Repository files navigation

Prowler Open Source is as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.

Learn more atprowler.com

Join our Prowler community!

Prowler is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we callProwler Cloud.

Prowler App is a web application that allows you to run Prowler in your cloud provider accounts and visualize the results in a user-friendly interface.

More details atProwler App Documentation

prowler <provider>

prowler dashboard

It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.

You can list the checks, services, compliance frameworks and categories withprowler <provider> --list-checks,prowler <provider> --list-services,prowler <provider> --list-compliance andprowler <provider> --list-categories.

Prowler App can be installed in different ways, depending on your environment:

See how to use Prowler App in theProwler App Usage Guide.

Requirements

• Docker Compose installed:https://docs.docker.com/compose/install/.

Commands

curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/docker-compose.ymlcurl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/.envdocker compose up -d

Containers are built forlinux/amd64. If your workstation's architecture is different, please setDOCKER_DEFAULT_PLATFORM=linux/amd64 in your environment or use the--platform linux/amd64 flag in the docker command.Enjoy Prowler App athttp://localhost:3000 by signing up with your email and password.

Requirements

• git installed.
• poetry v2 installed:poetry installation.
• npm installed:npm installation.
• Docker Compose installed:https://docs.docker.com/compose/install/.

Commands to run the API

git clone https://github.com/prowler-cloud/prowlercd prowler/apipoetry installeval $(poetry env activate)set -asource .envdocker compose up postgres valkey -dcd src/backendpython manage.py migrate --database admingunicorn -c config/guniconf.py config.wsgi:application

Now, you can access the API documentation athttp://localhost:8080/api/v1/docs.

Commands to run the API Worker

git clone https://github.com/prowler-cloud/prowlercd prowler/apipoetry installeval $(poetry env activate)set -asource .envcd src/backendpython -m celery -A config.celery worker -l info -E

Commands to run the API Scheduler

git clone https://github.com/prowler-cloud/prowlercd prowler/apipoetry installeval $(poetry env activate)set -asource .envcd src/backendpython -m celery -A config.celery beat -l info --scheduler django_celery_beat.schedulers:DatabaseScheduler

Commands to run the UI

git clone https://github.com/prowler-cloud/prowlercd prowler/uinpm installnpm run buildnpm start

Enjoy Prowler App athttp://localhost:3000 by signing up with your email and password.

Prowler CLI is available as a project inPyPI, thus can be installed using pip with Python > 3.9.1, < 3.13:

pip install prowlerprowler -v

More details athttps://docs.prowler.com

The available versions of Prowler CLI are the following:

• latest: in sync withmaster branch (bear in mind that it is not a stable version)
• v4-latest: in sync withv4 branch (bear in mind that it is not a stable version)
• v3-latest: in sync withv3 branch (bear in mind that it is not a stable version)
• <x.y.z> (release): you can find the releaseshere, those are stable releases.
• stable: this tag always point to the latest release.
• v4-stable: this tag always point to the latest release for v4.
• v3-stable: this tag always point to the latest release for v3.

The container images are available here:

• Prowler CLI:
  • DockerHub
  • AWS Public ECR
• Prowler App:
  • DockerHub - Prowler UI
  • DockerHub - Prowler API

Python > 3.9.1, < 3.13 is required with pip and poetry:

git clone https://github.com/prowler-cloud/prowlercd prowlereval $(poetry env activate)poetry installpython prowler-cli.py -v

If you want to clone Prowler from Windows, usegit config core.longpaths true to allow long file paths.

TheProwler App consists of three main components:

• Prowler UI: A user-friendly web interface for running Prowler and viewing results, powered by Next.js.
• Prowler API: The backend API that executes Prowler scans and stores the results, built with Django REST Framework.
• Prowler SDK: A Python SDK that integrates with the Prowler CLI for advanced functionality.

You can run Prowler from your workstation, a Kubernetes Job, a Google Compute Engine, an Azure VM, an EC2 instance, Fargate or any other container, CloudShell and many more.

• Allowlist now is calledMutelist.
• The--quiet option has been deprecated, now use the--status flag to select the finding's status you want to get from PASS, FAIL or MANUAL.
• AllINFO finding's status has changed toMANUAL.
• The CSV output format is common for all the providers.

We have deprecated some of our outputs formats:

• The native JSON is replaced for the JSONOCSF v1.1.0, common for all the providers.

• Deprecate the AWS flag --sts-endpoint-region since we use AWS STS regional tokens.
• To send only FAILS to AWS Security Hub, now use either--send-sh-only-fails or--security-hub --status FAIL.

Install, Usage, Tutorials and Developer Guide is athttps://docs.prowler.com/

Prowler is licensed as Apache License 2.0 as specified in each file. You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0