Screenshot at

Sign up for Prowler Updates

Please enable JavaScript in your browser to complete this form.
Laura Franzese headshot
Laura Franzese // April 24, 2025

Prowler Wins DefectDojo’s Best Infrastructure Security Tool for Open-Source Cybersecurity

We’re honored to share that Prowler has been named as one of the Best Infrastructure Security Tools in the inaugural DefectDojo Open-Source Security Awards.

This recognition means a lot—not just because of what it says about the work we’ve done, but because of who it’s coming from. Their platform powers DevSecOps workflows for teams around the world, and they know firsthand what makes a security tool both useful and sustainable.

In their words, the awards highlight open-source tools that are “accurate, robust, and low-noise”—qualities that we aim for with every release.

Why this matters

Prowler started as a CLI tool for AWS audits. Today, it’s grown into a multi-cloud security platform that supports AWS, Azure, GCP, and Kubernetes. We’ve stayed open from the beginning—not just in source code, but in approach. We believe that security tools should be explainable, flexible, and built in the open, because transparency builds trust. And trust is the foundation of security.

This award reflects the reality of more than 11 million downloads across the world who’ve helped make Prowler what it is: a reliable, adaptable, open-source foundation for cloud security. We’re grateful to our community, our users, and the teams who test, file issues, build integrations, and help shape every release.

A few words from Toni

“Security doesn’t belong behind closed doors. We started Prowler to make cloud security open, accessible, and adaptable to real-world complexity. This recognition from DefectDojo is a reflection of the community that’s built around Prowler. We’re proud to be part of the movement shaping the future of open-source cybersecurity.”
— Toni de la Fuente, founder and CEO, Prowler

Security shouldn’t be a black box. With Prowler, we’re aiming for something better: clear, usable, and community-driven cloud security.

We’re thankful to DefectDojo for this recognition—and we’re just getting started.

What’s next

Join us next week at RSAC! We’ll be in the Expo all week at Moscone South, booth 642 in the Spanish Pavilion. Stop by to meet the team, preview some sweet new features, and pick up exclusive RSAC swag!

🔗 Learn more about the DefectDojo Awards
🔍 Explore Prowler on GitHub
🚀 Get started with Prowler Cloud

Recent Articles

Screenshot at
September 11, 2025

Introducing Prowler’s GitHub Provider: Secure Your Repositories at Scale 

Recently we have seen a rise of incidents related to supply chain attacks, and specifically with the security of the development pipelines: tj-actions, reviewdog/action-setup, Amazon Q Developer, nx and others....

Screenshot at
September 5, 2025

Automate Multi-Cloud Security at Scale: Bulk Provider Provisioning in Prowler

Managing cloud security across dozens or even hundreds of cloud accounts is a challenge, especially when you have to do it for multiple cloud providers. Manually onboarding each account is...

py iam expand
August 21, 2025

Unmasking Hidden Dangers: How Prowler Now Detects Obfuscated IAM Policies

It all started with a fascinating blog post from the team at Permiso introducing their "Sky Scalpel" tool. Their research highlighted a clever technique for hiding dangerous permissions within AWS...