{"id":13461658,"url":"https://github.com/prowler-cloud/prowler","last_synced_at":"2026-03-04T13:05:05.107Z","repository":{"id":36952273,"uuid":"66474729","full_name":"prowler-cloud/prowler","owner":"prowler-cloud","description":"Prowler is an Open Cloud Security Platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more","archived":false,"fork":false,"pushed_at":"2025-05-13T08:24:21.000Z","size":135031,"stargazers_count":11593,"open_issues_count":132,"forks_count":1700,"subscribers_count":127,"default_branch":"master","last_synced_at":"2025-05-13T08:36:30.602Z","etag":null,"topics":["aws","azure","cis-benchmark","cloud","cloudsecurity","compliance","cspm","devsecops","forensics","gcp","gdpr","hardening","iam","multi-cloud","python","security","security-audit","security-hardening","security-tools","well-architected"],"latest_commit_sha":null,"homepage":"https://prowler.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/prowler-cloud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-08-24T15:12:24.000Z","updated_at":"2025-05-13T07:27:31.000Z","dependencies_parsed_at":"2025-05-05T20:48:07.051Z","dependency_job_id":null,"html_url":"https://github.com/prowler-cloud/prowler","commit_stats":{"total_commits":2640,"total_committers":261,"mean_commits":"10.114942528735632","dds":0.8132575757575757,"last_synced_commit":"4bfe145be352ea1dfd435ba4db0119bf3ccf4a56"},"previous_names":["toniblyx/prowler","alfresco/prowler"],"tags_count":141,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prowler-cloud%2Fprowler","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prowler-cloud%2Fprowler/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prowler-cloud%2Fprowler/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prowler-cloud%2Fprowler/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/prowler-cloud","download_url":"https://codeload.github.com/prowler-cloud/prowler/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253929348,"owners_count":21985802,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","azure","cis-benchmark","cloud","cloudsecurity","compliance","cspm","devsecops","forensics","gcp","gdpr","hardening","iam","multi-cloud","python","security","security-audit","security-hardening","security-tools","well-architected"],"created_at":"2024-07-31T11:00:51.086Z","updated_at":"2026-03-04T13:05:05.053Z","avatar_url":"https://github.com/prowler-cloud.png","language":"Python","readme":"\u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" src=\"https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-black.png#gh-light-mode-only\" width=\"50%\" height=\"50%\"\u003e\n \u003cimg align=\"center\" src=\"https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-white.png#gh-dark-mode-only\" width=\"50%\" height=\"50%\"\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n \u003cb\u003e\u003ci\u003eProwler Open Source\u003c/b\u003e is as dynamic and adaptable as the environment it secures. It is trusted by the industry leaders to uphold the highest standards in security.\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cb\u003eLearn more at \u003ca href=\"https://prowler.com\"\u003eprowler.com\u003c/i\u003e\u003c/b\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://goto.prowler.com/slack\"\u003e\u003cimg width=\"30\" height=\"30\" alt=\"Prowler community on Slack\" src=\"https://github.com/prowler-cloud/prowler/assets/38561120/3c8b4ec5-6849-41a5-b5e1-52bbb94af73a\"\u003e\u003c/a\u003e\n \u003cbr\u003e\n \u003ca href=\"https://goto.prowler.com/slack\"\u003eJoin our Prowler community!\u003c/a\u003e\n\u003c/p\u003e\n\u003chr\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://goto.prowler.com/slack\"\u003e\u003cimg alt=\"Slack Shield\" src=\"https://img.shields.io/badge/slack-prowler-brightgreen.svg?logo=slack\"\u003e\u003c/a\u003e\n \u003ca href=\"https://pypi.org/project/prowler/\"\u003e\u003cimg alt=\"Python Version\" src=\"https://img.shields.io/pypi/v/prowler.svg\"\u003e\u003c/a\u003e\n \u003ca href=\"https://pypi.python.org/pypi/prowler/\"\u003e\u003cimg alt=\"Python Version\" src=\"https://img.shields.io/pypi/pyversions/prowler.svg\"\u003e\u003c/a\u003e\n \u003ca href=\"https://pypistats.org/packages/prowler\"\u003e\u003cimg alt=\"PyPI Prowler Downloads\" src=\"https://img.shields.io/pypi/dw/prowler.svg?label=prowler%20downloads\"\u003e\u003c/a\u003e\n \u003ca href=\"https://hub.docker.com/r/toniblyx/prowler\"\u003e\u003cimg alt=\"Docker Pulls\" src=\"https://img.shields.io/docker/pulls/toniblyx/prowler\"\u003e\u003c/a\u003e\n \u003ca href=\"https://hub.docker.com/r/toniblyx/prowler\"\u003e\u003cimg alt=\"Docker\" src=\"https://img.shields.io/docker/cloud/build/toniblyx/prowler\"\u003e\u003c/a\u003e\n \u003ca href=\"https://hub.docker.com/r/toniblyx/prowler\"\u003e\u003cimg alt=\"Docker\" src=\"https://img.shields.io/docker/image-size/toniblyx/prowler\"\u003e\u003c/a\u003e\n \u003ca href=\"https://gallery.ecr.aws/prowler-cloud/prowler\"\u003e\u003cimg width=\"120\" height=19\" alt=\"AWS ECR Gallery\" src=\"https://user-images.githubusercontent.com/3985464/151531396-b6535a68-c907-44eb-95a1-a09508178616.png\"\u003e\u003c/a\u003e\n \u003ca href=\"https://codecov.io/gh/prowler-cloud/prowler\"\u003e\u003cimg src=\"https://codecov.io/gh/prowler-cloud/prowler/graph/badge.svg?token=OflBGsdpDl\"/\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/prowler-cloud/prowler\"\u003e\u003cimg alt=\"Repo size\" src=\"https://img.shields.io/github/repo-size/prowler-cloud/prowler\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/prowler-cloud/prowler/issues\"\u003e\u003cimg alt=\"Issues\" src=\"https://img.shields.io/github/issues/prowler-cloud/prowler\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/prowler-cloud/prowler/releases\"\u003e\u003cimg alt=\"Version\" src=\"https://img.shields.io/github/v/release/prowler-cloud/prowler\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/prowler-cloud/prowler/releases\"\u003e\u003cimg alt=\"Version\" src=\"https://img.shields.io/github/release-date/prowler-cloud/prowler\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/prowler-cloud/prowler\"\u003e\u003cimg alt=\"Contributors\" src=\"https://img.shields.io/github/contributors-anon/prowler-cloud/prowler\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/prowler-cloud/prowler\"\u003e\u003cimg alt=\"License\" src=\"https://img.shields.io/github/license/prowler-cloud/prowler\"\u003e\u003c/a\u003e\n \u003ca href=\"https://twitter.com/ToniBlyx\"\u003e\u003cimg alt=\"Twitter\" src=\"https://img.shields.io/twitter/follow/toniblyx?style=social\"\u003e\u003c/a\u003e\n \u003ca href=\"https://twitter.com/prowlercloud\"\u003e\u003cimg alt=\"Twitter\" src=\"https://img.shields.io/twitter/follow/prowlercloud?style=social\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003chr\u003e\n\u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" src=\"/docs/img/prowler-cli-quick.gif\" width=\"100%\" height=\"100%\"\u003e\n\u003c/p\u003e\n\n# Description\n\n**Prowler** is an open-source security tool designed to assess and enforce security best practices across AWS, Azure, Google Cloud, and Kubernetes. It supports tasks such as security audits, incident response, continuous monitoring, system hardening, forensic readiness, and remediation processes.\n\nProwler includes hundreds of built-in controls to ensure compliance with standards and frameworks, including:\n\n- **Industry Standards:** CIS, NIST 800, NIST CSF, and CISA\n- **Regulatory Compliance and Governance:** RBI, FedRAMP, and PCI-DSS\n- **Frameworks for Sensitive Data and Privacy:** GDPR, HIPAA, and FFIEC\n- **Frameworks for Organizational Governance and Quality Control:** SOC2 and GXP\n- **AWS-Specific Frameworks:** AWS Foundational Technical Review (FTR) and AWS Well-Architected Framework (Security Pillar)\n- **National Security Standards:** ENS (Spanish National Security Scheme)\n- **Custom Security Frameworks:** Tailored to your needs\n\n## Prowler CLI and Prowler Cloud\n\nProwler offers a Command Line Interface (CLI), known as Prowler Open Source, and an additional service built on top of it, called \u003ca href=\"https://prowler.com\"\u003eProwler Cloud\u003c/a\u003e.\n\n## Prowler App\n\nProwler App is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.\n\n![Prowler App](docs/img/overview.png)\n\n\u003eFor more details, refer to the [Prowler App Documentation](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-app-installation)\n\n## Prowler CLI\n\n```console\nprowler \u003cprovider\u003e\n```\n![Prowler CLI Execution](docs/img/short-display.png)\n\n\n## Prowler Dashboard\n\n```console\nprowler dashboard\n```\n![Prowler Dashboard](docs/img/dashboard.png)\n\n# Prowler at a Glance\n\n| Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |\n|---|---|---|---|---|\n| AWS | 564 | 82 | 33 | 10 |\n| GCP | 79 | 13 | 7 | 3 |\n| Azure | 140 | 18 | 8 | 3 |\n| Kubernetes | 83 | 7 | 4 | 7 |\n| M365 | 44 | 2 | 2 | 0 |\n| NHN (Unofficial) | 6 | 2 | 1 | 0 |\n\n\u003e Use the following commands to list Prowler's available checks, services, compliance frameworks, and categories: `prowler \u003cprovider\u003e --list-checks`, `prowler \u003cprovider\u003e --list-services`, `prowler \u003cprovider\u003e --list-compliance` and `prowler \u003cprovider\u003e --list-categories`.\n\n# πŸ’» Installation\n\n## Prowler App\n\nInstalling Prowler App\nProwler App offers flexible installation methods tailored to various environments:\n\n\u003e For detailed instructions on using Prowler App, refer to the [Prowler App Usage Guide](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/prowler-app/).\n\n### Docker Compose\n\n**Requirements**\n\n* `Docker Compose` installed: https://docs.docker.com/compose/install/.\n\n**Commands**\n\n``` console\ncurl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/docker-compose.yml\ncurl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/.env\ndocker compose up -d\n```\n\n\u003e Containers are built for `linux/amd64`.\n\n### Configuring Your Workstation for Prowler App\n\nIf your workstation's architecture is incompatible, you can resolve this by:\n\n- **Setting the environment variable**: `DOCKER_DEFAULT_PLATFORM=linux/amd64`\n- **Using the following flag in your Docker command**: `--platform linux/amd64`\n\n\u003e Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.\n\n### From GitHub\n\n**Requirements**\n\n* `git` installed.\n* `poetry` v2 installed: [poetry installation](https://python-poetry.org/docs/#installation).\n* `npm` installed: [npm installation](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm).\n* `Docker Compose` installed: https://docs.docker.com/compose/install/.\n\n**Commands to run the API**\n\n``` console\ngit clone https://github.com/prowler-cloud/prowler\ncd prowler/api\npoetry install\neval $(poetry env activate)\nset -a\nsource .env\ndocker compose up postgres valkey -d\ncd src/backend\npython manage.py migrate --database admin\ngunicorn -c config/guniconf.py config.wsgi:application\n```\n\u003e [!IMPORTANT]\n\u003e As of Poetry v2.0.0, the `poetry shell` command has been deprecated. Use `poetry env activate` instead for environment activation.\n\u003e\n\u003e If your Poetry version is below v2.0.0, continue using `poetry shell` to activate your environment.\n\u003e For further guidance, refer to the Poetry Environment Activation Guide https://python-poetry.org/docs/managing-environments/#activating-the-environment.\n\n\u003e After completing the setup, access the API documentation at http://localhost:8080/api/v1/docs.\n\n**Commands to run the API Worker**\n\n``` console\ngit clone https://github.com/prowler-cloud/prowler\ncd prowler/api\npoetry install\neval $(poetry env activate)\nset -a\nsource .env\ncd src/backend\npython -m celery -A config.celery worker -l info -E\n```\n\n**Commands to run the API Scheduler**\n\n``` console\ngit clone https://github.com/prowler-cloud/prowler\ncd prowler/api\npoetry install\neval $(poetry env activate)\nset -a\nsource .env\ncd src/backend\npython -m celery -A config.celery beat -l info --scheduler django_celery_beat.schedulers:DatabaseScheduler\n```\n\n**Commands to run the UI**\n\n``` console\ngit clone https://github.com/prowler-cloud/prowler\ncd prowler/ui\nnpm install\nnpm run build\nnpm start\n```\n\n\u003e Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.\n\n## Prowler CLI\n### Pip package\nProwler CLI is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/). Consequently, it can be installed using pip with Python \u003e3.9.1, \u003c3.13:\n\n```console\npip install prowler\nprowler -v\n```\n\u003eFor further guidance, refer to [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-cli-installation)\n\n### Containers\n\n**Available Versions of Prowler CLI**\n\nThe following versions of Prowler CLI are available, depending on your requirements:\n\n- `latest`: Synchronizes with the `master` branch. Note that this version is not stable.\n- `v4-latest`: Synchronizes with the `v4` branch. Note that this version is not stable.\n- `v3-latest`: Synchronizes with the `v3` branch. Note that this version is not stable.\n- `\u003cx.y.z\u003e` (release): Stable releases corresponding to specific versions. You can find the complete list of releases [here](https://github.com/prowler-cloud/prowler/releases).\n- `stable`: Always points to the latest release.\n- `v4-stable`: Always points to the latest release for v4.\n- `v3-stable`: Always points to the latest release for v3.\n\nThe container images are available here:\n- Prowler CLI:\n - [DockerHub](https://hub.docker.com/r/toniblyx/prowler/tags)\n - [AWS Public ECR](https://gallery.ecr.aws/prowler-cloud/prowler)\n- Prowler App:\n - [DockerHub - Prowler UI](https://hub.docker.com/r/prowlercloud/prowler-ui/tags)\n - [DockerHub - Prowler API](https://hub.docker.com/r/prowlercloud/prowler-api/tags)\n\n### From GitHub\n\nPython \u003e3.9.1, \u003c3.13 is required with pip and Poetry:\n\n``` console\ngit clone https://github.com/prowler-cloud/prowler\ncd prowler\neval $(poetry env activate)\npoetry install\npython prowler-cli.py -v\n```\n\u003e [!IMPORTANT]\n\u003e To clone Prowler on Windows, configure Git to support long file paths by running the following command: `git config core.longpaths true`.\n\n\u003e [!IMPORTANT]\n\u003e As of Poetry v2.0.0, the `poetry shell` command has been deprecated. Use `poetry env activate` instead for environment activation.\n\u003e\n\u003e If your Poetry version is below v2.0.0, continue using `poetry shell` to activate your environment.\n\u003e For further guidance, refer to the Poetry Environment Activation Guide https://python-poetry.org/docs/managing-environments/#activating-the-environment.\n\n# ✏️ High level architecture\n\n## Prowler App\n**Prowler App** is composed of three key components:\n\n- **Prowler UI**: A web-based interface, built with Next.js, providing a user-friendly experience for executing Prowler scans and visualizing results.\n- **Prowler API**: A backend service, developed with Django REST Framework, responsible for running Prowler scans and storing the generated results.\n- **Prowler SDK**: A Python SDK designed to extend the functionality of the Prowler CLI for advanced capabilities.\n\n![Prowler App Architecture](docs/img/prowler-app-architecture.png)\n\n## Prowler CLI\n\n**Running Prowler**\n\nProwler can be executed across various environments, offering flexibility to meet your needs. It can be run from:\n\n- Your own workstation\n\n- A Kubernetes Job\n\n- Google Compute Engine\n\n- Azure Virtual Machines (VMs)\n\n- Amazon EC2 instances\n\n- AWS Fargate or other container platforms\n\n- CloudShell\n\nAnd many more environments.\n\n![Architecture](docs/img/architecture.png)\n\n# Deprecations from v3\n\n## General\n- `Allowlist` now is called `Mutelist`.\n- The `--quiet` option has been deprecated. Use the `--status` flag to filter findings based on their status: PASS, FAIL, or MANUAL.\n- All findings with an `INFO` status have been reclassified as `MANUAL`.\n- The CSV output format is standardized across all providers.\n\n**Deprecated Output Formats**\n\nThe following formats are now deprecated:\n- Native JSON has been replaced with JSON in [OCSF] v1.1.0 format, which is standardized across all providers (https://schema.ocsf.io/).\n\n## AWS\n\n**AWS Flag Deprecation**\n\nThe flag --sts-endpoint-region has been deprecated due to the adoption of AWS STS regional tokens.\n\n**Sending FAIL Results to AWS Security Hub**\n\n- To send only FAILS to AWS Security Hub, use one of the following options: `--send-sh-only-fails` or `--security-hub --status FAIL`.\n\n\n# πŸ“– Documentation\n\n**Documentation Resources**\n\nFor installation instructions, usage details, tutorials, and the Developer Guide, visit https://docs.prowler.com/\n\n# πŸ“ƒ License\n\n**Prowler License Information**\n\nProwler is licensed under the Apache License 2.0, as indicated in each file within the repository. Obtaining a Copy of the License\n\nA copy of the License is available at \u003chttp://www.apache.org/licenses/LICENSE-2.0\u003e\n","funding_links":[],"categories":["Tools","Security Scanners","Python","Vendor Questionnaires","Projects","Infrastructure Security","Uncategorized","Cloud asset inventory","ζ‰«ζε™¨γ€θ΅„δΊ§ζ”Άι›†γ€ε­εŸŸε","ζ–‡η« ","2. [↑](#-content) Pentesting","Cloud and Backend Security","azure","☸️ Phase 5: CD \u0026 Infrastructure (Cloud/K8s)","security-tools","Policy as Code","Tools \u0026 Platforms","Multi-Cloud Security","Cloud Security"],"sub_categories":["AWS","Prowler","Cloud/Compliance Tools","Automated Security Assessment","Cloud Security Posture Management","Uncategorized","Threat modelling","η½‘η»œζœεŠ‘_ε…Άδ»–","[↑](#-content) 2.10 Reconnaissance","AWS IoT Security","Compliance Tools","Enumeration","Open Source Platforms","CNAPP Tools","Runtime Security"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprowler-cloud%2Fprowler","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprowler-cloud%2Fprowler","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprowler-cloud%2Fprowler/lists"}