prowler-cloud
diff --git a/‎api/CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎api/CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎api/Dockerfile‎
Lines changed: 21 additions & 0 deletions b/‎api/Dockerfile‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎api/src/backend/api/migrations/0054_iac_provider.py‎
Lines changed: 35 additions & 0 deletions b/‎api/src/backend/api/migrations/0054_iac_provider.py‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎api/src/backend/api/models.py‎
Lines changed: 14 additions & 0 deletions b/‎api/src/backend/api/models.py‎
Lines changed: 14 additions & 0 deletions
@@ -5,6 +5,7 @@ All notable changes to the **Prowler API** are documented in this file.
 ## [1.15.0] (Prowler UNRELEASED)
 
 ### Added
+- IaC (Infrastructure as Code) provider support for remote repositories [(#8751)](https://github.com/prowler-cloud/prowler/pull/8751)
 - Extend `GET /api/v1/providers` with provider-type filters and optional pagination disable to support the new Overview filters [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975)
 - New endpoint to retrieve the number of providers grouped by provider type [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975)
 - Support for configuring multiple LLM providers [(#8772)](https://github.com/prowler-cloud/prowler/pull/8772)
 
@@ -5,6 +5,9 @@ LABEL maintainer="https://github.com/prowler-cloud/api"
 ARG POWERSHELL_VERSION=7.5.0
 ENV POWERSHELL_VERSION=${POWERSHELL_VERSION}
 
+ARG TRIVY_VERSION=0.66.0
+ENV TRIVY_VERSION=${TRIVY_VERSION}
+
 # hadolint ignore=DL3008
 RUN apt-get update && apt-get install -y --no-install-recommends \
     wget \
@@ -36,6 +39,24 @@ RUN ARCH=$(uname -m) && \
     ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh && \
     rm /tmp/powershell.tar.gz
 
+# Install Trivy for IaC scanning
+RUN ARCH=$(uname -m) && \
+    if [ "$ARCH" = "x86_64" ]; then \
+        TRIVY_ARCH="Linux-64bit" ; \
+    elif [ "$ARCH" = "aarch64" ]; then \
+        TRIVY_ARCH="Linux-ARM64" ; \
+    else \
+        echo "Unsupported architecture for Trivy: $ARCH" && exit 1 ; \
+    fi && \
+    wget --progress=dot:giga "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_${TRIVY_ARCH}.tar.gz" -O /tmp/trivy.tar.gz && \
+    tar zxf /tmp/trivy.tar.gz -C /tmp && \
+    mv /tmp/trivy /usr/local/bin/trivy && \
+    chmod +x /usr/local/bin/trivy && \
+    rm /tmp/trivy.tar.gz && \
+    # Create trivy cache directory with proper permissions
+    mkdir -p /tmp/.cache/trivy && \
+    chmod 777 /tmp/.cache/trivy
+
 # Add prowler user
 RUN addgroup --gid 1000 prowler && \
     adduser --uid 1000 --gid 1000 --disabled-password --gecos "" prowler
 
@@ -0,0 +1,35 @@
+# Generated by Django 5.1.10 on 2025-09-09 09:25
+
+from django.db import migrations
+
+import api.db_utils
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("api", "0053_lighthouse_bedrock_openai_compatible"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="provider",
+            name="provider",
+            field=api.db_utils.ProviderEnumField(
+                choices=[
+                    ("aws", "AWS"),
+                    ("azure", "Azure"),
+                    ("gcp", "GCP"),
+                    ("kubernetes", "Kubernetes"),
+                    ("m365", "M365"),
+                    ("github", "GitHub"),
+                    ("oci", "Oracle Cloud Infrastructure"),
+                    ("iac", "IaC"),
+                ],
+                default="aws",
+            ),
+        ),
+        migrations.RunSQL(
+            "ALTER TYPE provider ADD VALUE IF NOT EXISTS 'iac';",
+            reverse_sql=migrations.RunSQL.noop,
+        ),
+    ]
@@ -284,6 +284,7 @@ class ProviderChoices(models.TextChoices):
         KUBERNETES = "kubernetes", _("Kubernetes")
         M365 = "m365", _("M365")
         GITHUB = "github", _("GitHub")
+        IAC = "iac", _("IaC")
         OCI = "oci", _("Oracle Cloud Infrastructure")
 
     @staticmethod
@@ -355,6 +356,19 @@ def validate_github_uid(value):
                 pointer="/data/attributes/uid",
             )
 
+    @staticmethod
+    def validate_iac_uid(value):
+        # Validate that it's a valid repository URL (git URL format)
+        if not re.match(
+            r"^(https?://|git@|ssh://)[^\s/]+[^\s]*\.git$|^(https?://)[^\s/]+[^\s]*$",
+            value,
+        ):
+            raise ModelValidationError(
+                detail="IaC provider ID must be a valid repository URL (e.g., https://github.com/user/repo or https://github.com/user/repo.git).",
+                code="iac-uid",
+                pointer="/data/attributes/uid",
+            )
+
     @staticmethod
     def validate_oci_uid(value):
         if not re.match(