Security News
PyPI’s New Archival Feature Closes a Major Security Gap
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
By Sarah Gooding - Jan 30, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
prowler
Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
- 5.2.1
- PyPI
- Maintainers
- 1
Prowler Open Source is as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
Learn more at prowler.com
Description
Prowler is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call Prowler Cloud.
Prowler App
Prowler App is a web application that allows you to run Prowler in your cloud provider accounts and visualize the results in a user-friendly interface.
More details at Prowler App Documentation
Prowler CLI
prowler <provider>
Prowler Dashboard
prowler dashboard
It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
| Provider | Checks | Services | Compliance Frameworks | Categories |
|---|---|---|---|---|
| AWS | 561 | 81 -> prowler aws --list-services | 30 -> prowler aws --list-compliance | 9 -> prowler aws --list-categories |
| GCP | 77 | 13 -> prowler gcp --list-services | 4 -> prowler gcp --list-compliance | 2 -> prowler gcp --list-categories |
| Azure | 139 | 18 -> prowler azure --list-services | 5 -> prowler azure --list-compliance | 2 -> prowler azure --list-categories |
| Kubernetes | 83 | 7 -> prowler kubernetes --list-services | 2 -> prowler kubernetes --list-compliance | 7 -> prowler kubernetes --list-categories |
💻 Installation
Prowler App
Prowler App can be installed in different ways, depending on your environment:
See how to use Prowler App in the Prowler App Usage Guide.
Docker Compose
Requirements
Docker Composeinstalled: https://docs.docker.com/compose/install/.
Commands
curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/docker-compose.yml
curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/.env
docker compose up -d
Containers are built for
linux/amd64. If your workstation's architecture is different, please setDOCKER_DEFAULT_PLATFORM=linux/amd64in your environment or use the--platform linux/amd64flag in the docker command. Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.
From GitHub
Requirements
gitinstalled.poetryinstalled: poetry installation.npminstalled: npm installation.Docker Composeinstalled: https://docs.docker.com/compose/install/.
Commands to run the API
git clone https://github.com/prowler-cloud/prowler
cd prowler/api
poetry install
poetry shell
set -a
source .env
docker compose up postgres valkey -d
cd src/backend
python manage.py migrate --database admin
gunicorn -c config/guniconf.py config.wsgi:application
Now, you can access the API documentation at http://localhost:8080/api/v1/docs.
Commands to run the API Worker
git clone https://github.com/prowler-cloud/prowler
cd prowler/api
poetry install
poetry shell
set -a
source .env
cd src/backend
python -m celery -A config.celery worker -l info -E
Commands to run the API Scheduler
git clone https://github.com/prowler-cloud/prowler
cd prowler/api
poetry install
poetry shell
set -a
source .env
cd src/backend
python -m celery -A config.celery beat -l info --scheduler django_celery_beat.schedulers:DatabaseScheduler
Commands to run the UI
git clone https://github.com/prowler-cloud/prowler
cd prowler/ui
npm install
npm run build
npm start
Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.
Prowler CLI
Pip package
Prowler CLI is available as a project in PyPI, thus can be installed using pip with Python >= 3.9, < 3.13:
pip install prowler
prowler -v
More details at https://docs.prowler.com
Containers
The available versions of Prowler CLI are the following:
latest: in sync withmasterbranch (bear in mind that it is not a stable version)v4-latest: in sync withv4branch (bear in mind that it is not a stable version)v3-latest: in sync withv3branch (bear in mind that it is not a stable version)<x.y.z>(release): you can find the releases here, those are stable releases.stable: this tag always point to the latest release.v4-stable: this tag always point to the latest release for v4.v3-stable: this tag always point to the latest release for v3.
The container images are available here:
- Prowler CLI:
- Prowler App:
From GitHub
Python >= 3.9, < 3.13 is required with pip and poetry:
git clone https://github.com/prowler-cloud/prowler
cd prowler
poetry shell
poetry install
python prowler.py -v
If you want to clone Prowler from Windows, use
git config core.longpaths trueto allow long file paths.
📐✏️ High level architecture
Prowler App
The Prowler App consists of three main components:
- Prowler UI: A user-friendly web interface for running Prowler and viewing results, powered by Next.js.
- Prowler API: The backend API that executes Prowler scans and stores the results, built with Django REST Framework.
- Prowler SDK: A Python SDK that integrates with the Prowler CLI for advanced functionality.
Prowler CLI
You can run Prowler from your workstation, a Kubernetes Job, a Google Compute Engine, an Azure VM, an EC2 instance, Fargate or any other container, CloudShell and many more.
Deprecations from v3
General
Allowlistnow is calledMutelist.- The
--quietoption has been deprecated, now use the--statusflag to select the finding's status you want to get from PASS, FAIL or MANUAL. - All
INFOfinding's status has changed toMANUAL. - The CSV output format is common for all the providers.
We have deprecated some of our outputs formats:
- The native JSON is replaced for the JSON OCSF v1.1.0, common for all the providers.
AWS
- Deprecate the AWS flag --sts-endpoint-region since we use AWS STS regional tokens.
- To send only FAILS to AWS Security Hub, now use either
--send-sh-only-failsor--security-hub --status FAIL.
📖 Documentation
Install, Usage, Tutorials and Developer Guide is at https://docs.prowler.com/
📃 License
Prowler is licensed as Apache License 2.0 as specified in each file. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
FAQs
Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
We found that prowler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
North Korean APT Lazarus Targets Developers with Malicious npm Package
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.
By Kirill Boychenko, Peter van der Zee - Jan 29, 2025
Security News
CISA Brings KEV Data to GitHub
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
By Sarah Gooding - Jan 29, 2025