Description

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment. With hundreds of ready-to-use security checks, remediation guidance, and compliance frameworks, Prowler is built to “Secure ANY cloud at AI Speed”. Prowler delivers AI-driven, customizable, and easy-to-use assessments, dashboards, reports, and integrations, making cloud security simple, scalable, and cost-effective for organizations of any size.

Prowler includes hundreds of built-in controls to ensure compliance with standards and frameworks, including:

• Prowler ThreatScore: Weighted risk prioritization scoring that helps you focus on the most critical security findings first
• Industry Standards: CIS, NIST 800, NIST CSF, CISA, and MITRE ATT&CK
• Regulatory Compliance and Governance: RBI, FedRAMP, PCI-DSS, and NIS2
• Frameworks for Sensitive Data and Privacy: GDPR, HIPAA, and FFIEC
• Frameworks for Organizational Governance and Quality Control: SOC2, GXP, and ISO 27001
• Cloud-Specific Frameworks: AWS Foundational Technical Review (FTR), AWS Well-Architected Framework, and BSI C5
• National Security Standards: ENS (Spanish National Security Scheme) and KISA ISMS-P (Korean)
• Custom Security Frameworks: Tailored to your needs

Prowler App / Prowler Cloud

Prowler App / Prowler Cloud is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.

For more details, refer to the Prowler App Documentation

Prowler CLI

prowler <provider>

Prowler Dashboard

prowler dashboard

Attack Paths

Attack Paths automatically extends every completed AWS scan with a Neo4j graph that combines Cartography's cloud inventory with Prowler findings. The feature runs in the API worker after each scan and therefore requires:

• An accessible Neo4j instance (the Docker Compose files already ships a neo4j service).

• The following environment variables so Django and Celery can connect:

  | Variable | Description | Default | | --- | --- | --- | | NEO4J_HOST | Hostname used by the API containers. | neo4j | | NEO4J_PORT | Bolt port exposed by Neo4j. | 7687 | | NEO4J_USER / NEO4J_PASSWORD | Credentials with rights to create per-tenant databases. | neo4j / neo4j_password |

Every AWS provider scan will enqueue an Attack Paths ingestion job automatically. Other cloud providers will be added in future iterations.

Prowler at a Glance

[!Tip] For the most accurate and up-to-date information about checks, services, frameworks, and categories, visit Prowler Hub.

| Provider | Checks | Services | Compliance Frameworks | Categories | Support | Interface | |---|---|---|---|---|---|---| | AWS | 584 | 85 | 40 | 17 | Official | UI, API, CLI | | GCP | 89 | 17 | 14 | 5 | Official | UI, API, CLI | | Azure | 169 | 22 | 15 | 8 | Official | UI, API, CLI | | Kubernetes | 84 | 7 | 6 | 9 | Official | UI, API, CLI | | GitHub | 20 | 2 | 1 | 2 | Official | UI, API, CLI | | M365 | 70 | 7 | 3 | 2 | Official | UI, API, CLI | | OCI | 52 | 15 | 1 | 12 | Official | UI, API, CLI | | Alibaba Cloud | 63 | 10 | 1 | 9 | Official | CLI | | IaC | See trivy docs. | N/A | N/A | N/A | Official | UI, API, CLI | | MongoDB Atlas | 10 | 4 | 0 | 3 | Official | UI, API, CLI | | LLM | See promptfoo docs. | N/A | N/A | N/A | Official | CLI | | NHN | 6 | 2 | 1 | 0 | Unofficial | CLI |

[!Note] The numbers in the table are updated periodically.

[!Note] Use the following commands to list Prowler's available checks, services, compliance frameworks, and categories:

• prowler <provider> --list-checks
• prowler <provider> --list-services
• prowler <provider> --list-compliance
• prowler <provider> --list-categories

💻 Installation

Prowler App

Prowler App offers flexible installation methods tailored to various environments:

For detailed instructions on using Prowler App, refer to the Prowler App Usage Guide.

Docker Compose

Requirements

• Docker Compose installed: https://docs.docker.com/compose/install/.

Commands

curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/docker-compose.yml
curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/.env
docker compose up -d

Containers are built for linux/amd64.

Configuring Your Workstation for Prowler App

If your workstation's architecture is incompatible, you can resolve this by:

• Setting the environment variable: DOCKER_DEFAULT_PLATFORM=linux/amd64
• Using the following flag in your Docker command: --platform linux/amd64

Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.

Common Issues with Docker Pull Installation

[!Note] If you want to use AWS role assumption (e.g., with the "Connect assuming IAM Role" option), you may need to mount your local .aws directory into the container as a volume (e.g., - "${HOME}/.aws:/home/prowler/.aws:ro"). There are several ways to configure credentials for Docker containers. See the Troubleshooting section for more details and examples.

You can find more information in the Troubleshooting section.

From GitHub

Requirements

• git installed.
• `po