fix(deps): update toniblyx/prowler docker tag to v5.16.1

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change
toniblyx/prowler	minor	5.2.0 -> 5.16.1

---

Release Notes

prowler-cloud/prowler (toniblyx/prowler)

v5.16.1: Prowler 5.16.1

Compare Source

UI

🔄 Changed

• Lighthouse AI meta tools descriptions updated for clarity with more representative examples (#​9632)

API

🔄 Changed

• Security Hub integration error when no regions (#​9635)

🐞 Fixed

• Orphan scheduled scans caused by transaction isolation during provider creation (#​9633)

SDK

🐞 Fixed

• ZeroDivision error from Prowler ThreatScore (#​9653)

v5.16.0: Prowler 5.16.0

Compare Source

✨ New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com

🤖 Lighthouse AI + MCP Server

This release introduces major improvements to Lighthouse AI, now powered by Prowler’s official MCP Server, significantly enhancing performance, reliability, and the quality of AI-driven interactions across the platform:

• Lighthouse AI now runs on the official MCP Server, providing a standardized and reliable foundation for AI interactions across Prowler.
• Improved Lighthouse AI architecture, delivering faster responses and a more consistent, structured output format.
• Smarter AI model selection for the OpenAI provider, automatically loading only chat-compatible models with tool-calling support to ensure a smoother experience.
• New MCP tools for Compliance Framework Management, enabling AI assistants to query compliance status across multiple frameworks and drill down to requirement-level details.
• AI-optimized MCP tool responses across Prowler Hub and Docs, with standardized formats designed for faster and more accurate natural language interactions.

Together, these improvements make Lighthouse AI more robust, scalable, and capable of delivering actionable security and compliance insights through natural language.

🔇 Simple Mutelist

Findings can be muted after scanning from the finding table. A new page is available in /mutelist where the user can handle simple and advanced Mutelist configuration.

🗂️ Category Overview & Filtering

We've introduced a powerful new way to analyze your security posture by category. A new endpoint provides an overview of categories based on finding severities, giving you instant visibility into how different security domains are performing across your environment. Additionally, both GET /findings and GET /findings/latest endpoints now support category filtering, making it easier to drill down into specific security domains.

📄 Enhanced PDF Reporting

PDF reports now include richer context with Account ID, Alias, and Provider Name directly in the reporting table. This makes exported reports more actionable and easier to share across teams, providing all the context needed without cross-referencing other sources.

⚡ Performance & Reliability Improvements

The GET /overviews/attack-surfaces endpoint has been streamlined by removing related check IDs from the response, improving performance and reducing payload size. Additionally, scheduled scan tasks now have a more reliable initialization with optimized execution timing.

🛡️ New AWS Security Categories

Two new AWS check categories have been added: privilege-escalation and ec2-imdsv1.
These categories improve visibility into high-risk misconfigurations, helping teams more easily identify paths to privilege escalation and legacy EC2 Instance Metadata Service v1 usage.

🔄 Updated AWS Service Metadata

Multiple AWS services have been migrated to the new service metadata format, including Glue, Kafka, KMS, MemoryDB, Inspector v2, Service Catalog, SNS, Trusted Advisor, and WAF (v1 and v2).
These updates improve consistency, accuracy, and long-term maintainability across AWS checks.

🧹 Data & Category Consistency Fixes

Several fixes improve correctness and normalization across providers:

• Corrected the trust-boundaries category naming.
• Fixed Bedrock Agent regional availability using official AWS documentation.
• Normalized region storage to lowercase for MongoDB Atlas and GCP Cloud Storage buckets.

---

UI

🚀 Added

• SSO and API Key link cards to Integrations page for better discoverability (#​9570)
• Risk Radar component with category-based severity breakdown to Overview page (#​9532)
• More extensive resource details (partition, details and metadata) within Findings detail and Resources detail view (#​9515)
• Integrated Prowler MCP server with Lighthouse AI for dynamic tool execution (#​9255)
• Implement "MuteList Simple" feature allowing users to mute findings directly from the findings table with checkbox selection, and a new dedicated /mutelist route with Simple (mute rules list) and Advanced (YAML config) tabs. (#​9577)

🔄 Changed

• Lighthouse AI markdown rendering with strict markdownlint compliance and nested list styling (#​9586)
• Lighthouse AI default model updated from gpt-4o to gpt-5.2 (#​9586)
• Lighthouse AI destructive MCP tools blocked from LLM access (delete, trigger scan, etc.) (#​9586)

🐞 Fixed

• Lighthouse AI angle-bracket placeholders now render correctly in chat messages (#​9586)
• Lighthouse AI recommended model badge contrast improved (#​9586)

API

🚀 Added

• New endpoint to retrieve and overview of the categories based on finding severities (#​9529)
• Endpoints GET /findings and GET /findings/latests can now use the category filter (#​9529)
• Account id, alias and provider name to PDF reporting table (#​9574)

🔄 Changed

• Endpoint GET /overviews/attack-surfaces no longer returns the related check IDs (#​9529)
• OpenAI provider to only load chat-compatible models with tool calling support (#​9523)
• Increased execution delay for the first scheduled scan tasks to 5 seconds(#​9558)

🐞 Fixed

• Made scan_id a required filter in the compliance overview endpoint (#​9560)
• Reduced unnecessary UPDATE resources operations by only saving when tag mappings change, lowering write load during scans (#​9569)

SDK

🚀 Added

• privilege-escalation and ec2-imdsv1 categories for AWS checks (#​9537)
• Supported IaC formats and scanner documentation for the IaC provider (#​9553)

🔄 Changed

• Update AWS Glue service metadata to new format (#​9258)
• Update AWS Kafka service metadata to new format (#​9261)
• Update AWS KMS service metadata to new format (#​9263)
• Update AWS MemoryDB service metadata to new format (#​9266)
• Update AWS Inspector v2 service metadata to new format (#​9260)
• Update AWS Service Catalog service metadata to new format (#​9410)
• Update AWS SNS service metadata to new format (#​9428)
• Update AWS Trusted Advisor service metadata to new format (#​9435)
• Update AWS WAF service metadata to new format (#​9480)
• Update AWS WAF v2 service metadata to new format (#​9481)

🐞 Fixed

• Fix typo trustboundaries category to trust-boundaries (#​9536)
• Fix incorrect bedrock-agent regional availability, now using official AWS docs instead of copying from bedrock
• Store MongoDB Atlas provider regions as lowercase (#​9554)
• Store GCP Cloud Storage bucket regions as lowercase (#​9567)

MCP

🚀 Added

• Add new MCP Server tools for Prowler Compliance Framework Management (#​9568)

🔄 Changed

• Update API base URL environment variable to include complete path (#​9542)
• Standardize Prowler Hub and Docs tools format for AI optimization (#​9578)

v5.15.1: Prowler 5.15.1

Compare Source

UI

🔐 Security

• Bump Next.js to version 15.5.9 (#​9522), (#​9513)
• Bump React to version 19.2.2 (#​9534)

API

🐞 Fixed

• Race condition in scheduled scan creation by adding countdown to task (#​9516)

SDK

🐞 Fixed

• Fix false negative in AWS apigateway_restapi_logging_enabled check by refining stage logging evaluation to ensure logging level is not set to "OFF" (#​9304) - Thanks to @​bota4go

v5.15.0: Prowler 5.15.0

Compare Source

✨ New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com

🎯 New Overview Experience

We've expanded and refined the Overview to give you a clearer, more actionable understanding of your cloud security posture at a glance. The new panels bring richer visual context, better prioritization cues, and faster navigation across your environments.

🚨 Attack Surface

Instantly understand your most exposed risks, including internet-facing resources, leaked secrets, privilege-escalation paths, and critical misconfigurations.

From this release forward, this view will display data as soon as new scans are run.

📡 Service Watchlist

A real-time view of your riskiest cloud services, helping you focus remediation on the areas with the highest impact.

📈 Findings Severity Over Time

Track how your security posture evolves. This panel visualizes severity trends (Critical, High, Medium, Low, Informational) across days, weeks, or months so you can measure progress and detect regressions.

🧬 Risk Pipeline

A complete flow of findings from their source providers (AWS, Azure, Google Cloud, Kubernetes, GitHub, Microsoft 365, OCI, IaC, MongoDB Atlas) into their severity levels. Ideal for understanding where risk originates and how it distributes across your environments.

🌍 Threat Map

A global, region-based view of findings to help you quickly pinpoint where misconfigurations occur geographically, with pass/fail ratios per region.

🧮 Risk Plot

A severity-weighted visualization of your Threat Score, enabling you to immediately identify high-risk environments and understand how critical findings influence overall exposure, not just by volume but by impact.

⏳ Navigation Loading Bar

To improve the overall user experience, we've introduced a new navigation loading bar. This subtle progress indicator replaces silent page transitions, giving users immediate feedback that something is happening in the background. It makes the interface feel faster, smoother, and more responsive, especially when loading large datasets.

🤖 MCP Server - Prowler Management

The Prowler MCP Server has been completely redesigned to give AI assistants and LLMs control over your Prowler environment. The new version introduces comprehensive tools for:

• Findings: Query security findings directly
• Provider Management: Add, configure, and manage cloud provider connections
• Resource Management: Browse and inspect your cloud resources
• Muting Management: Mute and unmute findings programmatically
• Scan Management: Trigger and monitor security scans

This enables powerful AI-driven security workflows. Ask your AI assistant to scan your accounts, identify critical findings, or generate compliance reports, all through natural language.

🌐 New Cloud Providers

🍃 MongoDB Atlas

MongoDB Atlas is now fully supported in the Prowler App, enabling you to assess and monitor the security posture of your managed database clusters directly from the UI.

☁️ Alibaba Cloud (CLI Only)

Alibaba Cloud is now available in the Prowler CLI. Full Prowler App support is coming in the next release!

See the 63 available checks in Prowler Hub

🤖 Lighthouse AI - Amazon Bedrock API Key Support

Lighthouse AI now supports Amazon Bedrock API key authentication as an alternative to IAM access keys. This simplifies onboarding by allowing users to authenticate with a single API key instead of managing IAM credentials. Both authentication methods (IAM Access Key Pair and Bedrock API Key) are fully supported.

Read more about it here.

📚 Compliance Improvements

🔒 CIS 2.0 for Alibaba Cloud

New CIS Alibaba Cloud Foundation Benchmark v2.0.0 compliance framework, providing comprehensive security configuration guidelines for Alibaba Cloud environments.

✅ SOC 2 Processing Integrity

Added Processing Integrity requirements to the SOC 2 compliance framework for AWS, Azure, and GCP providers, expanding coverage for data processing controls.

🏦 RBI Cyber Security Framework - Thanks to @​KonstGolfi

New RBI Cyber Security Framework compliance support for Azure provider, helping organizations in the Indian financial sector meet regulatory requirements.

📦 pnpm Migration

The UI has migrated from npm to pnpm for package management, bringing faster installs, stricter dependency resolution, and more consistent builds across environments.

🔍 All Providers in Prowler Hub

Explore all Prowler security checks, compliance frameworks, and supported providers in one place at Prowler Hub. Browse checks by provider, search for specific security controls, and discover which compliance frameworks map to each check, all in a beautifully designed, searchable interface.

🧩 New Checks

GitHub - Repository

• repository_immutable_releases_enabled - Thanks to @​Sakeeb91

GCP - Compute & CloudStorage

• compute_instance_preemptible_vm_disabled
• compute_instance_automatic_restart_enabled
• compute_instance_deletion_protection_enabled
• cloudstorage_uses_vpc_service_controls

---

UI

🚀 Added

• Risk Plot component with interactive legend and severity navigation to Overview page (#​9469)
• Navigation progress bar for page transitions using Next.js onRouterTransitionStart (#​9465)
• Findings Severity Over Time chart component to Overview page (#​9405)
• Attack Surface component to Overview page (#​9412)

🔄 Changed

• Migrate package manager from npm to pnpm for faster installs and stricter dependency resolution (#​9442)
• Pin pnpm to version 10 in Dockerfile for consistent builds (#​9452)
• Compliance Watchlist component to Overview page (#​9199)
• Service Watchlist component to Overview page (#​9316)
• Risk Pipeline component with Sankey chart to Overview page (#​9317)
• Threat Map component to Overview Page (#​9324)
• MongoDB Atlas provider support (#​9253)
• Lighthouse AI support for Amazon Bedrock API key (#​9343)

🐞 Fixed

• Show top failed requirements in compliance specific view for compliance without sections (#​9471)

API

🚀 Added

• New endpoint to retrieve an overview of the attack surfaces (#​9309)
• New endpoint GET /api/v1/overviews/findings_severity/timeseries to retrieve daily aggregated findings by severity level (#​9363)
• Lighthouse AI support for Amazon Bedrock API key (#​9343)
• Exception handler for provider deletions during scans (#​9414)
• Support to use admin credentials through the read replica database (#​9440)

🔄 Changed

• Error messages from Lighthouse celery tasks (#​9165)
• Restore the compliance overview endpoint's mandatory filters (#​9338)

SDK

🚀 Added

• cloudstorage_uses_vpc_service_controls check for GCP provider (#​9256)
• Alibaba Cloud provider with CIS 2.0 benchmark (#​9329)
• repository_immutable_releases_enabled check for GitHub provider (#​9162)
• compute_instance_preemptible_vm_disabled check for GCP provider (#​9342)
• compute_instance_automatic_restart_enabled check for GCP provider (#​9271)
• compute_instance_deletion_protection_enabled check for GCP provider (#​9358)
• Update SOC2 - Azure with Processing Integrity requirements (#​9463)
• Update SOC2 - GCP with Processing Integrity requirements (#​9464)
• Update SOC2 - AWS with Processing Integrity requirements (#​9462)
• RBI Cyber Security Framework compliance for Azure provider (#​8822)

🔄 Changed

• Update AWS Macie service metadata to new format (#​9265)
• Update AWS Lightsail service metadata to new format (#​9264)
• Update AWS GuardDuty service metadata to new format (#​9259)
• Update AWS Network Firewall service metadata to new format (#​9382)
• Update AWS MQ service metadata to new format (#​9267)
• Update AWS Macie service metadata to new format (#​9265)
• Update AWS Lightsail service metadata to new format (#​9264)

🐞 Fixed

• Fix duplicate requirement IDs in ISO 27001:2013 AWS compliance framework by adding unique letter suffixes
• Removed incorrect threat-detection category from checks metadata (#​9489)
• GCP cloudstorage_uses_vpc_service_controls check to handle VPC Service Controls blocked API access (#​9478)

MCP

🚀 Added

• Remove all Prowler App MCP tools; and add new MCP Server tools for Prowler Findings and Compliance (#​9300)
• Add new MCP Server tools for Prowler Providers Management (#​9350)
• Add new MCP Server tools for Prowler Resources Management (#​9380)
• Add new MCP Server tools for Prowler Scans Management (#​9509)
• Add new MCP Server tools for Prowler Muting Management (#​9510)

v5.14.2: Prowler 5.14.2

Compare Source

UI

🐞 Fixed

• Models list in Lighthouse selector when default model is not set for provider (#​9402)
• Sort compliance cards by name from the compliance overview (#​9422)
• Risk severity chart must show only FAIL findings (#​9448)

🔒 Security

• Bump Next.js and React for CVE-2025-66478 (#​9447)

API

🐞 Fixed

• Unique constraint violation during compliance overviews task (#​9436)
• Division by zero error in ENS PDF report when all requirements are manual (#​9443)

SDK

🐞 Fixed

• Custom check folder metadata validation (#​9335)

v5.14.1: Prowler 5.14.1

Compare Source

API

🐞 Fixed

• Typo in PDF reporting (#​9322)
• IaC provider initialization failure when mutelist processor is configured (#​9331)
• Match logic for ThreatScore when counting findings (#​9348)

SDK

🐞 Fixed

• sharepoint_external_sharing_managed check to handle external sharing disabled at organization level (#​9298)
• Support multiple Exchange mailbox policies in M365 exchange_mailbox_policy_additional_storage_restricted check (#​9241)

v5.14.0: Prowler 5.14.0

Compare Source

New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com

🤖 Lighthouse AI: Multi-LLM Support

Lighthouse AI now supports multiple AI providers, giving customers full flexibility over cost, performance, and data control. Supported model providers:

• OpenAI
• Amazon Bedrock (Claude, Llama, Titan)
• OpenAI compatible API like openrouter

🌐 New Cloud Providers

☁️ Oracle Cloud Infrastructure (OCI)

Prowler App now supports OCI as a cloud provider with 51 checks and support for CIS OCI Foundations Benchmark v3.0.0. This allows you to analyze the security posture of your OCI tenants. See all check details in Prowler Hub.

For more details check our Getting Started with Oracle Cloud Infrastructure (OCI) guide.

🧱 Infrastructure-as-Code — Powered by Trivy

A brand-new IaC provider enables scanning for:

• Terraform
• CloudFormation
• Kubernetes manifests
• Dockerfiles
• Helm charts
• Secrets
• Azure ARM templates

Powered by trivy, this provides policy-as-code scanning to detect misconfigurations before they are deployed.

For more details check our Getting Started with the IaC Provider guide.

🍃 MongoDB Atlas (API Only)

MongoDB Atlas is now available in the API and will have full support in the next release!

See the 10 available checks in Prowler Hub.

🎨 Prowler App - New UI

Prowler App has been refreshed with a more modern UI. The new layout improves navigation, readability, and performance across all the whole application.

📊 New Overview Experience

We’ve redesigned the Overview dashboard to show clearer security posture insights:

• Prowler ThreatScore - Read more about it here.
• Better visualization of risk severity distributions
• Faster access to latest failed findings

📰 RSS Feed for Updates

You can now subscribe to real-time release announcements and incident notifications via the new RSS feed integrated in the Latest Updates panel.

Performance Optimization

We've improved performance across all scan related tasks:

• Reduced number of transactions during a scan (from 4 transactions per finding to batch insert with adjustable size)
• Reduced number of indexes for the compliance overview table
• Batched the COPY query to improve CPU usage during Compliance data generation
• Reduced the number of rows per scan for compliance overviews when the provider is AWS. Now, only regions with data will be stored and thus, showed in the /metadata endpoint
• Created an aggregated table for fast lookups for compliance overviews without region filters, reducing the response times from ~0.9s to ~20ms on average

📚 Compliance Improvements

New Compliance Frameworks

• C5 (Cloud Computing Compliance Criteria Catalogue) for Azure and GCP
• HIPAA for GCP
• NIST CSF 2.0 for AWS
• CIS 3.0 for Oracle
• FedRAMP 20x KSI Low for AWS, Azure & GCP - Thanks to @​ethanolivertroy

Reporting Improvements

We've added PDF reporting for ENS, NIS2 and Prowler ThreatScore. Available in the Compliance page!

🐳 ARM images available in Docker Hub

Multi-architecture images (linux/amd64 and linux/arm64) are now available for Prowler container images.

Huge thanks to @​sanchezpaco for this contribution!

🧩 New Checks

AWS - Code Pipeline

• codepipeline_project_repo_private - Thanks to @​yyyy7246

GCP - Cloud Storage

• cloudstorage_bucket_versioning_enabled
• cloudstorage_bucket_soft_delete_enabled
• cloudstorage_bucket_logging_enabled
• cloudstorage_audit_logs_enabled
• cloudstorage_bucket_sufficient_retention_period

Azure - Database for PostgreSQL flexible server

• postgresql_flexible_server_entra_id_authentication_enabled - Thanks to @​johannes-engler-mw

📦 Resources – New Auditor Mode (API Only)

We’ve expanded the /resources endpoint adding a metadata field, containing the raw, unmodified response returned by the Cloud Provider API. This gives full transparency into what Prowler received from the Cloud Provider before any processing or normalization.

UI support will be included in the next release.

🔥 ThreatScore for Kubernetes

ThreatScore is now available for the Kubernetes provider, offering instant visibility into the security posture of your clusters.

🛠️ Check Metadata

We're continuing standardizing the metadata format for dozens of AWS, GCP, GitHub, Kubernetes, OracleCloud, and MongoDB Atlas services improving consistency and maintainability.

UI

🚀 Added

• RSS feeds support (#​9109)
• Multi LLM support to Lighthouse AI (#​8925)
• Customer Support menu item (#​9143)
• PDF reporting for ENS compliance framework (#​9158)
• IaC (Infrastructure as Code) provider support for scanning remote repositories (#​8751)
• PDF reporting for NIS2 compliance framework (#​9170)
• External resource link to IaC findings for direct navigation to source code in Git repositories (#​9151)
• New Overview page and new app styles (#​9234)
• Use branch name as region for IaC findings (#​9296)

🔄 Changed

• Resource ID moved up in the findings detail page (#​9141)
• C5 compliance logo (#​9224)
• Overview charts now support click navigation to Findings page with filters and keyboard accessibility (#​9281)
• Threat score now displays 2 decimal places with note that it doesn't include muted findings (#​9281)

API

🚀 Added

• IaC (Infrastructure as Code) provider support for remote repositories (#​8751)
• Extend GET /api/v1/providers with provider-type filters and optional pagination disable to support the new Overview filters (#​8975)
• New endpoint to retrieve the number of providers grouped by provider type (#​8975)
• Support for configuring multiple LLM providers (#​8772)
• Support C5 compliance framework for Azure provider (#​9081)
• Support for Oracle Cloud Infrastructure (OCI) provider (#​8927)
• Support muting findings based on simple rules with custom reason (#​9051)
• Support C5 compliance framework for the GCP provider (#​9097)
• Support for Amazon Bedrock and OpenAI compatible providers in Lighthouse AI (#​8957)
• Support PDF reporting for ENS compliance framework (#​9158)
• Support PDF reporting for NIS2 compliance framework (#​9170)
• Tenant-wide ThreatScore overview aggregation and snapshot persistence with backfill support (#​9148)
• Added metadata, details, and partition attributes to /resources endpoint & details, and partition to /findings endpoint (#​9098)
• Support for MongoDB Atlas provider (#​9167)
• Support Prowler ThreatScore for the K8S provider (#​9235)
• Enhanced compliance overview endpoint with provider filtering and latest scan aggregation (#​9244)
• New endpoint GET /api/v1/overview/regions to retrieve aggregated findings data by region (#​9273)

🔄 Changed

• Optimized database write queries for scan related tasks (#​9190)
• Date filters are now optional for GET /api/v1/overviews/services endpoint; returns latest scan data by default (#​9248)

🐛 Fixed

• Scans no longer fail when findings have UIDs exceeding 300 characters; such findings are now skipped with detailed logging (#​9246)
• Updated unique constraint for Provider model to exclude soft-deleted entries, resolving duplicate errors when re-deleting providers (#​9054)
• Removed compliance generation for providers without compliance frameworks (#​9208)
• Refresh output report timestamps for each scan (#​9272)
• Severity overview endpoint now ignores muted findings as expected (#​9283)
• Fixed discrepancy between ThreatScore PDF report values and database calculations (#​9296)

Security

• Django updated to the latest 5.1 security release, 5.1.14, due to problems with potential SQL injection and denial-of-service vulnerability (#​9176)

SDK

🚀 Added

• GitHub provider check organization_default_repository_permission_strict (#​8785)
• Add OCI mapping to scan and check classes (#​8927)
• codepipeline_project_repo_private check for AWS provider (#​5915)
• cloudstorage_bucket_versioning_enabled check for GCP provider (#​9014)
• cloudstorage_bucket_soft_delete_enabled check for GCP provider (#​9028)
• cloudstorage_bucket_logging_enabled check for GCP provider (#​9091)
• cloudstorage_audit_logs_enabled check for GCP provider (#​9220)
• cloudstorage_bucket_sufficient_retention_period check for GCP provider (#​9149)
• C5 compliance framework for Azure provider (#​9081)
• C5 compliance framework for the GCP provider (#​9097)
• organization_repository_creation_limited check for GitHub provider (#​8844)
• HIPAA compliance framework for the GCP provider (#​8955)
• Support PDF reporting for ENS compliance framework (#​9158)
• PDF reporting for NIS2 compliance framework (#​9170)
• Add organization ID parameter for MongoDB Atlas provider (#​9167)
• Add multiple compliance improvements (#​9145)
• Added validation for invalid checks, services, and categories in load_checks_to_execute function (#​8971)
• NIST CSF 2.0 compliance framework for the AWS provider (#​9185)
• Add FedRAMP 20x KSI Low for AWS, Azure and GCP (#​9198)
• Add verification for provider ID in MongoDB Atlas provider (#​9211)
• Add Prowler ThreatScore for the K8S provider (#​9235)
• Add postgresql_flexible_server_entra_id_authentication_enabled check for Azure provider (#​8764)
• Add branch name to IaC provider region (#​9296)

🔄 Changed

• Update AWS Direct Connect service metadata to new format (#​8855)
• Update AWS DRS service metadata to new format (#​8870)
• Update AWS DynamoDB service metadata to new format (#​8871)
• Update AWS CloudWatch service metadata to new format (#​8848)
• Update AWS EMR service metadata to new format (#​9002)
• Update AWS EKS service metadata to new format (#​8890)
• Update AWS Elastic Beanstalk service metadata to new format (#​8934)
• Update AWS ElastiCache service metadata to new format (#​8933)
• Update Kubernetes etcd service metadata to new format (#​9096)
• Update MongoDB Atlas projects service metadata to new format (#​9093)
• Update GitHub Organization service metadata to new format (#​9094)
• Update AWS CodeBuild service metadata to new format (#​8851)
• Update GCP Artifact Registry service metadata to new format (#​9088)
• Update AWS EFS service metadata to new format (#​8889)
• Update AWS EventBridge service metadata to new format (#​9003)
• Update AWS Firehose service metadata to new format (#​9004)
• Update AWS FMS service metadata to new format (#​9005)
• Update AWS FSx service metadata to new format (#​9006)
• Update AWS Glacier service metadata to new format (#​9007)
• Update oraclecloud analytics service metadata to new format (#​9114)
• Update AWS ELB service metadata to new format (#​8935)
• Update AWS CodeArtifact service metadata to new format (#​8850)
• Rename OCI provider to oraclecloud with oci alias (#​9126)
• Remove unnecessary tests for M365_PowerShell module (#​9204)
• Update AWS ELB v2 service metadata to new format (#​9001)
• Update oraclecloud cloudguard service metadata to new format (#​9223)
• Update oraclecloud blockstorage service metadata to new format (#​9222)
• Update oraclecloud audit service metadata to new format (#​9221)
• Raise ASFF output error for non-AWS providers (#​9225)
• Update AWS ECR service metadata to new format (#​8872)
• Update AWS ECS service metadata to new format (#​8888)
• Update AWS Kinesis service metadata to new format (#​9262)
• Update AWS DocumentDB service metadata to new format (#​8862)

🐛 Fixed

• Check check_name has no resource_name error for GCP provider (#​9169)
• Depth Truncation and parsing error in PowerShell queries (#​9181)
• False negative in iam_role_cross_service_confused_deputy_prevention check (#​9213)
• Fix M365 Teams --sp-env-auth connection error and enhanced timeout logging (#​9191)
• Rename get_oci_assessment_summary to get_oraclecloud_assessment_summary in HTML output (#​9200)
• Fix Validation and other errors in Azure provider (#​8915)
• Update documentation URLs from docs.prowler.cloud to docs.prowler.com (#​9240)
• Refresh output report timestamps for each scan (#​9272)
• Fix file name parsing for checks on Windows (#​9268)
• Remove typo for Prowler ThreatScore - M365 (#​9274)
• Point HTML logo to the one present in the Github repository (#​9282)

MCP Server

🐛 Fixed

• Fix documentation MCP Server to return list of dictionaries (#​9205)

v5.13.1: Prowler 5.13.1

Compare Source

API

🐞 Fixed

• /api/v1/overviews/providers collapses data by provider type so the UI receives a single aggregated record per cloud family even when multiple accounts exist (#​9053)
• Added retry logic to database transactions to handle read replica connection failures during scale-down events (#​9064)
• Security Hub integrations stop failing when they read relationships via the replica by allowing replica relations and saving updates through the primary (#​9080)

SDK

🐞 Fixed

• Add resource_name for checks under logging for the GCP provider (#​9023)
• Fix ec2_instance_with_outdated_ami check to handle None AMIs (#​9046)
• Handle timestamp when transforming compliance findings in CCC (#​9042)
• Update resource_id for admincenter service and avoid unnecessary msgraph requests (#​9019)

v5.13.0: Prowler 5.13.0

Compare Source

New features to highlight in this version

🤖 Prowler MCP Server: AI-Powered Security Operations

We've launched the Prowler MCP Server, a comprehensive Model Context Protocol (MCP) server that brings the entire Prowler ecosystem to AI assistants like Claude Desktop, Cursor, and other MCP-compatible tools.

You can test it right now in https://mcp.prowler.com/mcp

🎯 Key Capabilities

• Prowler Cloud & Self-Managed Integration — Full access to manage providers, run scans, and analyze security findings through AI assistants
• Prowler Hub Access — Browse 1000+ security checks, compliance frameworks, and remediation directly from AI tools
• Documentation Search — Intelligent search across official Prowler documentation with contextual results
• Dual Transport Support — Both STDIO (local) and HTTP (remote) modes for flexible deployment

🔑 API Key Authentication

We've added native API key support for programmatic access to the Prowler API, making it easier to integrate with automation workflows and external tools.

• Generate and manage API keys per tenant for secure, token-free authentication
• Ideal for CI/CD pipelines, scripts, and third-party integrations
• Complements existing JWT authentication for flexible access patterns

Read more about it here https://docs.prowler.com/user-guide/providers/prowler-app-api-keys

📄 PDF Reports for Prowler ThreatScore

Compliance reporting just got more shareable — you can now export Prowler ThreatScore reports as professional PDF documents.

• Generate polished PDF reports directly from the API
• Perfect for stakeholder presentations and compliance audits
• Includes comprehensive scoring and requirement breakdowns

📰 New docs site!

Take a look at our new documentation at https://docs.prowler.com

We'd love to hear any feedback or suggestions for improvement you might have!

🔐 SAML Role Mapping Protection: Prevent Admin Lockout

We've added a safeguard for single-admin tenants using SAML role mapping to prevent accidental loss of administrative access.

• Ensures that tenants with a single admin cannot be locked out due to incorrect SAML role mappings.
• Adds a safety layer during SSO role synchronization.
• Helps maintain secure and continuous access control for critical tenants.

🎯 Findings API: Filter by Provider ID

The Findings and Findings Severity Overview endpoints now support filtering by multiple provider IDs using the provider_id and provider_id__in parameters.

• Simplify reporting and analytics for multi-cloud environments.
• Improve flexibility for dashboards and automation workflows.

⚡ Database Read Replica Support

We've added read replica support to improve query performance and horizontal scalability.

• Distribute read-heavy queries across replica databases
• Reduce load on primary database for better write performance
• Configure via environment variables for flexible deployment architectures

⭕ Oracle Cloud Infrastructure (OCI) Provider - CLI Only

We've added comprehensive support for Oracle Cloud Infrastructure with the CIS 3.0 benchmark, expanding our multi-cloud security coverage.

• Complete authentication, session management, and resource scanning
• OCI CIS 3.0 Compliance coverage

Try it now with prowler oci after running oci session authenticate

🤖 LLM Provider with Promptfoo - CLI Only

We've introduced AI security testing capabilities using promptfoo for comprehensive LLM red team evaluations.

• Red Team techniques for large language models
• OWASP LLM Top 10, MITRE ATLAS, NIST AI Risk Management Framework
• Comprehensive security test suite out of the box with +5000 test cases

Try it now with prowler llm (requires npm install -g promptfoo)

🔧 New Checks

• ec2_instance_with_outdated_ami for AWS
• cloudstorage_bucket_lifecycle_management_enabled for GCP

📘 Multi-Cloud Compliance Frameworks

• C5 Compliance: new AWS-specific compliance framework for German cloud requirements
• Common Cloud Controls: unified security controls across AWS, Azure, and GCP providers

✅ New Metadata Format

We've standardized the metadata format across 15+ AWS services, making each field more comprehensive. Regarding remediation, we've included the NativeIaC and Terraform code within, therefore there's no need to check external sources.

📄 M365 Certificate Authentication

We have deprecated support for user and password authentication after Microsoft introduced mandatory interactive MFA for this type of sign-in. To ensure secure and seamless integration with Microsoft 365, and to provide an alternative to client secrets, we've added support for certificate-based authentication in Microsoft Entra.

This new method allows our integration to authenticate using trusted certificates instead of credentials, reducing the risk of credential exposure and improving reliability. Certificates offer a stronger and more stable authentication mechanism, ensuring secure access to Microsoft 365 resources while complying with modern identity and access management standards.

🔒 Security

• By default, Prowler API JWT key-pair is automatically generated and stored if not manually set. This ensures that each installation has a unique key pair, preventing possible attacks in the self-hosted deployment.
• RBAC MANAGE_ACCOUNT permission is required to modify or read user permissions instead of MANAGE_USERS.

🚀 Frontend Stack Modernization

This release brings a full modernization of the frontend architecture — upgrading to the latest React, Next.js, and key UI libraries to enhance performance, compatibility, and developer experience.

🔧 Highlights

• React 19.1.1 & Next.js 15.5.3 — async components, enhanced App Router, and React Compiler optimizations
• Tailwind 4 & HeroUI (replacing NextUI) — refreshed UI foundation with modern styling and accessibility improvements
• Zod 4, Zustand 5, & AI SDK 5 — upgraded core libraries with full migration of breaking changes
• LangChain (latest) — updated integration with new APIs and improved type handling
• Turbopack — faster development bundler
• Refactored forms using `us

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

---

• Branch has one or more failed status checks