Skip to main content

Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.

Project description

Prowler is the Open Cloud Security platform trusted by thousands to automate security and compliance in any cloud environment. With hundreds of ready-to-use checks and compliance frameworks, Prowler delivers real-time, customizable monitoring and seamless integrations, making cloud security simple, scalable, and cost-effective for organizations of any size.

Learn more at prowler.com

Prowler community on Slack
Join our Prowler community!


Slack Shield Python Version Python Version PyPI Prowler Downloads Docker Pulls Docker Docker AWS ECR Gallery

Repo size Issues Version Version Contributors License Twitter Twitter


Description

Prowler is an open-source security tool designed to assess and enforce security best practices across AWS, Azure, Google Cloud, and Kubernetes. It supports tasks such as security audits, incident response, continuous monitoring, system hardening, forensic readiness, and remediation processes.

Prowler includes hundreds of built-in controls to ensure compliance with standards and frameworks, including:

  • Industry Standards: CIS, NIST 800, NIST CSF, and CISA
  • Regulatory Compliance and Governance: RBI, FedRAMP, and PCI-DSS
  • Frameworks for Sensitive Data and Privacy: GDPR, HIPAA, and FFIEC
  • Frameworks for Organizational Governance and Quality Control: SOC2 and GXP
  • AWS-Specific Frameworks: AWS Foundational Technical Review (FTR) and AWS Well-Architected Framework (Security Pillar)
  • National Security Standards: ENS (Spanish National Security Scheme)
  • Custom Security Frameworks: Tailored to your needs

Prowler CLI and Prowler Cloud

Prowler offers a Command Line Interface (CLI), known as Prowler Open Source, and an additional service built on top of it, called Prowler Cloud.

Prowler App

Prowler App is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.

Prowler App

For more details, refer to the Prowler App Documentation

Prowler CLI

prowler <provider>

Prowler CLI Execution

Prowler Dashboard

prowler dashboard

Prowler Dashboard

Prowler at a Glance

Provider Checks Services Compliance Frameworks Categories
AWS 567 82 36 10
GCP 79 13 10 3
Azure 142 18 10 3
Kubernetes 83 7 5 7
GitHub 16 2 1 0
M365 69 7 3 2
NHN (Unofficial) 6 2 1 0

[!Note] The numbers in the table are updated periodically.

[!Tip] For the most accurate and up-to-date information about checks, services, frameworks, and categories, visit Prowler Hub.

[!Note] Use the following commands to list Prowler's available checks, services, compliance frameworks, and categories: prowler <provider> --list-checks, prowler <provider> --list-services, prowler <provider> --list-compliance and prowler <provider> --list-categories.

💻 Installation

Prowler App

Prowler App offers flexible installation methods tailored to various environments:

For detailed instructions on using Prowler App, refer to the Prowler App Usage Guide.

Docker Compose

Requirements

Commands

curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/docker-compose.yml
curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/.env
docker compose up -d

Containers are built for linux/amd64.

Configuring Your Workstation for Prowler App

If your workstation's architecture is incompatible, you can resolve this by:

  • Setting the environment variable: DOCKER_DEFAULT_PLATFORM=linux/amd64
  • Using the following flag in your Docker command: --platform linux/amd64

Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.

From GitHub

Requirements

Commands to run the API

git clone https://github.com/prowler-cloud/prowler
cd prowler/api
poetry install
eval $(poetry env activate)
set -a
source .env
docker compose up postgres valkey -d
cd src/backend
python manage.py migrate --database admin
gunicorn -c config/guniconf.py config.wsgi:application

[!IMPORTANT] As of Poetry v2.0.0, the poetry shell command has been deprecated. Use poetry env activate instead for environment activation.

If your Poetry version is below v2.0.0, continue using poetry shell to activate your environment. For further guidance, refer to the Poetry Environment Activation Guide https://python-poetry.org/docs/managing-environments/#activating-the-environment.

After completing the setup, access the API documentation at http://localhost:8080/api/v1/docs.

Commands to run the API Worker

git clone https://github.com/prowler-cloud/prowler
cd prowler/api
poetry install
eval $(poetry env activate)
set -a
source .env
cd src/backend
python -m celery -A config.celery worker -l info -E

Commands to run the API Scheduler

git clone https://github.com/prowler-cloud/prowler
cd prowler/api
poetry install
eval $(poetry env activate)
set -a
source .env
cd src/backend
python -m celery -A config.celery beat -l info --scheduler django_celery_beat.schedulers:DatabaseScheduler

Commands to run the UI

git clone https://github.com/prowler-cloud/prowler
cd prowler/ui
npm install
npm run build
npm start

Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.

Prowler CLI

Pip package

Prowler CLI is available as a project in PyPI. Consequently, it can be installed using pip with Python >3.9.1, <3.13:

pip install prowler
prowler -v

For further guidance, refer to https://docs.prowler.com

Containers

Available Versions of Prowler CLI

The following versions of Prowler CLI are available, depending on your requirements:

  • latest: Synchronizes with the master branch. Note that this version is not stable.
  • v4-latest: Synchronizes with the v4 branch. Note that this version is not stable.
  • v3-latest: Synchronizes with the v3 branch. Note that this version is not stable.
  • <x.y.z> (release): Stable releases corresponding to specific versions. You can find the complete list of releases here.
  • stable: Always points to the latest release.
  • v4-stable: Always points to the latest release for v4.
  • v3-stable: Always points to the latest release for v3.

The container images are available here:

From GitHub

Python >3.9.1, <3.13 is required with pip and Poetry:

git clone https://github.com/prowler-cloud/prowler
cd prowler
eval $(poetry env activate)
poetry install
python prowler-cli.py -v

[!IMPORTANT] To clone Prowler on Windows, configure Git to support long file paths by running the following command: git config core.longpaths true.

[!IMPORTANT] As of Poetry v2.0.0, the poetry shell command has been deprecated. Use poetry env activate instead for environment activation.

If your Poetry version is below v2.0.0, continue using poetry shell to activate your environment. For further guidance, refer to the Poetry Environment Activation Guide https://python-poetry.org/docs/managing-environments/#activating-the-environment.

✏️ High level architecture

Prowler App

Prowler App is composed of three key components:

  • Prowler UI: A web-based interface, built with Next.js, providing a user-friendly experience for executing Prowler scans and visualizing results.
  • Prowler API: A backend service, developed with Django REST Framework, responsible for running Prowler scans and storing the generated results.
  • Prowler SDK: A Python SDK designed to extend the functionality of the Prowler CLI for advanced capabilities.

Prowler App Architecture

Prowler CLI

Running Prowler

Prowler can be executed across various environments, offering flexibility to meet your needs. It can be run from:

  • Your own workstation

  • A Kubernetes Job

  • Google Compute Engine

  • Azure Virtual Machines (VMs)

  • Amazon EC2 instances

  • AWS Fargate or other container platforms

  • CloudShell

And many more environments.

Architecture

Deprecations from v3

General

  • Allowlist now is called Mutelist.
  • The --quiet option has been deprecated. Use the --status flag to filter findings based on their status: PASS, FAIL, or MANUAL.
  • All findings with an INFO status have been reclassified as MANUAL.
  • The CSV output format is standardized across all providers.

Deprecated Output Formats

The following formats are now deprecated:

  • Native JSON has been replaced with JSON in [OCSF] v1.1.0 format, which is standardized across all providers (https://schema.ocsf.io/).

AWS

AWS Flag Deprecation

The flag --sts-endpoint-region has been deprecated due to the adoption of AWS STS regional tokens.

Sending FAIL Results to AWS Security Hub

  • To send only FAILS to AWS Security Hub, use one of the following options: --send-sh-only-fails or --security-hub --status FAIL.

📖 Documentation

Documentation Resources

For installation instructions, usage details, tutorials, and the Developer Guide, visit https://docs.prowler.com/

📃 License

Prowler License Information

Prowler is licensed under the Apache License 2.0, as indicated in each file within the repository. Obtaining a Copy of the License

A copy of the License is available at http://www.apache.org/licenses/LICENSE-2.0

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

prowler_cloud-5.8.1.tar.gz (3.2 MB view details)

Uploaded Source

Built Distribution

prowler_cloud-5.8.1-py3-none-any.whl (5.2 MB view details)

Uploaded Python 3

File details

Details for the file prowler_cloud-5.8.1.tar.gz.

File metadata

  • Download URL: prowler_cloud-5.8.1.tar.gz
  • Upload date:
  • Size: 3.2 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.1.1 CPython/3.12.3 Linux/6.11.0-1015-azure

File hashes

Hashes for prowler_cloud-5.8.1.tar.gz
Algorithm Hash digest
SHA256 fb623ecf6969e2af7dec4023c967c8cce9725627bcf23a6fcefe66322e3630fb
MD5 46d7fb22c000eeb4c110efe5abf636c6
BLAKE2b-256 05937375e10c3fb1542ee8ab406dd970b90647e597d57dfa99f2344f056b0d3d

See more details on using hashes here.

File details

Details for the file prowler_cloud-5.8.1-py3-none-any.whl.

File metadata

  • Download URL: prowler_cloud-5.8.1-py3-none-any.whl
  • Upload date:
  • Size: 5.2 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.1.1 CPython/3.12.3 Linux/6.11.0-1015-azure

File hashes

Hashes for prowler_cloud-5.8.1-py3-none-any.whl
Algorithm Hash digest
SHA256 de351beda50c0612cb3cda138980681aa0d38cf966cb64093e92cd582c7df5c7
MD5 bbe7e473663ad86a02886004649a184d
BLAKE2b-256 5f4441b98188e95dc6c7526f7e30979617c0c232e51d6e6ec22f4494ff3b829d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page