Download Latest Version Prowler 5.10.1 source code.tar.gz (52.6 MB)
Email in envelope

Get an email when there's a new version of Prowler

Home / 5.10.0
Name Modified Size InfoDownloads / Week
Parent folder
Prowler 5.10.0 source code.tar.gz 2025-08-07 52.6 MB
0
Prowler 5.10.0 source code.zip 2025-08-07 57.2 MB
0
README.md 2025-08-07 9.8 kB
0
Totals: 3 Items   109.8 MB 0

šŸ—‚ļø Amazon S3 Integration

We're excited to introduce seamless integration with Amazon S3, giving you full control over where your scan reports are delivered. With this new feature, automatically send scan reports to any configured S3 bucket.

Screenshot 2025-08-07 at 11 01 38

  • Fully customizable: Configure one or multiple S3 buckets as destinations for scan reports, with no restrictions on provider or bucket combinations.
  • Streamlined workflows: Integrate report delivery into existing data pipelines and storage strategies without limitation.
  • No boundaries: There are no constraints tying specific providers to specific buckets, offering maximum flexibility for multi-cloud and hybrid environments.

s3-2

Start leveraging the power of Amazon S3 integration today and make report management simpler and more adaptable than ever before.

šŸ“„ GitHub Provider

Prowler App now supports GitHub as cloud provider, enabling you to assess the security posture of your GitHub organization and repositories with ease.

github provider

  • Analyze GitHub configuration and permissions to identify security gaps.
  • Detect common misconfigurations and potential risks across your repositories.
  • Authenticate using Personal Access Tokens, OAuth App Tokens, or GitHub Apps, depending on your organizationā€™s setup.

This integration brings GitHub into the same powerful security framework you already use with AWS, Azure, and other providersā€”helping you stay secure across all your environments.

Start scanning your GitHub environment today to gain full visibility and actionable insights.

Scopped Scannings - CLI-Only

Weā€™ve added support forĀ repository and organization scopingĀ in the GitHub provider to enable more targeted security assessments.
Instead of scanningĀ allĀ accessible repositories and organizations, you can now define exactly what to scan using two new CLI flags:

  • --repositoryĀ ā€” Specify one or more repositories to scan, e.g.: --repository acme/app acme/lib
  • --organizationĀ ā€” Limit scans to specific organizations, e.g.: --organization acme-org other-org

These can also be combined to narrow the scope even further. This update makes it easier to audit specific parts of your GitHub footprintā€”particularly useful for large organizations or multi-team environments.

[!NOTE] This will be available in the Prowler App in upcoming versions, along with full support for the corresponding CLI arguments.

šŸ”¦ Lighthouse Improvements: Enhanced Insights + New Banner

We've made several improvements to Lighthouse:

  • Resolved multiple issues for smoother performance and more accurate results.
  • Lighthouse is now featured directly on the Overview dashboard.
  • Screenshot 2025-08-07 at 10 32 09

āœ… New Checks

Weā€™ve introduced 5 new security checks to enhance your Cloud posture.

AWS

  • bedrock_api_key_no_administrative_privileges ā€” Ensures Bedrock API keys donā€™t have excessive permissions.
  • bedrock_api_key_no_long_term_credentials ā€” Detects long-lived credentials in Bedrock API keys.
  • s3_bucket_shadow_resource_vulnerability ā€” Flags shadow resources in S3 buckets that may introduce risk.

Azure

  • vm_desired_sku_size ā€” Validates that VMs are configured with the desired SKU size.
  • vm_scaleset_not_empty ā€” Ensures VM Scale Sets are not empty, reducing configuration drift.

šŸ“˜ Compliance Update

Prowler now supports theĀ CIS Microsoft Azure Foundations Benchmark v4.0, bringing your compliance checks in line with the latest industry best practices for securing Azure environments.

UI

šŸš€ Added

  • Lighthouse banner (#8259)
  • Amazon AWS S3 integration (#8391)
  • Github provider support (#8405)
  • XML validation for SAML metadata in the UI (#8429)
  • Default Mutelist placeholder in the UI (#8455)
  • Help link in the SAML configuration modal (#8461)

šŸ”„ Changed

  • Rename Memberships to Organization in the sidebar (#8415)

šŸž Fixed

  • Display error messages and allow editing last message in Lighthouse (#8358)

āŒ Removed

  • Removed Browse all resources from the sidebar, sidebar now shows a single Resources entry (#8418)
  • Removed Misconfigurations from the Top Failed Findings section in the sidebar (#8426)

API

šŸš€ Added

  • Github provider support (#8271)
  • Integration with Amazon S3, enabling storage and retrieval of scan data via S3 buckets (#8056)

šŸž Fixed

  • Avoid sending errors to Sentry in M365 provider when user authentication fails (#8420)

SDK

šŸš€ Added

  • bedrock_api_key_no_administrative_privileges check for AWS provider (#8321)
  • bedrock_api_key_no_long_term_credentials check for AWS provider (#8396)
  • Support App Key Content in GitHub provider (#8271)
  • CIS 4.0 for the Azure provider (#7782)
  • vm_desired_sku_size check for Azure provider (#8191)
  • vm_scaleset_not_empty check for Azure provider (#8192)
  • GitHub repository and organization scoping support with --repository/respositories and --organization/organizations flags (#8329)
  • GCP provider retry configuration (#8412)
  • s3_bucket_shadow_resource_vulnerability check for AWS provider (#8398)

šŸ”„ Changed

  • Handle some AWS errors as warnings instead of errors (#8347)
  • Revert import of checkov python library (#8385)
  • Updated policy mapping in ISMS-P compliance file for improved alignment (#8367)

šŸž Fixed

  • False positives in SQS encryption check for ephemeral queues (#8330)
  • Add protocol validation check in security group checks to ensure proper protocol matching (#8374)
  • Add missing audit evidence for controls 1.1.4 and 2.5.5 for ISMS-P compliance. (#8386)
  • Use the correct @staticmethod decorator for set_identity and set_session_config methods in AwsProvider (#8056)
  • Use the correct default value for role_session_name and session_duration in AwsSetUpSession (#8056)
  • Use the correct default value for role_session_name and session_duration in S3 (#8417)
  • GitHub App authentication fails to generate output files and HTML header sections (#8423)
  • S3 test_connection uses AWS S3 API HeadBucket instead of GetBucketLocation (#8456)
  • Add more validations to Azure Storage models when some values are None to avoid serialization issues (#8325)
  • sns_topics_not_publicly_accessible false positive with aws:SourceArn conditions (#8326)
  • Remove typo from description req 1.2.3 - Prowler ThreatScore m365 (#8384)
  • Way of counting FAILED/PASS reqs from kisa_isms_p_2023_aws table (#8382)
  • Use default tenant domain instead of first domain in list for Azure and M365 providers (#8402)
  • Avoid multiple module error calls in M365 provider (#8353)
  • Avoid sending errors to Sentry in M365 provider when user authentication fails (#8420)
  • Tweaks from Prowler ThreatScore in order to handle the correct reqs (#8401)
  • Make setup_assumed_session static for the AWS provider (#8419)
Source: README.md, updated 2025-08-07