Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/prowler-cloud/prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
https://github.com/prowler-cloud/prowler

aws azure cis-benchmark cloud compliance devsecops forensics gcp gdpr hardening iam multi-cloud python security security-audit security-hardening security-tools well-architected

Last synced: 27 days ago
JSON representation

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

Awesome Lists containing this project

README 

        


  

  





  Prowler SaaS  and Prowler Open Source are as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.





Learn more at prowler.com






Prowler community on Slack

  


  Join our Prowler community!







  Slack Shield

  Python Version

  Python Version

  PyPI Prowler Downloads

  Docker Pulls

  Docker

  Docker

  AWS ECR Gallery

  





  Repo size

  Issues

  Version

  Version

  Contributors

  License

  Twitter

  Twitter







  




# Description



**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call Prowler SaaS.



## Prowler CLI



```console

prowler 

```

![Prowler CLI Execution](docs/img/short-display.png)



## Prowler Dashboard



```console

prowler dashboard

```

![Prowler Dashboard](docs/img/dashboard.png)



It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.



| Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |

|---|---|---|---|---|

| AWS | 457 | 67 -> `prowler aws --list-services` | 30 -> `prowler aws --list-compliance` | 9 -> `prowler aws --list-categories` |

| GCP | 77 | 13 -> `prowler gcp --list-services` | 2 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|

| Azure | 136 | 17 -> `prowler azure --list-services` | 3 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |

| Kubernetes | 83 | 7 -> `prowler kubernetes --list-services` | 1 -> `prowler kubernetes --list-compliance` | 7 -> `prowler kubernetes --list-categories` |



# 💻 Installation



## Pip package

Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python >= 3.9, < 3.13:



```console

pip install prowler

prowler -v

```

>More details at [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/)



## Containers



The available versions of Prowler are the following:



- `latest`: in sync with `master` branch (bear in mind that it is not a stable version)

- `v3-latest`: in sync with `v3` branch (bear in mind that it is not a stable version)

- `` (release): you can find the releases [here](https://github.com/prowler-cloud/prowler/releases), those are stable releases.

- `stable`: this tag always point to the latest release.

- `v3-stable`: this tag always point to the latest release for v3.



The container images are available here:



- [DockerHub](https://hub.docker.com/r/toniblyx/prowler/tags)

- [AWS Public ECR](https://gallery.ecr.aws/prowler-cloud/prowler)



## From GitHub



Python >= 3.9, < 3.13 is required with pip and poetry:



```

git clone https://github.com/prowler-cloud/prowler

cd prowler

poetry shell

poetry install

python prowler.py -v

```

> If you want to clone Prowler from Windows, use `git config core.longpaths true` to allow long file paths.

# 📐✏️ High level architecture



You can run Prowler from your workstation, a Kubernetes Job, a Google Compute Engine, an Azure VM, an EC2 instance, Fargate or any other container, CloudShell and many more.



![Architecture](docs/img/architecture.png)



# Deprecations from v3



## General

- `Allowlist` now is called `Mutelist`.

- The `--quiet` option has been deprecated, now use the `--status` flag to select the finding's status you want to get from PASS, FAIL or MANUAL.

- All `INFO` finding's status has changed to `MANUAL`.

- The CSV output format is common for all the providers.



We have deprecated some of our outputs formats:

- The native JSON is replaced for the JSON [OCSF](https://schema.ocsf.io/) v1.1.0, common for all the providers.



## AWS

- Deprecate the AWS flag --sts-endpoint-region since we use AWS STS regional tokens.

- To send only FAILS to AWS Security Hub, now use either `--send-sh-only-fails` or `--security-hub --status FAIL`.



# 📖 Documentation



Install, Usage, Tutorials and Developer Guide is at https://docs.prowler.com/



# 📃 License



Prowler is licensed as Apache License 2.0 as specified in each file. You may obtain a copy of the License at