prowler-changelog
Prowler is the worldβs most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
12.8K stars2K forksUpdated Jan 26, 2026
npx skills add https://github.com/prowler-cloud/prowler --skill prowler-changelogSKILL.md
Changelog Locations
| Component | File | Version Prefix | Current Version |
|---|---|---|---|
| UI | ui/CHANGELOG.md | None | 1.x.x |
| API | api/CHANGELOG.md | None | 1.x.x |
| MCP Server | mcp_server/CHANGELOG.md | None | 0.x.x |
| SDK | prowler/CHANGELOG.md | None | 5.x.x |
Format Rules (keepachangelog.com)
Section Order (ALWAYS this order)
## [X.Y.Z] (Prowler vA.B.C) OR (Prowler UNRELEASED)
### Added
### Changed
### Deprecated
### Removed
### Fixed
### Security
Emoji Prefixes (REQUIRED for ALL components)
| Section | Emoji | Usage |
|---|---|---|
| Added | ### π Added | New features, checks, endpoints |
| Changed | ### π Changed | Modifications to existing functionality |
| Deprecated | ### β οΈ Deprecated | Features marked for removal |
| Removed | ### β Removed | Deleted features |
| Fixed | ### π Fixed | Bug fixes |
| Security | ### π Security | Security patches, CVE fixes |
Entry Format
### Added
- First entry [(#XXXX)](https://github.com/prowler-cloud/prowler/pull/XXXX)
- Second entry [(#YYYY)](https://github.com/prowler-cloud/prowler/pull/YYYY)
### Changed
- Another entry [(#ZZZZ)](https://github.com/prowler-cloud/prowler/pull/ZZZZ)
Rules:
- Blank line after section header before first entry
- Blank line between sections
- Be specific: what changed, not why (that's in the PR)
- One entry per PR (can link multiple PRs for related changes)
- No period at the end
- Do NOT start with redundant verbs (section header already provides the action)
Semantic Versioning Rules
Prowler follows semver.org:
| Change Type | Version Bump | Example |
|---|---|---|
| Bug fixes, patches | PATCH (x.y.Z) | 1.16.1 β 1.16.2 |
| New features (backwards compatible) | MINOR (x.Y.0) | 1.16.2 β 1.17.0 |
| Breaking changes, removals | MAJOR (X.0.0) | 1.17.0 β 2.0.0 |
CRITICAL: ### β Removed entries MUST only appear in MAJOR version releases. Removing features is a breaking change.
Released Versions Are Immutable
NEVER modify already released versions. Once a version is released (has a Prowler version tag like v5.16.0), its changelog section is frozen.
Common issue: A PR is created during release cycle X, includes a changelog entry, but merges after release. The entry is now in the wrong section.
## [1.16.0] (Prowler v5.16.0) β RELEASED, DO NOT MODIFY
### Added
- Feature from merged PR [(#9999)] β WRONG! PR merged after release
## [1.17.0] (Prowler UNRELEASED) β Move entry HERE
Fix: Move the entry from the released version to the UNRELEASED section.
Version Header Format
## [1.17.0] (Prowler UNRELEASED) # For unreleased changes
## [1.16.0] (Prowler v5.16.0) # For released versions
--- # Horizontal rule between versions
Adding a Changelog Entry
Step 1: Determine Affected Component(s)
# Check which files changed
git diff main...HEAD --name-only
| Path Pattern | Component |
|---|---|
ui/** | UI |
api/** | API |
mcp_server/** | MCP Server |
prowler/** | SDK |
| Multiple | Update ALL affected changelogs |
Step 2: Determine Change Type
| Change | Section |
|---|---|
| New feature, check, endpoint | π Added |
| Behavior change, refactor | π Changed |
| Bug fix | π Fixed |
| CVE patch, security improvement | π Security |
| Feature removal | β Removed |
| Deprecation notice | β οΈ Deprecated |
Step 3: Add Entry to UNRELEASED Section
# Example: Adding a fix to UI changelog
## [1.17.0] (Prowler UNRELEASED)
### π Fixed
- Button alignment in dashboard header [(#9999)](https://github.com/prowler-cloud/prowler/pull/9999)
Examples
Good Entries
### π Added
- Search bar when adding a provider [(#9634)](https://github.com/prowler-cloud/prowler/pull/9634)
### π Fixed
- OCI update credentials form failing silently due to missing provider UID [(#9746)](https://github.com/prowler-cloud/prowler/pull/9746)
### π Security
- Node.js from 20.x to 24.13.0 LTS, patching 8 CVEs [(#9797)](https://github.com/prowler-cloud/prowler/pull/9797)
Bad Entries
- Fixed bug. # Too vague, has period
- Added new feature for users # Missing PR link, redundant verb
- Add search bar [(#123)] # Redundant verb (section already says "Added")
- This PR adds a cool new thing (#123) # Wrong link format, conversational
PR Changelog Gate
The pr-check-changelog.yml workflow enforces changelog entries:
- REQUIRED: PRs touching
ui/,api/,mcp_server/, orprowler/MUST update the corresponding changelog - SKIP: Add
no-changeloglabel to bypass (use sparingly for docs-only, CI-only changes)
Commands
`
...
Repository
prowler-cloud/prowlerParent repository
Repository Stats
Stars12.8K
Forks2K
LicenseApache License 2.0