Code Lib / 代码库
更新于 a month ago

prowler

Pprowler-cloud
12.8k
prowler-cloud/prowler
86
Agent 评分

💡 摘要

一个开源云安全平台,可跨多个云提供商自动化安全与合规性评估。

🎯 适合人群

云安全工程师DevOps工程师合规官安全审计员平台工程团队

🤖 AI 吐槽:它是云安全的瑞士军刀,但你需要一个YAML博士学位才能配置好它所有的活动部件。

安全分析中风险

该工具需要具有高权限的云提供商凭证,如果主机被入侵,会带来严重的秘密管理和横向移动风险。缓解措施:在短暂存活的隔离容器中运行Prowler,使用严格限定范围的IAM角色,并审计所有输出以防意外泄露秘密。

Description

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment. With hundreds of ready-to-use security checks, remediation guidance, and compliance frameworks, Prowler is built to “Secure ANY cloud at AI Speed”. Prowler delivers AI-driven, customizable, and easy-to-use assessments, dashboards, reports, and integrations, making cloud security simple, scalable, and cost-effective for organizations of any size.

Prowler includes hundreds of built-in controls to ensure compliance with standards and frameworks, including:

  • Prowler ThreatScore: Weighted risk prioritization scoring that helps you focus on the most critical security findings first
  • Industry Standards: CIS, NIST 800, NIST CSF, CISA, and MITRE ATT&CK
  • Regulatory Compliance and Governance: RBI, FedRAMP, PCI-DSS, and NIS2
  • Frameworks for Sensitive Data and Privacy: GDPR, HIPAA, and FFIEC
  • Frameworks for Organizational Governance and Quality Control: SOC2, GXP, and ISO 27001
  • Cloud-Specific Frameworks: AWS Foundational Technical Review (FTR), AWS Well-Architected Framework, and BSI C5
  • National Security Standards: ENS (Spanish National Security Scheme) and KISA ISMS-P (Korean)
  • Custom Security Frameworks: Tailored to your needs

Prowler App / Prowler Cloud

Prowler App / Prowler Cloud is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.

Prowler App Risk Pipeline Threat Map

For more details, refer to the Prowler App Documentation

Prowler CLI

prowler <provider>

Prowler CLI Execution

Prowler Dashboard

prowler dashboard

Prowler Dashboard

Attack Paths

Attack Paths automatically extends every completed AWS scan with a Neo4j graph that combines Cartography's cloud inventory with Prowler findings. The feature runs in the API worker after each scan and therefore requires:

  • An accessible Neo4j instance (the Docker Compose files already ships a neo4j service).

  • The following environment variables so Django and Celery can connect:

    | Variable | Description | Default | | --- | --- | --- | | NEO4J_HOST | Hostname used by the API containers. | neo4j | | NEO4J_PORT | Bolt port exposed by Neo4j. | 7687 | | NEO4J_USER / NEO4J_PASSWORD | Credentials with rights to create per-tenant databases. | neo4j / neo4j_password |

Every AWS provider scan will enqueue an Attack Paths ingestion job automatically. Other cloud providers will be added in future iterations.

Prowler at a Glance

[!Tip] For the most accurate and up-to-date information about checks, services, frameworks, and categories, visit Prowler Hub.

| Provider | Checks | Services | Compliance Frameworks | Categories | Support | Interface | |---|---|---|---|---|---|---| | AWS | 584 | 85 | 40 | 17 | Official | UI, API, CLI | | GCP | 89 | 17 | 14 | 5 | Official | UI, API, CLI | | Azure | 169 | 22 | 15 | 8 | Official | UI, API, CLI | | Kubernetes | 84 | 7 | 6 | 9 | Official | UI, API, CLI | | GitHub | 20 | 2 | 1 | 2 | Official | UI, API, CLI | | M365 | 70 | 7 | 3 | 2 | Official | UI, API, CLI | | OCI | 52 | 15 | 1 | 12 | Official | UI, API, CLI | | Alibaba Cloud | 63 | 10 | 1 | 9 | Official | CLI | | IaC | See trivy docs. | N/A | N/A | N/A | Official | UI, API, CLI | | MongoDB Atlas | 10 | 4 | 0 | 3 | Official | UI, API, CLI | | LLM | See promptfoo docs. | N/A | N/A | N/A | Official | CLI | | NHN | 6 | 2 | 1 | 0 | Unofficial | CLI |

[!Note] The numbers in the table are updated periodically.

[!Note] Use the following commands to list Prowler's available checks, services, compliance frameworks, and categories:

  • prowler <provider> --list-checks
  • prowler <provider> --list-services
  • prowler <provider> --list-compliance
  • prowler <provider> --list-categories

💻 Installation

Prowler App

Prowler App offers flexible installation methods tailored to various environments:

For detailed instructions on using Prowler App, refer to the Prowler App Usage Guide.

Docker Compose

Requirements

  • Docker Compose installed: https://docs.docker.com/compose/install/.

Commands

curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/docker-compose.yml curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/.env docker compose up -d

Containers are built for linux/amd64.

Configuring Your Workstation for Prowler App

If your workstation's architecture is incompatible, you can resolve this by:

  • Setting the environment variable: DOCKER_DEFAULT_PLATFORM=linux/amd64
  • Using the following flag in your Docker command: --platform linux/amd64

Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.

Common Issues with Docker Pull Installation

[!Note] If you want to use AWS role assumption (e.g., with the "Connect assuming IAM Role" option), you may need to mount your local .aws directory into the container as a volume (e.g., - "${HOME}/.aws:/home/prowler/.aws:ro"). There are several ways to configure credentials for Docker containers. See the Troubleshooting section for more details and examples.

You can find more information in the Troubleshooting section.

From GitHub

Requirements

  • git installed.
  • `po
五维分析
清晰度9/10
创新性7/10
实用性10/10
完整性9/10
可维护性8/10
优缺点分析

优点

  • 覆盖广泛的云提供商和合规框架
  • 多种接口(CLI, UI, API)提供灵活性
  • 强大的社区和商业支持

缺点

  • 高级功能设置和配置复杂
  • 完全掌握使用曲线陡峭
  • 部分功能需要外部服务(如Neo4j)

相关技能

cloud-collector

A
toolCo-Pilot / 辅助式
82/ 100

“看起来很能打,但别让配置把人劝退。”

pytorch

S
toolCode Lib / 代码库
92/ 100

“它是深度学习的瑞士军刀,但祝你好运能从47种安装方法里找到那个不会搞崩你系统的那一个。”

agno

S
toolCode Lib / 代码库
90/ 100

“它承诺成为智能体领域的Kubernetes,但得看开发者有没有耐心学习又一个编排层。”

免责声明:本内容来源于 GitHub 开源项目,仅供展示和评分分析使用。

版权归原作者所有 prowler-cloud.