feat(scaleway): add new provider

[pedrooot]

Description

This PR adds the new Scaleway provider with the IAM service and the check iam_no_root_api_keys

Steps to review

Please add a detailed description of how to review this PR.

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.

UI

• All issue/task requirements work as expected on the UI
• If this PR adds or updates npm dependencies, include package-health evidence (maintenance, popularity, known vulnerabilities, license, release age) and explain why existing/native alternatives are insufficient.
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• All issue/task requirements work as expected on the API
• Endpoint response output (if applicable)
• EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
• Performance test results (if applicable)
• Any other relevant evidence of the implementation (if applicable)
• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
prowler	🟢 Ready	View Preview	May 14, 2026, 8:17 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

⚠️ Changes detected in the following folders without a corresponding update to the CHANGELOG.md:

• mcp_server

Please add an entry to the corresponding CHANGELOG.md file to maintain a clear history of changes.

[github-actions]

Compliance Mapping Review

This PR adds new checks. Please verify that they have been mapped to the relevant compliance framework requirements.

New checks not mapped to any compliance framework in this PR

• iam_no_root_api_keys (scaleway)

Please review whether these checks should be added to compliance framework requirements in prowler/compliance/<provider>/. Each compliance JSON has a Checks array inside each requirement — add the check ID there if it satisfies that requirement.

Use the no-compliance-check label to skip this check.

[github-actions]

🔒 Container Security Scan

Image: prowler-mcp:8b439c4
Last scan: 2026-05-14 08:54:39 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	3
Total	3

3 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[github-actions]

🔒 Container Security Scan

Image: prowler:8b439c4
Last scan: 2026-05-14 09:03:06 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	6
Total	6

5 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.19%. Comparing base (739be07) to head (bede105).
⚠️ Report is 5 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #11166       +/-   ##
===========================================
+ Coverage   20.84%   87.19%   +66.35%     
===========================================
  Files         854     1642      +788     
  Lines       24848    49927    +25079     
===========================================
+ Hits         5180    43536    +38356     
+ Misses      19668     6391    -13277     

Flag	Coverage Δ
prowler-py3.10-aws	90.08% <ø> (+69.24%)	⬆️
prowler-py3.10-azure	89.45% <ø> (?)
prowler-py3.10-gcp	89.80% <ø> (?)
prowler-py3.10-github	89.10% <ø> (?)
prowler-py3.10-kubernetes	89.45% <ø> (?)
prowler-py3.10-nhn	89.09% <ø> (?)
prowler-py3.10-okta	89.14% <ø> (?)
prowler-py3.11-aws	90.08% <ø> (+69.24%)	⬆️
prowler-py3.11-azure	89.45% <ø> (?)
prowler-py3.11-gcp	89.80% <ø> (?)
prowler-py3.11-github	89.10% <ø> (?)
prowler-py3.11-googleworkspace	87.35% <ø> (?)
prowler-py3.11-iac	88.68% <ø> (?)
prowler-py3.11-kubernetes	89.46% <ø> (?)
prowler-py3.11-m365	88.91% <ø> (?)
prowler-py3.11-mongodbatlas	88.59% <ø> (?)
prowler-py3.11-nhn	89.09% <ø> (?)
prowler-py3.11-okta	89.14% <ø> (?)
prowler-py3.11-openstack	87.16% <ø> (?)
prowler-py3.11-oraclecloud	86.91% <ø> (?)
prowler-py3.11-vercel	87.19% <ø> (?)
prowler-py3.12-aws	90.08% <ø> (+69.23%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	87.19% <ø> (+66.35%)	⬆️
api	∅ <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[HugoPBrito]

Please use 15000 codes. 14000 are currently used by okta.

[HugoPBrito]

Please divide authentication into a separate doc page, like for other providers.

[HugoPBrito]

Please remove this url since it does not exist.

[HugoPBrito]

I suggest you this checkID to match with the best practices:

Suggested change

	"CheckID": "iam_no_root_api_keys",
	"CheckID": "iam_api_keys_no_root_owned",

[HugoPBrito]

This, or something similar, is just to propose an alternative.

[HugoPBrito]

Please use markdown here.

[HugoPBrito]

I personally wouldn't add this here. Please let me know what you think.

[HugoPBrito]

Should we use username or name for that? Which difference is there between those 2?

[HugoPBrito]

Please do the uv change.

[HugoPBrito]

A few more things:

[HugoPBrito]

Please pull account_root_user_id from provider.identity instead of self.users[0]. If the user list comes back empty the check would silently PASS on root keys.

[HugoPBrito]

Please add the @dataclass decorator here to match CheckReportOkta, CheckReportVercel and CheckReportCloudflare.

[HugoPBrito]

Please add ScalewayIdentityError to this except tuple. Otherwise the provider_id mismatch path gets re-wrapped as a generic auth error.