feat(iac): add IaC to Prowler App

[andoniaf]

Context

Adapt the Infrastructure as Code (IaC) provider to be fully integrated with the Prowler App, enabling users to scan remote repositories for IaC security issues through the web application.

Description

Implements full IaC provider support across the Prowler App:

SDK/Prowler Changes:

• Fix findings format to pass API validations
• Add special handling in scan.py to pass API validations
  • As we use an external tool, we do not have services or checks.
• Added TYPE_CHECKING imports to resolve flake8 linting issues
• Improved progress bar handling to detect TTY environments (fixes Celery worker compatibility)
• Added test_connection() static method to IaC provider for repository connectivity validation

API Changes:

• Added IaC to Provider.ProviderChoices with database migration (0050_iac_provider.py)
• Implemented validate_iac_uid() for repository URL validation
• Created IaCProviderSecret serializer with repository_url and access_token fields
• Extended provider utilities to support IacProvider initialization and connection testing
• Updated OpenAPI spec (v1.yaml) with IaC provider schemas
• Added test coverage for IaC provider in API tests

UI Changes:

• Created IacProviderBadge component with IaC icon
• Implemented IacCredentialsForm for repository URL and optional access token input
• Integrated IaC provider into:
  • Provider selector and radio group components
  • Provider filters and overview components
  • Credential builder and validation logic
• Added IaC-specific external documentation URLs

Infrastructure:

• Updated API Dockerfile to install Trivy binary (required for IaC scanning)
• Added Trivy installation from GitHub releases

Steps to review

1. Migration: Review api/migrations/0050_iac_provider.py - verify IaC enum added correctly after migration 0049
2. SDK Provider: Check prowler/providers/iac/iac_provider.py:480-573 - verify test_connection() implementation with OAuth/PAT support
3. SDK Progress Bars: Check prowler/providers/iac/iac_provider.py:250,327 - verify sys.stdout.isatty() checks for Celery compatibility
4. API Models: Check api/models.py:validate_iac_uid() - verify repository URL validation logic
5. API Serializers: Review api/serializers.py:IaCProviderSecret - verify repository_url and access_token fields
6. API Utils: Check api/utils.py:97-137 - verify IaC provider initialization and connection test handling
7. UI Forms: Review ui/components/providers/workflow/forms/via-credentials/iac-credentials-form.tsx - verify form fields and validation
8. UI Integration: Check IaC provider integration in enhanced-provider-selector.tsx, custom-provider-inputs.tsx, and radio-group-provider.tsx
9. Docker: Review api/Dockerfile:19-37 - verify Trivy installation process
10. OpenAPI Spec: Review regenerated api/specs/v1.yaml - verify IaC in provider type enums and schemas
11. Test: Create/update/delete IaC provider via API, test repository URL validation, test connection with public/private repos

Checklist

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.
• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[codecov]

Codecov Report

❌ Patch coverage is 36.52695% with 106 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.20%. Comparing base (4a364d9) to head (3b4a2c3).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #8751      +/-   ##
==========================================
- Coverage   92.55%   88.20%   -4.36%     
==========================================
  Files         118      231     +113     
  Lines        2822    24598   +21776     
==========================================
+ Hits         2612    21696   +19084     
- Misses        210     2902    +2692     

Flag	Coverage Δ
api	94.24% <70.00%> (?)
prowler-py3.10-gcp	?
prowler-py3.10-iac	55.03% <25.27%> (?)
prowler-py3.10-lib	69.31% <29.19%> (?)
prowler-py3.11-gcp	?
prowler-py3.11-iac	55.03% <25.27%> (?)
prowler-py3.11-lib	69.31% <29.19%> (?)
prowler-py3.12-gcp	?
prowler-py3.12-iac	55.03% <25.27%> (?)
prowler-py3.12-lib	69.31% <29.19%> (?)
prowler-py3.9-gcp	?
prowler-py3.9-iac	55.03% <25.27%> (?)
prowler-py3.9-lib	69.31% <29.19%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	69.31% <29.19%> (-23.25%)	⬇️
api	94.24% <78.60%> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🔒 Container Security Scan

Image: prowler-api:e66b563
Last scan: 2025-10-31 13:03:48 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	4
Total	4

3 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

🔒 Container Security Scan

Image: prowler-ui:e66b563
Last scan: 2025-10-31 13:05:37 UTC

✅ No Vulnerabilities Detected

The container image passed all security checks. No known CVEs were found.

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[github-actions]

🔒 Container Security Scan

Image: prowler:e66b563
Last scan: 2025-10-31 13:08:11 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	2
Total	2

2 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[pedrooot]

non-blocking: For future improvements we should add specific exceptions for the IAC provider, as it is done for the others. I'll create a ticket to address this 🚀

[alejandrobailo]

Nice work!