Skip to main content

Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.

Project description

Prowler SaaS and Prowler Open Source are as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.

Learn more at prowler.com

Prowler community on Slack
Join our Prowler community!


Slack Shield Python Version Python Version PyPI Prowler Downloads Docker Pulls Docker Docker AWS ECR Gallery

Repo size Issues Version Version Contributors License Twitter Twitter


Description

Prowler is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call Prowler SaaS.

Prowler CLI

prowler <provider>

Prowler CLI Execution

Prowler Dashboard

prowler dashboard

Prowler Dashboard

It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.

Provider Checks Services Compliance Frameworks Categories
AWS 553 77 -> prowler aws --list-services 30 -> prowler aws --list-compliance 9 -> prowler aws --list-categories
GCP 77 13 -> prowler gcp --list-services 2 -> prowler gcp --list-compliance 2 -> prowler gcp --list-categories
Azure 138 17 -> prowler azure --list-services 3 -> prowler azure --list-compliance 2 -> prowler azure --list-categories
Kubernetes 83 7 -> prowler kubernetes --list-services 1 -> prowler kubernetes --list-compliance 7 -> prowler kubernetes --list-categories

💻 Installation

Pip package

Prowler is available as a project in PyPI, thus can be installed using pip with Python >= 3.9, < 3.13:

pip install prowler
prowler -v

More details at https://docs.prowler.com

Containers

The available versions of Prowler are the following:

  • latest: in sync with master branch (bear in mind that it is not a stable version)
  • v3-latest: in sync with v3 branch (bear in mind that it is not a stable version)
  • <x.y.z> (release): you can find the releases here, those are stable releases.
  • stable: this tag always point to the latest release.
  • v3-stable: this tag always point to the latest release for v3.

The container images are available here:

From GitHub

Python >= 3.9, < 3.13 is required with pip and poetry:

git clone https://github.com/prowler-cloud/prowler
cd prowler
poetry shell
poetry install
python prowler.py -v

If you want to clone Prowler from Windows, use git config core.longpaths true to allow long file paths.

📐✏️ High level architecture

You can run Prowler from your workstation, a Kubernetes Job, a Google Compute Engine, an Azure VM, an EC2 instance, Fargate or any other container, CloudShell and many more.

Architecture

Deprecations from v3

General

  • Allowlist now is called Mutelist.
  • The --quiet option has been deprecated, now use the --status flag to select the finding's status you want to get from PASS, FAIL or MANUAL.
  • All INFO finding's status has changed to MANUAL.
  • The CSV output format is common for all the providers.

We have deprecated some of our outputs formats:

  • The native JSON is replaced for the JSON OCSF v1.1.0, common for all the providers.

AWS

  • Deprecate the AWS flag --sts-endpoint-region since we use AWS STS regional tokens.
  • To send only FAILS to AWS Security Hub, now use either --send-sh-only-fails or --security-hub --status FAIL.

📖 Documentation

Install, Usage, Tutorials and Developer Guide is at https://docs.prowler.com/

📃 License

Prowler is licensed as Apache License 2.0 as specified in each file. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

Project details


Release history Release notifications | RSS feed

This version

4.5.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

prowler_cloud-4.5.0.tar.gz (1.9 MB view details)

Uploaded Source

Built Distribution

prowler_cloud-4.5.0-py3-none-any.whl (3.6 MB view details)

Uploaded Python 3

File details

Details for the file prowler_cloud-4.5.0.tar.gz.

File metadata

  • Download URL: prowler_cloud-4.5.0.tar.gz
  • Upload date:
  • Size: 1.9 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.4 CPython/3.10.12 Linux/6.5.0-1025-azure

File hashes

Hashes for prowler_cloud-4.5.0.tar.gz
Algorithm Hash digest
SHA256 8b594f269122d76de4c7e39516dc15ee1d44679069745c811d3327b9319b5101
MD5 ef27c91e752be5a603f223c66b58ae9f
BLAKE2b-256 9a99418258c6a7b083d1ab2c7a7148da61dc57db69e1b16bbdd85f3d282ec564

See more details on using hashes here.

File details

Details for the file prowler_cloud-4.5.0-py3-none-any.whl.

File metadata

  • Download URL: prowler_cloud-4.5.0-py3-none-any.whl
  • Upload date:
  • Size: 3.6 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.4 CPython/3.10.12 Linux/6.5.0-1025-azure

File hashes

Hashes for prowler_cloud-4.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8445ed8c9c9d214cf84239c7fa4043dc4be58f2d7abb88f47a64cd610e96208c
MD5 4fce8a2fcba584293f0c3c74e1e734b6
BLAKE2b-256 b68b0f43449e920cfb6c90ae352166fdaabd13eee6feb3356bbee676ca666e54

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page