (billion laughs) DoS attacks (#​10165)

---

UI

🚀 Added

• Attack Paths custom openCypher queries with Cartography schema guidance and clearer execution errors (#​10397)

🔄 Changed

• Findings filters now use a batch-apply pattern with an Apply Filters button, filter summary strip, and independent filter options instead of triggering API calls on every selection (#​10388)

API

🚀 Added

• Finding groups support check_title substring filtering (#​10377)

🐞 Fixed

• Finding groups latest endpoint now aggregates the latest snapshot per provider before check-level totals, keeping impacted resources aligned across providers (#​10419)
• Mute rule creation now triggers finding-group summary re-aggregation after historical muting, keeping stats in sync after mute operations (#​10419)
• Attack Paths: Deduplicate nodes before ProwlerFinding lookup in Attack Paths Cypher queries, reducing execution time (#​10424)

🔐 Security

• Replace stdlib XML parser with defusedxml in SAML metadata parsing to prevent XML bomb (billion laughs) DoS attacks (#​10165)
• Bump flask to 3.1.3 (CVE-2026-27205) and werkzeug to 3.1.6 (CVE-2026-27199) (#​10430)

SDK

🐞 Fixed

• Azure MySQL flexible server checks now compare configuration values case-insensitively to avoid false negatives when Azure returns lowercase values (#​10396)
• Azure vm_backup_enabled and vm_sufficient_daily_backup_retention_period checks now compare VM names case-insensitively to avoid false negatives when Azure stores backup item names in a different case (#​10395)
• entra_non_privileged_user_has_mfa skips disabled users to avoid false positives (#​10426)

v5.21.1: Prowler 5.21.1

Compare Source

API

🐞 Fixed

• ThreatScore aggregation query to eliminate unnecessary JOINs and COUNT(DISTINCT) overhead (#​10394)

v5.21.0: Prowler 5.21.0

Compare Source

✨ New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com

🏛️ Google Workspace - Full App Support

Google Workspace provider is now fully integrated with the Prowler App. You can now connect and scan your Google Workspace environment directly from the UI.

Read more in our Google Workspace documentation.

Explore all Google Workspace checks at Prowler Hub.

🤖 Lighthouse AI

We've added a new system to provide AI skills to Lighthouse AI alongside the first one: Attack Path Custom Query. This skill provides the LLM with openCypher syntax guidance and Cartography schema knowledge for writing graph queries against Prowler's data.

This was included alongside a new tool in the Prowler MCP to get the Cartography's scan schema.

📖 Check Metadata

We've completed the check's metadata migration to the new format 🎉 Now all are structured in the same way.

Huge shoutout to the Prowler's Detection&Remediation team for this massive effort!

Read more in our Check Metadata Guidelines

⌛ AWS Resource Timeline

You can now see the last 90 days of AWS CloudTrail events for a given findings!

AWS resource modification history is now visible directly in the App. A new Events tab in Findings and Resource detail cards shows an AWS CloudTrail timeline with expandable event rows, actor details, request/response JSON payloads, and error information. A read-event toggle lets you include or exclude read-only API calls from the timeline.

🐳 Container Image

Container Image provider is now fully integrated with the Prowler App. You can now connect and scan your container registry directly from the UI.

Read more in our Container Image documentation.

🏛️ AWS Organizations Improvements

We've upgraded AWS Organizations management in the Cloud Providers page with greater flexibility and control. You can now edit organization names and credentials, run connection tests across all accounts or scoped to a specific organizational unit, and delete individual organizational units or full organizations.

🕸️ Attack Paths Improvements

We continued improving Attack Paths UX by improving performance and adding more labels to improve filtering when using custom queries.

📄 Compliance

We've improved compliance coverage with the following frameworks:

• SecNumCloud 3.2 for AWS, Azure, GCP, Alibaba and Oracle Cloud
• Reserve Bank of India (RBI) for Azure

🔍 New Checks

Microsoft 365

• entra_conditional_access_policy_device_code_flow_blocked - Conditional Access policy blocks device code flow to prevent phishing attacks
• entra_conditional_access_policy_require_mfa_for_admin_portals - Conditional Access policy requires MFA for Microsoft Admin Portals

Explore all Microsoft 365 checks at Prowler Hub.

Github

• organization_repository_deletion_limited - Organization repository deletion and transfer is restricted to owners - Thanks to @​shalkoda

Explore all Github checks at Prowler Hub.

🙌 Community Contributors

• @​shalkoda — organization_repository_deletion_limited check for Github (#​10185)
• @​AlienwareSec - Route53 dangling IP check false positive when using --region flag (#​9952)
• @​tejas0077 - RBI compliance for the Azure provider (#​10339)
• @​JiwaniZakir - CORS_ALLOWED_ORIGINS configurable via environment variable (#​10355)

---

UI

🚀 Added

• Skill system to Lighthouse AI (#​10322)
• Skill for creating custom queries on Attack Paths (#​10323)

🔄 Changed

• Google Workspace provider support (#​10333)
• Image (Container Registry) provider support in UI: badge icon, credentials form, and provider-type filtering (#​10167)
• Events tab in Findings and Resource detail cards showing an AWS CloudTrail timeline with expandable event rows, actor info, request/response JSON payloads, and error details (#​10320)
• AWS Organization and organizational unit row actions (Edit Name, Update Credentials, Test Connections, Delete) in providers table dropdown (#​10317)

API

🚀 Added

• CORS_ALLOWED_ORIGINS configurable via environment variable (#​10355)
• Attack Paths: Tenant and provider related labels to the nodes so they can be easily filtered on custom queries (#​10308)

🔄 Changed

• Attack Paths: Complete migration to private graph labels and properties, removing deprecated dual-write support (#​10268)
• Attack Paths: Reduce sync and findings memory usage with smaller batches, cursor iteration, and sequential sessions (#​10359)

🐞 Fixed

• Attack Paths: Recover graph_data_ready flag when scan fails during graph swap, preventing query endpoints from staying blocked until the next successful scan (#​10354)

🔐 Security

• Use psycopg2.sql to safely compose DDL in PostgresEnumMigration, preventing SQL injection via f-string interpolation (#​10166)

SDK

🚀 Added

• misconfig scanner as default for Image provider scans (#​10167)
• entra_conditional_access_policy_device_code_flow_blocked check for M365 provider (#​10218)
• RBI compliance for the Azure provider (#​10339)
• entra_conditional_access_policy_require_mfa_for_admin_portals check for Azure provider and update CIS compliance (#​10330)
• CheckMetadata Pydantic validators (#​8583)
• organization_repository_deletion_limited check for GitHub provider (#​10185)
• SecNumCloud 3.2 for the GCP provider (#​10364)
• SecNumCloud 3.2 for the Azure provider (#​10358)
• SecNumCloud 3.2 for the Alibaba Cloud provider (#​10370)
• SecNumCloud 3.2 for the Oracle Cloud provider (#​10371)

🔄 Changed

• Bump pygithub from 2.5.0 to 2.8.0 to use native Organization properties
• Update M365 SharePoint service metadata to new format (#​9684)
• Update M365 Exchange service metadata to new format (#​9683)
• Update M365 Teams service metadata to new format (#​9685)
• Update M365 Entra ID service metadata to new format (#​9682)
• Update ResourceType and Categories for Azure Entra ID service metadata (#​10334)
• Update OCI Regions to include US DoD regions (#​10375)

🐞 Fixed

• Route53 dangling IP check false positive when using --region flag (#​9952)
• RBI compliance framework support on Prowler Dashboard for the Azure provider (#​10360)
• CheckMetadata strict validators rejecting valid external tool provider data (image, iac, llm) (#​10363)

🔐 Security

• Bump multipart to 1.3.1 to fix GHSA-p2m9-wcp5-6qw3 (#​10331)

MCP

🚀 Added

• Attack Path tool to get Neo4j DB schema (#​10321)

v5.20.0: Prowler 5.20.0

Compare Source

✨ New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com

🏛️ AWS Organizations Improvements

[!NOTE]
Available exclusively in Prowler Cloud.

• We've improved the AWS Organizations onboarding wizard making it easier to deploy the required CloudFormation templates.
• Findings now include Organizational Unit ID and name across all output formats (ASFF, OCSF, CSV), giving you full visibility into which OU each account belongs to — Thanks to @​raajheshkannaa!
• Cloud Providers page shows your AWS Organizations hierarchy tree with organizational units and accounts.

🕸️ Attack Paths Improvements

• APOC to standard openCypher migration: Network exposure queries now use standard openCypher instead of APOC procedures, making them use better open standards
• Cartography upgrade: Upgraded from 0.129.0 to 0.132.0, fixing exposed_internet not being set on ELB/ELBv2 nodes
• Custom query endpoint: Cypher blocklist, input validation, rate limiting, and Helm lockdown for hardening its security
• Security hardening — Cypher blocklist, input validation, rate limiting, and Helm lockdown for the custom query endpoint
• Better error handling: Server errors (5xx) and network failures now show user-friendly messages instead of raw internal errors
• Improved logging: Query execution and scan error handling now log properly
• Several UX improvements in the Attack Paths page

🏛️ Google Workspace - API Only

Google Workspace is now fully integrated with the Prowler API. After being introduced as a CLI-only provider in v5.19.0, you can now connect and scan your Google Workspace environment directly from the API. Full App support will be included in the next release.

Read more in our Google Workspace documentation.

Explore all Google Workspace checks at Prowler Hub.

☁️ OpenStack — Object Storage Service

OpenStack continues to expand with a brand new Object Storage service adding 7 security checks covering container access control, versioning, encryption, metadata hygiene, and lifecycle management.

Read more in our OpenStack documentation.

Explore all OpenStack checks at Prowler Hub.

🔍 New Checks

AWS

• guardduty_delegated_admin_enabled_all_regions - Verify that a delegated administrator account is configured for GuardDuty - Thanks to @​m-wentz!
• opensearch_service_domains_not_publicly_accessible - Now supports a trusted_ips configuration option. If your OpenSearch domain has a resource policy restricting access to known IPs, you no longer get a false positive on the public accessibility check — Thanks to @​codename470!

Explore all AWS checks at Prowler Hub.

Microsoft 365

• entra_conditional_access_policy_approved_client_app_required_for_mobile — Requires approved client apps on mobile devices
• entra_conditional_access_policy_compliant_device_hybrid_joined_device_mfa_required — Requires compliant/hybrid-joined device or MFA

Explore all M365 checks at Prowler Hub.

🐞 Bug Fixes

We've added several bug fixes to improve the user experience across the application.

⛵ Community Helm Chart

Prowler now has an official community-maintained Helm chart for self-hosted deployments on Kubernetes. The chart is published as an OCI artifact to oci://ghcr.io/prowler-cloud/charts/prowler on every release.

Check it on https://ghcr.io/prowler-cloud/charts/prowler

Thanks to @​Ca-moes and @​Utwo for building and maintaining this chart!

🙌 Community Contributors

• @​m-wentz — guardduty_delegated_admin_enabled_all_regions check for AWS (#​9867)
• @​codename470 — trusted_ips config for OpenSearch check (#​8631)
• @​raajheshkannaa — AWS Organizations OU metadata in outputs (#​10283)
• @​Ca-moes @​Utwo — Helm Continuous Deployment (#​10079)

---

UI

🔄 Changed

• Attack Paths: Improved error handling for server errors (5xx) and network failures with user-friendly messages instead of raw internal errors and layout changes (#​10249)
• Refactor simple providers with new components and styles (#​10259)
• Providers page redesigned with cloud organization hierarchy, HeroUI-to-shadcn migration, organization and account group filters, and row selection for bulk actions (#​10292)
• AWS Organizations onboarding now uses a clearer 3-step flow: deploy the ProwlerScan role in the management account via CloudFormation Stack, deploy to member accounts via StackSet with a copyable template URL, and confirm with the Role ARN (#​10274)

🐞 Fixed

• Provider wizard now closes after updating credentials instead of incorrectly advancing to the Launch Scan step, which caused API errors for providers with existing scheduled scans (#​10278)
• Attack Paths query builder sending stale parameters from previous query selections due to validation schema and default values being recreated on every render (#​10306)
• Finding detail drawer crashing when resource, scan, or provider relationships are missing from the API response (#​10314)

🔐 Security

• npm transitive dependencies patched to resolve 11 Dependabot alerts (6 HIGH, 4 MEDIUM, 1 LOW): hono, @​hono/node-server, fast-xml-parser, serialize-javascript, minimatch (#​10267)

API

🔄 Changed

• Attack Paths: Migrate network exposure queries from APOC to standard openCypher for Neo4j and Neptune compatibility (#​10266)
• POST /api/v1/providers returns 409 Conflict if already exists (#​10293)

🐞 Fixed

• Attack Paths: Security hardening for custom query endpoint (Cypher blocklist, input validation, rate limiting, Helm lockdown) (#​10238)
• Attack Paths: Missing logging for query execution and exception details in scan error handling (#​10269)
• Attack Paths: Upgrade Cartography from 0.129.0 to 0.132.0, fixing exposed_internet not set on ELB/ELBv2 nodes (#​10272)

SDK

🚀 Added

• entra_conditional_access_policy_approved_client_app_required_for_mobile check for M365 provider (#​10216)
• entra_conditional_access_policy_compliant_device_hybrid_joined_device_mfa_required check for M365 provider (#​10197)
• trusted_ips configurable option for opensearch_service_domains_not_publicly_accessible check to reduce false positives on IP-restricted policies (#​8631)
• guardduty_delegated_admin_enabled_all_regions check for AWS provider (#​9867)
• OpenStack object storage service with 7 checks (#​10258)
• AWS Organizations OU metadata (OU ID, OU path) in ASFF, OCSF and CSV outputs (#​10283)

🔄 Changed

• Update Kubernetes API server checks metadata to new format (#​9674)
• Update Kubernetes Controller Manager service metadata to new format (#​9675)
• Update Kubernetes Core service metadata to new format (#​9676)
• Update Kubernetes Kubelet service metadata to new format (#​9677)
• Update Kubernetes RBAC service metadata to new format (#​9678)
• Update Kubernetes Scheduler service metadata to new format (#​9679)
• Update MongoDB Atlas Organizations service metadata to new format (#​9658)
• Update MongoDB Atlas clusters service metadata to new format (#​9657)
• Update GitHub Repository service metadata to new format (#​9659)
• Update GitHub Organization service metadata to new format (#​10273)
• Update Oracle Cloud Compute Engine service metadata to new format (#​9371)
• Update Oracle Cloud Database service metadata to new format (#​9372)
• Update Oracle Cloud File Storage service metadata to new format (#​9374)
• Update Oracle Cloud Integration service metadata to new format (#​9376)
• Update Oracle Cloud KMS service metadata to new format (#​9377)
• Update Oracle Cloud Network service metadata to new format (#​9378)
• Update Oracle Cloud Object Storage service metadata to new format (#​9379)
• Update Oracle Cloud Events service metadata to new format (#​9373)
• Update Oracle Cloud Identity service metadata to new format (#​9375)
• Update Alibaba Cloud services metadata to new format (#​10289)
• Update M365 Admin Center service metadata to new format (#​9680)
• Update M365 Defender service metadata to new format (#​9681)
• Update M365 Purview service metadata to new format (#​9092)

v5.19.0: Prowler 5.19.0

Compare Source

✨ New features to highlight in this version

Enjoy them all now like a Pro at https://cloud.prowler.com

🏛️ AWS Organizations Onboarding

[!NOTE]
Available exclusively in Prowler Cloud.

Connect multiple AWS accounts from your Organization in a single flow. Select accounts from your AWS Organization hierarchy and onboard them all at once — no more adding accounts one by one.

Read more in our AWS Organizations in Prowler Cloud documentation.

📤 Import Findings

[!NOTE]
Available exclusively in Prowler Cloud.

Scan results can now be imported into Prowler Cloud for centralized visibility and correlation. Available via:

• CLI — --push-to-cloud flag uploads findings in OCSF directly
• API — POST /api/v1/ingestions endpoint for CI/CD and automation workflows

Read more in our import findings documentation. Thanks to @​sonofagl1tch for their contribution and continued support!

☁️ OpenStack — Multi-Region & New Services

OpenStack support matures with:

• Multiple regions scanned from a single provider configuration
• 7 new Compute security checks covering instance, network, and security group configurations
• 6 new Networking security checks covering security groups, port security, DHCP, and network state
• 7 new Block Storage security checks covering volume encryption, sensitive metadata, backups, and resource hygiene
• 6 new Image security checks covering visibility, signature verification, deletion protection, encryption, and Secure Boot
• Full App integration — OpenStack providers can now be managed from the UI

Read more in our OpenStack documentation.

Explore all OpenStack checks at Prowler Hub.

🐳 Container Image Scanning

A brand new Image provider powered by Trivy brings container image security scanning to Prowler. Scan individual images or entire registries for vulnerabilities:

• Single image mode: Scan any container image by tag or digest
• Registry scan mode: Enumerate and scan all images from OCI-standard registries, Docker Hub, and Amazon ECR
• Available via CLI and API — full App support coming in the next release

Read more in our Image provider documentation.

Explore all Image checks at Prowler Hub.

🏢 Google Workspace Provider - CLI

A new Google Workspace provider brings organizational security visibility to Prowler, starting with the Directory service.

It's the 1st provider in Prowler for @​lydiavilchez 🙌

Explore all Google Workspace checks at Prowler Hub

☁️ Cloudflare — Now in the App

After being introduced in the CLI in v5.17.0, Cloudflare now has full App support in the Prowler App with 29 security checks covering:

• TLS/SSL
• DNS
• Email security
• WAF
• Bot protection
• Zone configuration.

Read more in our Cloudflare documentation.

Explore all CloudFlare checks at Prowler Hub.

🕸️ Attack Paths — Major Upgrades

The Attack Paths feature receives significant enhancements in this release:

• Full query library from pathfinding.cloud — comprehensive set of privilege escalation and lateral movement detection queries
• Query descriptions and source links — each query now includes a detailed description and a link to its source at pathfinding.cloud
• Cartography upgrade — from fork 0.126.1 to upstream 0.129.0, with Neo4j driver upgraded from 5.x to 6.x
• Read-only query execution — queries now run in read-only mode for safety
• Provider-scoped results — query results are filtered by provider, preventing cross-tenant and cross-provider data leakage
• Improved reliability — orphaned Neo4j databases are cleaned up on scan failure, and provider deletion no longer causes DatabaseError

🤖 Attack Paths in Prowler MCP Server

The Prowler MCP Server now includes Attack Paths tools, enabling AI agents to query and analyze privilege escalation and lateral movement paths directly. Connect your AI assistant at mcp.prowler.com/mcp.

📚 New Compliance Frameworks

CSA CCM 4.0

The Cloud Security Alliance Cloud Controls Matrix v4.0 is now available across five providers: AWS, Azure, GCP, Oracle Cloud, and Alibaba Cloud.

CIS 6.0 for AWS

The latest CIS Amazon Web Services Foundations Benchmark v6.0 is now available, bringing updated security controls aligned with current AWS best practices.

SecNumCloud for AWS

The ANSSI SecNumCloud qualification framework is now available for AWS, covering French cloud security requirements.

🔗 Unified Provider Wizard

The provider connection flow has been completely redesigned into a modal wizard with a unified experience across all provider types.

🔍 New Checks

Microsoft 365

12 new security checks covering Entra ID, Defender for Identity, Defender XDR, and email protection.

• entra_conditional_access_policy_app_enforced_restrictions — App enforced restrictions
• entra_app_registration_no_unused_privileged_permissions — Unused privileged permissions
• entra_seamless_sso_disabled — Seamless SSO disabled
• entra_conditional_access_policy_require_mfa_for_management_api — MFA for management API
• defenderidentity_health_issues_no_open — Defender for Identity health
• defenderxdr_endpoint_privileged_user_exposed_credentials — Exposed credentials detection
• defenderxdr_critical_asset_management_pending_approvals — Critical asset management
• defender_safe_attachments_policy_enabled — Safe Attachments policy
• defender_safelinks_policy_enabled — Safe Links policy
• entra_default_app_management_policy_enabled — Default app management policy enabled
• entra_authentication_method_sms_voice_disabled - Disable SMS and voice authentication
• entra_break_glass_account_fido2_security_key_registered - Break glass accounts should have a FIDO2 security key

Explore all M365 checks at Prowler Hub.

AWS

Enhanced IAM privilege escalation detection with patterns from the pathfinding.cloud library

Explore all AWS checks at Prowler Hub.

OpenStack

26 new security checks across four services:

Compute (7 checks)

• compute_instance_config_drive_enabled — Config drive for secure metadata delivery
• compute_instance_isolated_private_network — Network isolation (private-only IPs)
• compute_instance_key_based_authentication — SSH key-based auth configuration
• compute_instance_locked_status_enabled — Instance lock status protection
• compute_instance_metadata_sensitive_data — Secrets in instance metadata
• compute_instance_public_ip_exposed — Publicly exposed instances
• compute_instance_trusted_image_certificates — Image signature verification

Networking (6 checks)

• networking_security_group_allows_ssh_from_internet — SSH (port 22) exposed to the internet
• networking_security_group_allows_rdp_from_internet — RDP (port 3389) exposed to the internet
• networking_security_group_allows_all_ingress_from_internet — Security groups allowing all ingress from the internet
• networking_port_security_disabled — Networks/ports allowing MAC/IP spoofing attacks
• networking_subnet_dhcp_disabled — Subnets without DHCP auto-configuration
• networking_admin_state_down — Administratively disabled networks

Block Storage (7 checks)

• blockstorage_volume_encryption_enabled — Volumes without encryption enabled
• blockstorage_volume_metadata_sensitive_data — Sensitive data in volume metadata
• blockstorage_snapshot_metadata_sensitive_data — Sensitive data in snapshot metadata
• blockstorage_volume_backup_exists — Volumes without any backups
• blockstorage_volume_multiattach_disabled — Volumes with multi-attach enabled
• blockstorage_volume_not_unattached — Orphaned volumes with no attachments
• blockstorage_snapshot_not_orphaned — Snapshots referencing non-existent source volumes

Image (6 checks)

• image_not_publicly_visible — Publicly visible images exposing OS configs and credentials
• image_not_shared_with_multiple_projects — Images shared with too many projects
• image_signature_verification_enabled — Images without cryptographic signature verification
• image_protected_status_enabled — Images without deletion protection
• image_encryption_enabled — Images without guest memory encryption (AMD SEV)
• image_secure_boot_enabled — Images without Secure Boot required

Explore all OpenStack checks at Prowler Hub.

GitHub

• organization_verified_badge — Verified badge on GitHub organizations — thanks to @​kushpatel321!

Explore all Github checks at Prowler Hub.

🔐 Security Updates

• py-ocsf-models 0.8.1 and cryptography 44.0.3
• Pillow 12.1.1 (CVE-2021-25289)
• azure-core 1.38.x removing CVE-2026-21226 safety ignore
• npm dependencies updated resolving 20 Dependabot alerts (2 CRITICAL, 7 HIGH, 9 MEDIUM, 2 LOW)
• defusedxml XXE vulnerability fix for Alibaba Cloud OSS — thanks to @​sandiyochristan!

🔒 CI Security Hardening

GitHub Actions workflows have been audited and hardened using zizmor, which is now integrated into CI. Fixes include expression injection prevention, credential persistence controls, and overall workflow hardening in (#​10200) (#​10207) (#​10208)

🙌 Community Contributors

• @​sonofagl1tch — Import Findings to Prowler Cloud support
• @​kushpatel321 — organization_verified_badge check for GitHub provider (#​10033)
• @​HarshCasper — Respect AWS_ENDPOINT_URL for STS session creation (#​10228)
• @​anthonytwh — Apply provider/account filters to Findings Severity Over Time chart (#​10103)
• @​sandiyochristan — defusedxml XXE vulnerability fix for Alibaba Cloud OSS (#​9999)
• @​sbldevnet - For testing CloudFlare provider thoroughly

---

UI

🚀 Added

• OpenStack provider support in the UI (#​10046)
• PDF report available for the CSA CCM compliance framework (#​10088)
• Cloudflare provider support (#​9910)
• CSV and PDF download buttons in compliance views (#​10093)
• Add SecNumCloud compliance framework (#​10117)
• Attack Paths tools added to Lighthouse AI workflow allowed list (#​10175)

🔄 Changed

• Attack Paths: Query list now shows their name and short description, when one is selected it also shows a longer description and an attribution if it has it (#​9983)
• Updated GitHub provider form placeholder to clarify both username and organization names are valid inputs (#​9830)
• CSA CCM detailed view and small fix related with Top Failed Sections width (#​10018)
• Attack Paths: Show scan data availability status with badges and tooltips, allow selecting scans for querying while a new scan is in progress (#​10089)
• Attack Paths: Catches not found and permissions (for read only queries) errors (#​10140)
• Provider connection flow was unified into a modal wizard with AWS Organizations bulk onboarding, safer secret retry handling, and more stable E2E coverage (#​10153) (#​10154) (#​10155) (#​10156) (#​10157) (#​10158)

🐞 Fixed

• Findings Severity Over Time chart on Overview not responding to provider and account filters, and chart clipping at Y-axis maximum values (#​10103)

🔐 Security

• npm dependencies updated to resolve 11 Dependabot alerts (4 HIGH, 7 MEDIUM): fast-xml-parser, @​modelcontextprotocol/sdk, tar, @​isaacs/brace-expansion, hono, lodash, lodash-es (#​10052)
• npm transitive dependencies patched to resolve 9 Dependabot alerts (2 CRITICAL, 3 HIGH, 2 MEDIUM, 2 LOW): fast-xml-parser, rollup, minimatch, ajv, hono, qs (#​10187)

API

🚀 Added

• Finding group summaries and resources endpoints for hierarchical findings views (#​9961)
• OpenStack provider support (#​10003)
• PDF report for the CSA CCM compliance framework (#​10088)
• image provider support for container image scanning (#​10128)
• Attack Paths: Custom query and Cartography schema endpoints (temporarily blocked) (#​10149)

🔄 Changed

• Attack Paths: Queries definition now has short description and attribution (#​9983)
• Attack Paths: Internet node is created while scan (#​9992)
• Attack Paths: Add full paths set from pathfinding.cloud (#​10008)
• Attack Paths: Mark attack Paths scan as failed when Celery task fails outside job error handling (#​10065)
• Attack Paths: Remove legacy per-scan graph_database and is_graph_database_deleted fields from AttackPathsScan model (#​10077)
• Attack Paths: Add graph_data_ready field to decouple query availability from scan state (#​10089)
• Attack Paths: Upgrade Cartography from fork 0.126.1 to upstream 0.129.0 and Neo4j driver from 5.x to 6.x (#​10110)
• Attack Paths: Query results now filtered by provider, preventing future cross-tenant and cross-provider data leakage (#​10118)
• Attack Paths: Add private labels and properties in Attack Paths graphs for avoiding future overlapping with Cartography's ones (#​10124)
• Attack Paths: Query endpoint executes them in read only mode (#​10140)
• Attack Paths: Accept header query endpoints also accepts text/plain, supporting compact plain-text format for LLM consumption (#​10162)
• Bump Trivy from 0.69.1 to 0.69.2 (#​10210)

🐞 Fixed

• Attack Paths: Orphaned temporary Neo4j databases are now cleaned up on scan failure and provider deletion (#​10101)
• Attack Paths: scan no longer raises DatabaseError when provider is deleted mid-scan (#​10116)
• Tenant compliance summaries recalculated after provider deletion [(#​10172)](

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

---

• Branch has one or more failed status checks