claudeers.

🔓 unclaimed — this page was auto-generated from GitHub. Are you the creator?

Claim this page →
// Security & Compliance

prowler

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

// Security & Compliance[ cli ][ api ][ web ][ claude ]#claude#aws#azure#cis-benchmark#cloud#cloudsecurity#compliance#cspm#securityApache-2.0$open-sourceupdated 15 days ago
Actively maintained
100/100
last commit 2 days ago
last release 2 days ago
releases 208
open issues 82
// install
git clone https://github.com/prowler-cloud/prowler

Prowler logo Prowler logo

Prowler is the Open Cloud Security Platform trusted by thousands to automate security and compliance in any cloud environment. With hundreds of ready-to-use checks and compliance frameworks, Prowler delivers real-time, customizable monitoring and seamless integrations, making cloud security simple, scalable, and cost-effective for organizations of any size.

Secure ANY cloud at AI Speed at prowler.com

Prowler community on Slack
Join our Prowler community!


AWS ECR Gallery Linux Foundation insights health score


Prowler Cloud demo

Description

Prowler is the world’s most widely used Open-Source Cloud Security Platform that automates security and compliance across any cloud environment. With hundreds of ready-to-use security checks, remediation guidance, and compliance frameworks, Prowler is built to “Secure ANY Cloud at AI Speed”. Prowler delivers AI-driven, customizable, and easy-to-use assessments, dashboards, reports, and integrations, making cloud security simple, scalable, and cost-effective for organizations of any size.

Prowler includes hundreds of built-in controls to ensure compliance with standards and frameworks, including:

  • Prowler ThreatScore: Weighted risk prioritization scoring that helps you focus on the most critical security findings first
  • Industry Standards: CIS, NIST 800, NIST CSF, CISA, and MITRE ATT&CK
  • Regulatory Compliance and Governance: RBI, FedRAMP, PCI-DSS, and NIS2
  • Frameworks for Sensitive Data and Privacy: GDPR, HIPAA, and FFIEC
  • Frameworks for Organizational Governance and Quality Control: SOC2, GXP, and ISO 27001
  • Cloud-Specific Frameworks: AWS Foundational Technical Review (FTR), AWS Well-Architected Framework, and BSI C5
  • National Security Standards: ENS (Spanish National Security Scheme) and KISA ISMS-P (Korean)
  • Custom Security Frameworks: Tailored to your needs

Prowler App / Prowler Cloud

Prowler App / Prowler Cloud is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.

Prowler App Risk Pipeline Threat Map

For more details, refer to the Prowler App Documentation

Prowler CLI

prowler <provider>

Prowler CLI Execution

Prowler Dashboard

prowler dashboard

Prowler Dashboard

Attack Paths

Attack Paths automatically extends every completed AWS scan with a Neo4j graph that combines Cartography's cloud inventory with Prowler findings. The feature runs in the API worker after each scan and therefore requires:

  • An accessible Neo4j instance (the Docker Compose files already ships a neo4j service).

  • The following environment variables so Django and Celery can connect:

    VariableDescriptionDefault
    NEO4J_HOSTHostname used by the API containers.neo4j
    NEO4J_PORTBolt port exposed by Neo4j.7687
    NEO4J_USER / NEO4J_PASSWORDCredentials with rights to create per-tenant databases.neo4j / neo4j_password

Every AWS provider scan will enqueue an Attack Paths ingestion job automatically. Other cloud providers will be added in future iterations.

Prowler at a Glance

[!Tip] For the most accurate and up-to-date information about checks, services, frameworks, and categories, visit Prowler Hub.

ProviderChecksServicesCompliance FrameworksCategoriesSupportInterface
AWS613864619OfficialUI, API, CLI
Azure190222016OfficialUI, API, CLI
GCP109201812OfficialUI, API, CLI
Kubernetes907711OfficialUI, API, CLI
GitHub24315OfficialUI, API, CLI
M36510710410OfficialUI, API, CLI
OCI5214410OfficialUI, API, CLI
Alibaba Cloud63959OfficialUI, API, CLI
Cloudflare29315OfficialUI, API, CLI
IaCSee trivy docs.N/AN/AN/AOfficialUI, API, CLI
MongoDB Atlas10308OfficialUI, API, CLI
LLMSee promptfoo docs.N/AN/AN/AOfficialCLI
ImageN/AN/AN/AN/AOfficialCLI, API
Google Workspace651126OfficialUI, API, CLI
OpenStack34509OfficialUI, API, CLI
Vercel26608OfficialUI, API, CLI
Okta29812OfficialUI, API, CLI
Linode Contact us10304UnofficialCLI
Scaleway Contact us1101UnofficialCLI
StackIT Contact us7203UnofficialCLI
NHN6210UnofficialCLI

[!Note] The numbers in the table are updated periodically.

[!Note] Use the following commands to list Prowler's available checks, services, compliance frameworks, and categories:

  • prowler <provider> --list-checks
  • prowler <provider> --list-services
  • prowler <provider> --list-compliance
  • prowler <provider> --list-categories

💻 Installation

Prowler App

Prowler App offers flexible installation methods tailored to various environments:

For detailed instructions on using Prowler App, refer to the Prowler App Usage Guide.

Docker Compose

Requirements

Commands

macOS/Linux:

VERSION=$(curl -s https://api.github.com/repos/prowler-cloud/prowler/releases/latest | jq -r .tag_name)
curl -sLO "https://raw.githubusercontent.com/prowler-cloud/prowler/refs/tags/${VERSION}/docker-compose.yml"
# Environment variables can be customized in the .env file. Using default values in production environments is not recommended.
curl -sLO "https://raw.githubusercontent.com/prowler-cloud/prowler/refs/tags/${VERSION}/.env"
docker compose up -d

Windows PowerShell:

$VERSION = (Invoke-RestMethod -Uri "https://api.github.com/repos/prowler-cloud/prowler/releases/latest").tag_name
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/prowler-cloud/prowler/refs/tags/$VERSION/docker-compose.yml" -OutFile "docker-compose.yml"
# Environment variables can be customized in the .env file. Using default values in production environments is not recommended.
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/prowler-cloud/prowler/refs/tags/$VERSION/.env" -OutFile ".env"
docker compose up -d

[!WARNING] 🔒 For a secure setup, the API auto-generates a unique key pair, DJANGO_TOKEN_SIGNING_KEY and DJANGO_TOKEN_VERIFYING_KEY, and stores it in ~/.config/prowler-api (non-container) or the bound Docker volume in _data/api (container). Never commit or reuse static/default keys. To rotate keys, delete the stored key files and restart the API.

Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.

Common Issues with Docker Pull Installation

[!Note] If you want to use AWS role assumption (e.g., with the "Connect assuming IAM Role" option), you may need to mount your local .aws directory into the container as a volume (e.g., - "${HOME}/.aws:/home/prowler/.aws:ro"). There are several ways to configure credentials for Docker containers. See the Troubleshooting section for more details and examples.

You can find more information in the Troubleshooting section.

From GitHub

Requirements

Commands to run the API

git clone https://github.com/prowler-cloud/prowler
cd prowler/api
uv sync
source .venv/bin/activate
set -a
source .env
docker compose up postgres valkey -d
cd src/backend
python manage.py migrate --database admin
gunicorn -c config/guniconf.py config.wsgi:application

After completing the setup, access the API documentation at http://localhost:8080/api/v1/docs.

Commands to run the API Worker

git clone https://github.com/prowler-cloud/prowler
cd prowler/api
uv sync
source .venv/bin/activate
set -a
source .env
cd src/backend
python -m celery -A config.celery worker -l info -E

Commands to run the API Scheduler

git clone https://github.com/prowler-cloud/prowler
cd prowler/api
uv sync
source .venv/bin/activate
set -a
source .env
cd src/backend
python -m celery -A config.celery beat -l info --scheduler django_celery_beat.schedulers:DatabaseScheduler

Commands to run the UI

git clone https://github.com/prowler-cloud/prowler
cd prowler/ui
pnpm install
pnpm run build
pnpm start

Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.

Pre-commit Hooks Setup

Some pre-commit hooks require tools installed on your system:

  1. Install TruffleHog (secret scanning) — see the official installation options.

  2. Install Hadolint (Dockerfile linting) — see the official installation options.

Prowler CLI

Pip package

Prowler CLI is available as a project in PyPI. Consequently, it can be installed using pip with Python >=3.10, <3.13:

pip install prowler
prowler -v

For further guidance, refer to https://docs.prowler.com

Containers

Available Versions of Prowler CLI

The following versions of Prowler CLI are available, depending on your requirements:

  • latest: Synchronizes with the master branch. Note that this version is not stable.
  • v4-latest: Synchronizes with the v4 branch. Note that this version is not stable.
  • v3-latest: Synchronizes with the v3 branch. Note that this version is not stable.
  • <x.y.z> (release): Stable releases corresponding to specific versions. See the complete list of Prowler releases.
  • stable: Always points to the latest release.
  • v4-stable: Always points to the latest release for v4.
  • v3-stable: Always points to the latest release for v3.

The container images are available here:

From GitHub

Python >=3.10, <3.13 is required with uv:

git clone https://github.com/prowler-cloud/prowler
cd prowler
uv sync
source .venv/bin/activate
python prowler-cli.py -v

[!IMPORTANT] To clone Prowler on Windows, configure Git to support long file paths by running the following command: git config core.longpaths true.

🛡️ GitHub Action

The official Prowler GitHub Action runs Prowler scans in your GitHub workflows using the official prowlercloud/prowler Docker image. Scans run on any supported provider, with optional --push-to-cloud to send findings to Prowler Cloud and optional SARIF upload so findings show up in the repo's Security → Code scanning tab and as inline PR annotations.

name: Prowler IaC Scan
on:
  pull_request:

permissions:
  contents: read
  security-events: write
  actions: read

jobs:
  prowler:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: prowler-cloud/[email protected]
        with:
          provider: iac
          output-formats: sarif json-ocsf
          upload-sarif: true
          flags: --severity critical high

Full configuration, per-provider authentication, and SARIF examples: Prowler GitHub Action tutorial. Marketplace listing: Prowler Security Scan.

✏️ High level architecture

Prowler App

Prowler App is composed of four key components:

  • Prowler UI: A web-based interface, built with Next.js, providing a user-friendly experience for executing Prowler scans and visualizing results.
  • Prowler API: A backend service, developed with Django REST Framework, responsible for running Prowler scans and storing the generated results.
  • Prowler SDK: A Python SDK designed to extend the functionality of the Prowler CLI for advanced capabilities.
  • Prowler MCP Server: A Model Context Protocol server that provides AI tools for Lighthouse, the AI-powered security assistant. This is a critical dependency for Lighthouse functionality.

Prowler App Architecture

Prowler CLI

Running Prowler

Prowler can be executed across various environments, offering flexibility to meet your needs. It can be run from:

  • Your own workstation

  • A Kubernetes Job

  • Google Compute Engine

  • Azure Virtual Machines (VMs)

  • Amazon EC2 instances

  • AWS Fargate or other container platforms

  • CloudShell

And many more environments.

Architecture

🤖 AI Skills for Development

Prowler includes a comprehensive set of AI Skills that help AI coding assistants understand Prowler's codebase patterns and conventions.

What are AI Skills?

Skills are structured instructions that give AI assistants the context they need to write code that follows Prowler's standards. They include:

  • Coding patterns for each component (SDK, API, UI, MCP Server)
  • Testing conventions (pytest, Playwright)
  • Architecture guidelines (Clean Architecture, RLS patterns)
  • Framework-specific rules (React 19, Next.js 15, Django DRF, Tailwind 4)

Available Skills

CategorySkills
Generictypescript, react-19, nextjs-15, tailwind-4, playwright, pytest, django-drf, zod-4, zustand-5, ai-sdk-5
Prowlerprowler, prowler-api, prowler-ui, prowler-mcp, prowler-sdk-check, prowler-test-ui, prowler-test-api, prowler-test-sdk, prowler-compliance, prowler-provider, prowler-pr, prowler-docs

Setup

./skills/setup.sh

This configures skills for AI coding assistants that follow the agentskills.io standard:

ToolConfiguration
Claude Code.claude/skills/ (symlink)
OpenCode.claude/skills/ (symlink)
Codex (OpenAI).codex/skills/ (symlink)
GitHub Copilot.github/skills/ (symlink)
Gemini CLI.gemini/skills/ (symlink)

Note: Restart your AI coding assistant after running setup to load the skills. Gemini CLI requires experimental.skills enabled in settings.

📖 Documentation

For installation instructions, usage details, tutorials, and the Developer Guide, visit https://docs.prowler.com/

📃 License

Prowler is licensed under the Apache License 2.0.

A copy of the License is available at http://www.apache.org/licenses/LICENSE-2.0

// compatibility

Platformscli, api, web
Operating systems
AI compatibilityclaude
LicenseApache-2.0
Pricingopen-source
LanguagePython

// faq

What is prowler?

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.. It is open-source on GitHub.

Is prowler free to use?

prowler is open-source under the Apache-2.0 license, so it is free to use.

What category does prowler belong to?

prowler is listed under security in the Claudeers registry of Claude-compatible tools.

0 views
14,101 stars
unclaimed
updated 15 days ago

// embed badge

prowler on Claudeers
[![Claudeers](https://claudeers.com/api/badge/prowler.svg)](https://claudeers.com/prowler)

// retro hit counter

prowler hit counter
[![Hits](https://claudeers.com/api/counter/prowler.svg)](https://claudeers.com/prowler)

// reviews

// guestbook

0/500

// related in Security & Compliance

🔓

A complete AI agency at your fingertips - From frontend wizards to Reddit community ninjas, from whimsy injectors to reality checkers. Each agent is a specia…

// securitymsitarzewski/Shell126,507MIT[ claude ]
🔓

π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video.

// securityruvnet/Rust76,321MIT[ claude ]
🔓

🐶 A curated list of Web Security materials and resources.

// securityqazbnm456/Python13,559[ claude ]
🔓

sharing current agents in use

// securitycontains-studio/12,395[ claude ]

// built by

→ see how prowler connects across the ecosystem