.avif)
.avif)
What's New
·
November 6, 2025
This is some text inside of a div block.
In our previous blog, “Prowler MCP: From Security Questions to Finding Remediation”, we showed how with the help from our MCP, you could link findings in your AWS accounts to your terraform code. Now we're taking it one step further: catching those issues before they reach production.
Everyone knows this: the sooner we detect the issues in the SDLC (Software Development Life Cycle) the cheaper it is to solve them. Fixing a misconfigured S3 bucket in your Terraform file takes minutes. Fixing it in production after it's been exploited? That's a different story.
In version 5.8.0 we launched support for Infrastructure as Code scans in our CLI, and in version 5.14.0 we added support for it in Prowler Cloud.
Now you can get your IaC findings in the same format you get your runtime findings, all in one place.
Under the hood we’re using Trivy, supporting popular Infrastructure as Code files, such as: Docker, Kubernetes, Terraform, CloudFormation, and more.
Watch it in action!
Here’s a walkthrough running an IaC scan from Prowler Cloud:
As you can see, you can scan public and private repositories and get the result as you would do with any other Prowler provider. And the findings link you exactly to the file and line that contains the issue.
Get Started with IaC Scanning
Whether you're looking to catch misconfigurations earlier in your development cycle or consolidate your security findings across runtime and code, IaC scanning in Prowler Cloud gives you visibility into potential issues before they become production problems.
Ready to try it out? Check out our documentation to get started, or head to Prowler Cloud to run your first IaC scan today.
Subscribe for updates
Stay updated with the latest news, articles and update directly into your box
