Prowler 5.7.4

💻 API

Removed

• Reverted RLS transaction handling and DB custom backend (#7994).

Full Changelog: 5.7.3...5.7.4

Prowler 5.7.3

🎨 UI

🐞 Fixed

• Fix encrypted password typo in formSchemas. (#7828)

💻 API

Added

• Database backend to handle already closed connections (#7935).

Changed

• Renamed field encrypted_password to password for M365 provider (#7784)

🐞 Fixed

• Fixed transaction persistence with RLS operations (#7916).
• Reverted the change get_with_retry to use the original get method for retrieving tasks (#7932).

SDK

🐞Fixed

• Automatically encrypt password in Microsoft365 provider. (#7784).
• Remove last encrypted password appearances. (#7825).

Full Changelog: 5.7.2...5.7.3

Prowler 5.7.2

🎨 UI

🐞 Fixes

• Download report behaviour updated to show feedback based on API response. (#7758)
• Missing KISA and ProwlerThreat icons added to the compliance page. (#7860)
• Retrieve more than 10 scans in /compliance page. (#7865)
• Improve CustomDropdownFilter component. (#7868)

💻 API

🐛 Fixes

• Fixed task lookup to use task_kwargs instead of task_args for scan report resolution. (#7830)
• Fixed Kubernetes UID validation to allow valid context names (#7871)
• Fixed the connection status verification before launching a scan (#7831)
• Fixed a race condition when creating background tasks (#7876).
• Fixed an error when modifying or retrieving tenants due to missing user UUID in transaction context (#7890).

🔧 SDK

Fixes

• Fix m365_powershell test_credentials to use sanitized credentials. (#7761)
• Fix admincenter_users_admins_reduced_license_footprint check logic to pass when admin user has no license. (#7779)
• Fix m365_powershell to close the PowerShell sessions in msgraph services. (#7816)
• Fix defender_ensure_notify_alerts_severity_is_highcheck to accept high or lower severity. (#7862)
• Replace Directory.Read.All permission with Domain.Read.All which is more restrictive. (#7888)
• Split calls to list Azure Functions attributes. (#7778)

Full Changelog: 5.7.1...5.7.2

Prowler 5.7.1

🎨 UI

🐞 Fixes

• Added validation to AWS IAM role. (#7787)
• Tweak some wording for consistency throughout the app. (#7794)
• Retrieve more than 10 providers in /scans, /manage-groups and /findings pages. (#7793)

💻 API

🐛 Fixes

• Added database index to improve performance on finding lookup. (#7800)

Full Changelog: 5.7.0...5.7.1

Prowler 5.7.0

New features to highlight in this version

🚀 Performance Improvements

• Optimized /findings/metadata and resource-related filters for significantly faster querying and filtering of findings
• Enhanced /overviews endpoints for better response times and scalability in large environments
• Added new high-performance endpoints to fetch the latest findings and metadata quickly

Important

The performance optimization included in /findings and /findings/metadata applies for scans from this release on. This also applies to the service, region and resource_type filters for these views.

These updates collectively reduce latency, improve data freshness, and scale better across high-volume environments.

👨‍💻 GitHub Provider (CLI Only)

We’ve added GitHub as a new cloud provider in the Prowler CLI. Including:

• 11 security checks tailored for GitHub, see all with prowler github --list-checks or in Prowler Hub at https://hub.prowler.com/
• Based on CIS GitHub Benchmark v1.0.0

Warning

Currently available in the CLI only — support for the App is coming in an upcoming release!

Tip

Try it out now with prowler github

📘 Prowler ThreatScore for Microsoft 365

We’ve extended Prowler ThreatScore to support Microsoft 365 environments:

• Assigns a contextual risk score to your M365 tenant based on detected misconfigurations and best practices
• Helps prioritize remediation efforts with actionable insights
• Enhances visibility into your Microsoft 365 security posture

Tip

Try it out now with prowler m365 --compliance prowler_threatscore_m365

📘 CIS M365 Benchmark v4.0.0

You can now assess your M365 environment against the CIS v4.0 framework. This brings M365 in line with our existing CIS support for AWS, GCP, Kubernetes and Azure, expanding your ability to meet compliance requirements across cloud platforms.

Tip

Try it out now with prowler m365 --compliance cis_4.0_m365

📘 CIS AWS Foundations Benchmark v5.0.0

Prowler now includes full coverage for the CIS AWS Foundations Benchmark version 5.0.0, aligning with the latest security best practices from the Center for Internet Security.

Tip

Try it out now with prowler aws --compliance cis_5.0_aws

Provider UID Filter Enhanced

We’ve significantly enhanced the Provider UID filter in the App to make multi-cloud analysis faster and more intuitive:

• 🌐 Provider icons (AWS, GCP) for instant visual identification
• 🏷️ Including the Cloud Provider alias

☁️ AWS CloudFormation Quick Link for IAM Role Setup

We’ve streamlined the setup process for AWS IAM Role credentials with a new CloudFormation Quick Link:

• Launch the required IAM Role stack in one click
• Pre-filled with the necessary permissions and trust policies
• Available directly in the IAM Role credentials step for faster onboarding

This update helps you get started with Prowler in AWS faster and with fewer manual steps.

---

🎨 UI

🚀 Added

• Add a new chart to show the split between passed and failed findings. (#7680)
• Added Accordion component. (#7700)
• Improve Provider UID filter by adding more context and enhancing the UI/UX. (#7741)
• Added an AWS CloudFormation Quick Link to the IAM Role credentials step (#7735)
• Use getLatestFindings on findings page when no scan or date filters are applied. (#7756)

🐞 Fixed

• Fix form validation in launch scan workflow. (#7693)
• Moved ProviderType to a shared types file and replaced all occurrences across the codebase. (#7710)
• Added filter to retrieve only connected providers on the scan page. (#7723)
• Removed the alias if not added from findings detail page. (#7751)

💻 API

🚀 Added

• Added huge improvements to /findings/metadata and resource related filters for findings (#7690).
• Added improvements to /overviews endpoints (#7690).
• Added new queue to perform backfill background tasks (#7690).
• Added new endpoints to retrieve latest findings and metadata (#7743).

🔧 SDK

🚀 Added

• Update the compliance list supported for each provider from docs. (#7694)
• Allow setting cluster name in in-cluster mode in Kubernetes. (#7695)
• Add Prowler ThreatScore for M365 provider. (#7692)
• Add GitHub provider. (#5787)
• Add repository_default_branch_requires_multiple_approvals check for GitHub provider. (#6160)
• Add repository_default_branch_protection_enabled check for GitHub provider. (#6161)
• Add repository_default_branch_requires_linear_history check for GitHub provider. (#6162)
• Add repository_default_branch_disallows_force_push check for GitHub provider. (#6197)
• Add repository_default_branch_deletion_disabled check for GitHub provider. (#6200)
• Add repository_default_branch_status_checks_required check for GitHub provider. (#6204)
• Add repository_default_branch_protection_applies_to_admins check for GitHub provider. (#6205)
• Add repository_branch_delete_on_merge_enabled check for GitHub provider. (#6209)
• Add repository_default_branch_requires_conversation_resolution check for GitHub provider. (#6208)
• Add organization_members_mfa_required check for GitHub provider. (#6304)
• Add GitHub provider documentation and CIS v1.0.0 compliance. (#6116)
• Add CIS 5.0 compliance framework for AWS. (7766)
• Add CIS 4.0 for M365 provider. (#7699)

🐞 Fixed

• Update and upgrade CIS for all the providers (#7738)
• Cover policies with conditions with SNS endpoint in sns_topics_not_publicly_accessible. (#7750)
• Change severity logic for ec2_securitygroup_allow_ingress_from_internet_to_all_ports check. (#7764)

Full Changelog: 5.6.0...5.7.0

Prowler 5.6.0

New features to highlight in this version

☁️ Microsoft 365 (M365) support in Prowler App

You can now onboard and assess Microsoft 365 environments, both in Prowler App and CLI.

This release includes 33 new checks for Teams, Defender, Purview and Exchange — helping security teams strengthen identity governance and reduce risk exposure across Microsoft 365.

Check the new M365 checks with prowler m365 --services teams defender purview exchange --list-checks

Thanks to the new UI team members @sumit-tft and @alejandrobailo for the effort put on this 🥇

📖 Compliance Exports

You can now download individual compliance frameworks directly from the Compliance page in the Prowler App, making it easier to share specific audit results with internal teams or external auditors.

In addition, the overall scan report now bundles all supported compliance frameworks, giving you a complete view of your organization's posture in a single export.

This feature is available starting with this release; previous scans will not include Compliance Frameworks.

🧩 Explore Prowler Hub – Your Source for Checks and Compliance Frameworks

We’ve launched Prowler Hub — Knowledge is p(r)ow(l)er.

Prowler Hub is our growing public library of versioned checks, cloud service artifacts, and compliance frameworks with its mappings. It’s searchable, explainable, and built to serve the community. It helps answer the question every engineer has asked at some point: What does this check actually do?

Prowler Hub also provides a fully documented public API that you can integrate into your internal tools, dashboards, or automation workflows.

📚 Explore the API docs at: https://hub.prowler.com/api/docs

Whether you’re customizing policies, managing compliance, or enhancing visibility, Prowler Hub is built to support your security operations.

Thanks to @miguelaeh and @cesararroba for their work to make this happen 👏

❗ Delta indicator for findings

We’ve introduced a delta dot (•) next to findings that are new or have changed since the previous scan. This makes it easier for security teams to focus on what’s new, track changes over time, and prioritize triage and remediation efforts more efficiently.

✅ Prowler ThreatScore Compliance Framework

The new Prowler ThreatScore compliance framework is now available for AWS, Azure, and GCP. Built on Prowler ThreatScore, it provides a unified way to assess cloud security posture across providers. ThreatScore evaluates your environment across four critical areas: Identity and Access Management, Attack Surface, Forensic Readiness, and Encryption — helping teams monitor, prioritize, and remediate risks more effectively in multi-cloud environments.

Try it out for your favourite provider with prowler <provider> --compliance prowler_threatscore_<provider>

📄 SOC2 for Azure

You can now assess your Azure environment against the SOC2 framework. This brings Azure in line with our existing SOC2 support for AWS and GCP, expanding your ability to meet compliance requirements across cloud platforms.

Try it out now with prowler azure --compliance soc2_azure

🛡️ New Google Cloud Platform check - Unused Service Accounts

A new check has been added to detect unused service accounts in Google Cloud Platform (GCP). This helps identify dormant identities that may pose a risk if left unmanaged, enabling security teams to reduce attack surface by pruning unnecessary access credentials.

Try it out now with prowler gcp --check iam_service_account_unused

Thanks to @bgdanix 🏅

🤖 Prowler Studio

Security isn’t one-size-fits-all, and neither are your risks. Prowler Studio lets your team define exactly what “secure” means in your environment. Write custom checks, build fixers, and map them to your compliance requirements—visually or through code.

We're excited to announce major updates to Prowler Studio, including a new package management system using uv and a modular structure with separated sub-packages:

• prowler-studio (includes Core + CLI by default)
• prowler-studio-core
• prowler-studio-cli
• prowler-studio-api
• prowler-studio-mcp-server

This release also introduces seamless integration with AI Code assists via MCP Server and comprehensive improved documentation for each component.

---

🎨 UI

🚀 Features

• Support for the M365 Cloud Provider. (#7590)
• Added option to customize the number of items displayed per table page. (#7634)
• Add delta attribute in findings detail view. (#7654)
• Add delta indicator in new findings table. (#7676)
• Add a button to download the CSV report in compliance card. (#7665)
• Show loading state while checking provider connection. (#7669)

🔄 Changed

• Finding URLs now include the ID, allowing them to be shared within the organization. (#7654)
• Show Add/Update credentials depending on whether a secret is already set or not. (#7669)

🐞 Fixes

• Set a default session duration when configuring an AWS Cloud Provider using a role. (#7639)
• Error about page number persistence when filters change. (#7655)

💻 API

🚀 Features

• Added M365 as a new provider (#7563).
• Added a compliance/ folder and ZIP‐export functionality for all compliance reports.(#7653).
• Added a new API endpoint to fetch and download any specific compliance file by name (#7653).

🔧 SDK

🚀 Features

• Add SOC2 compliance framework to Azure (#7489).
• Add check for unused Service Accounts in GCP (#7419).
• Add Powershell to Microsoft365 (#7331).
• Add service Defender to Microsoft365 with one check for Common Attachments filter enabled in Malware Policies (#7425).
• Add check for Outbound Antispam Policy well configured in service Defender for M365 (#7480).
• Add check for Antiphishing Policy well configured in service Defender in M365 (#7453).
• Add check for Notifications for Internal users enabled in Malware Policies from service Defender in M365 (#7435).
• Support CLOUDSDK_AUTH_ACCESS_TOKEN in GCP (#7495).
• Add service Exchange to Microsoft365 with one check for Organizations Mailbox Auditing enabled (#7408)
• Add check for Bypass Disable in every Mailbox for service Defender in M365 (#7418)
• Add new check teams_external_domains_restricted (#7557)
• Add new check teams_email_sending_to_channel_disabled (#7533)
• Add new check for External Mails Tagged for service Exchange in M365 (#7580)
• Add new check for WhiteList not used in Transport Rules for service Defender in M365 (#7569)
• Add check for Inbound Antispam Policy with no allowed domains from service Defender in M365 (#7500)
• Add new check teams_meeting_anonymous_user_join_disabled (#7565)
• Add new check teams_unmanaged_communication_disabled (#7561)
• Add new check teams_external_users_cannot_start_conversations (#7562)
• Add new check for AllowList not used in the Connection Filter Policy from service Defender in M365 (#7492)
• Add new check for SafeList not enabled in the Connection Filter Policy from service Defender in M365 [(#7492)](https://github....

Prowler 5.5.1

🔧 SDK

Fixes

• Add default name to contacts in Azure Defender (#7483)
• Handle projects without ID in GCP (#7496)
• Restore packages location in PyProject (#7510) to restore prowler and prowler dashboard

Full Changelog: 5.5.0...5.5.1

Prowler 5.5.0

New features to highlight in this version

🔐 Social Login with Google and GitHub

Prowler now supports social login via Google and GitHub!
From this release on, you can authenticate with your existing Google or GitHub account to access Prowler — no need to manage separate credentials.

This is just the beginning — future updates will include:

• Support for more identity providers
• Enhanced access control and user management
• Org-level identity integrations (e.g., SSO)

🔇 Muted Findings Support

Starting with this release, the Prowler App now supports muted findings. Findings returned by the API will be automatically muted based on the SDK provider’s default mutelist.

This is the first step toward more flexible muting capabilities. In upcoming versions, users will be able to:

• Mute specific findings via the API
• Filter muted findings
• Import and manage custom mutelist files
• Create and edit mutelists to fit their specific security requirements

🛡️ 17 New Microsoft 365 Entra Checks

We’ve expanded Prowler’s Microsoft 365 coverage with 17 new checks for the Entra service, giving you deeper visibility and control over identity and access management.

* entra_admin_consent_workflow_enabled
* entra_admin_portals_access_restriction
* entra_admin_users_cloud_only
* entra_admin_users_mfa_enabled
* entra_admin_users_phishing_resistant_mfa_enabled
* entra_admin_users_sign_in_frequency_enabled
* entra_dynamic_group_for_guests_created
* entra_identity_protection_sign_in_risk_enabled
* entra_identity_protection_user_risk_enabled
* entra_legacy_authentication_blocked
* entra_managed_device_required_for_authentication
* entra_managed_device_required_for_mfa_registration
* entra_password_hash_sync_enabled
* entra_policy_guest_invite_only_for_admin_roles
* entra_policy_guest_users_access_restrictions
* entra_policy_restricts_user_consent_for_apps
* entra_users_mfa_enabled

🕒 More Control Over Daily Scans

You now have the option to skip scheduling the daily scan when adding a new provider.

This gives you more flexibility during setup — especially useful if you want to configure the provider, test things out, or onboard gradually before enabling automatic daily scans.

📈 Expanded Compliance Coverage

We’re continuously working to expand and improve our compliance coverage — and in this release, we’ve added support for 4 new compliance frameworks:

• SOC 2 for Google Cloud Platform (GCP)
• ISO 27001:2022 for Azure, GCP, and Kubernetes

This means better visibility, more accurate reporting, and stronger alignment with industry standards across your cloud environments.

🌐 New (Unofficial) Cloud Provider: NHN Cloud

Prowler now includes initial support for NHN Cloud with 6 security checks across compute and networking services.

Note: NHN Cloud is not an officially supported provider.

Available NHN checks:

* compute_instance_login_user
* compute_instance_public_ip
* compute_instance_security_groups
* network_vpc_has_empty_routingtables
* network_vpc_subnet_enable_dhcp
* network_vpc_subnet_has_external_router

We’re exploring support for more providers based on community interest. Try it out and let us know what you think!

Many thanks to @eeche for the work creating this new provider 🥇

---

🎨 UI

🚀 Features

• Social login integration with Google and GitHub (#7218)
• Added one-time scan feature: Adds support for single scan execution. (#7188)
• Accepted invitations can no longer be edited. (#7198)
• Added download column in scans table to download reports for completed scans. (#7353)
• Show muted icon when a finding is muted. (#7378)
• Added static status icon with link to service status page. (#7468)

🔄 Changed

• Tweak styles for compliance cards. (#7148).
• Upgrade Next.js to v14.2.25 to fix a middleware authorization vulnerability. (#7339)
• Apply default filter to show only failed items when coming from scan table. (#7356)
• Fix link behavior in scan cards: only disable "View Findings" when scan is not completed or executing. (#7368)

💻 API

🚀 Features

• Support for developing new integrations (#7167).
• HTTP Security Headers (#7289).
• New endpoint to get the compliance overviews metadata (#7333).
• Support for muted findings (#7378).
• Added missing fields to API findings and resources (#7318).

🔧 SDK

🚀 Features

• Added 17 new Microsoft 365 Entra checks
• Added basic authentication to the SDK Jira integration
• 4 new Compliance Frameworks for Azure, GCP and Kubernetes

Full Changelog: 5.4.4...5.5.0

Prowler 5.4.4

💻 API

Fixes

• Fixed a bug with periodic tasks when trying to delete a provider (#7466)

🔧 SDK

Fixes

• Handle errors in AWS, Azure, and GCP with None attributes (#7471)
• Update SOC2 AWS compliance and remove some requirements (#7455)
• Handle logic for empty project names in GCP (#7450)
• Add resource ARN for AWS transit gateways (#7448)
• Ignore redirect balancers and add regional ones in GCP (#7449)
• Add default resource name in Azure Defender contacts (#7441)
• Solve multiple errors with None attributes (#7440)
• Remove resource_name inside the Check_Report for Azure (#7430)
• Make logging sink check at project level in GCP (#7428)

Full Changelog: 5.4.3...5.4.4

Prowler 5.4.3

💻 API

Fixes

• Added duplicated scheduled scans handling (#7401)
• Added environment variable to configure the deletion task batch size (#7423)

🔧 SDK

Fixes

• Ignore exception when aws service not available in a region (#7398)
• Add the correct id and names for resources (#7414)
• Log as error when Resource ID or Name do not exist (#7412)
• Validation error for Cluster.multi_az (#7400)
• Handle Certificate rds-ca-2019 not found (#7392)
• Nonetype object has no attribute level in stepfunctions (#7389)
• Resource metadata could not be converted to dict in FMS (#7388)
• Handle Nonetype is not iterable for extensions in VM (#7377)
• Handle None S3 account public access block (#7376)
• Describe smb/nfs share per region in StorageGateway (#7375)
• Handle Nonetype is not iterable for security groups (#7372)
• Handle NoneType accessing security_profile (#7373)
• Handle none SAML Providers (#7371)
• Handle UnboundLocalError cannot access local variable 'report' (#7370)

Full Changelog: 5.4.2...5.4.3