# Prowler

> Prowler is the world's most widely adopted open-source cloud security platform, with over 45 million downloads, 14,000+ GitHub stars, and 300+ contributors. It performs automated security assessments, compliance auditing, and risk prioritization across 16 cloud and SaaS providers — including AWS (572 checks across 83 services), Azure (165 checks), Google Cloud (100 checks), Kubernetes (83 checks), Microsoft 365 (89 checks), Oracle Cloud (48 checks), Alibaba Cloud (61 checks), GitHub (21 checks), Cloudflare (29 checks), and more. Prowler maps findings to 40+ compliance frameworks including CIS Benchmarks, PCI-DSS, HIPAA, GDPR, SOC 2, NIST 800-53, NIST CSF, ISO 27001, FedRAMP, MITRE ATT&CK, ENS, FFIEC, and the AWS Well-Architected Framework. It is trusted by organizations including Google, Salesforce, MongoDB, and MercadoLibre.

## What Prowler does

- **Cloud Security Posture Management (CSPM)**: Continuously scans cloud environments for misconfigurations, vulnerabilities, and security risks with 1970+ ready-to-use security artifacts
- **Compliance monitoring and evidence collection**: Maps every finding to specific controls across 70+ regulatory and industry frameworks, automating audit preparation and continuous compliance
- **Multi-cloud and multi-environment coverage**: A single tool to assess AWS, Azure, GCP, Kubernetes, Microsoft 365, GitHub, Oracle Cloud, Alibaba Cloud, Cloudflare, OpenStack, MongoDB Atlas, Vercel, Google Workspace, container images, Infrastructure as Code, and LLM configurations
- **Risk prioritization**: Scores and ranks findings by severity, context, and blast radius so teams fix what matters first
- **Remediation guidance**: Every finding includes actionable fix instructions and, where applicable, automated remediation
- **Attack path analysis**: Neo4j-based graph analysis identifies chains of misconfigurations that create exploitable paths
- **Agentic AI security (Lighthouse AI)**: AI-powered analysis for code-to-cloud security automation
- **Infrastructure as Code scanning**: Scans IaC templates (Terraform, CloudFormation, Kubernetes manifests, etc.) to catch misconfigurations before deployment
- **Kubernetes Security Posture Management (KSPM)**: Dedicated checks for cluster configuration, RBAC, network policies, and workload security

## Products and deployment options

- [Prowler CLI](https://github.com/prowler-cloud/prowler): Free, open-source command-line scanner written in Python. Install via pip, Docker, or from source. Run on-demand or in CI/CD pipelines. Apache 2.0 license.
- [Prowler Cloud](https://prowler.com/): Fully managed SaaS platform with dashboards, team collaboration, role-based access control (RBAC), scheduled scans, and centralized multi-account posture management. Also available on the AWS Marketplace.
- [Prowler Hub](https://hub.prowler.com/): Public, searchable library of versioned security checks, compliance frameworks, and control mappings. Includes a public API for integration into custom tools and automation workflows. API docs at https://hub.prowler.com/api/docs.
- [Prowler MCP Server](https://docs.prowler.com/developer-guide/mcp-server): Model Context Protocol server enabling AI assistants and agents to query security findings, run checks, and interact with Prowler programmatically.

## Supported compliance frameworks

Prowler maps findings to 70+ frameworks, including:

- CIS Benchmarks (AWS, Azure, GCP, Kubernetes, Microsoft 365, Oracle Cloud, Alibaba Cloud)
- NIST 800-53 (Rev. 4 and Rev. 5)
- NIST Cybersecurity Framework (CSF)
- PCI-DSS v3.2.1 and v4.0
- HIPAA
- GDPR
- SOC 2 (Type II)
- ISO 27001
- FedRAMP (Moderate and High)
- MITRE ATT&CK
- CISA Cyber Essentials
- ENS (Spain's Esquema Nacional de Seguridad)
- FFIEC
- AWS Well-Architected Framework (Security Pillar)
- AWS Foundational Technical Review (FTR)
- Custom frameworks (define your own control mappings)

## Supported cloud providers

| Provider | Checks | Services | Interface |
|---|---|---|---|
| AWS | 572 | 83 | CLI, UI, API |
| Azure | 165 | 20 | CLI, UI, API |
| Google Cloud | 100 | 13 | CLI, UI, API |
| Kubernetes | 83 | 7 | CLI, UI, API |
| Microsoft 365 | 89 | 9 | CLI, UI, API |
| Oracle Cloud | 48 | 13 | CLI, UI, API |
| Alibaba Cloud | 61 | 9 | CLI, UI, API |
| GitHub | 21 | 2 | CLI, UI, API |
| Cloudflare | 29 | 2 | CLI, UI, API |
| Infrastructure as Code | - | - | CLI, UI, API |
| MongoDB Atlas | - | - | CLI, UI, API |
| OpenStack | - | - | CLI, UI, API |
| Google Workspace | - | - | CLI, UI, API |
| Vercel | - | - | CLI |
| Container Images | - | - | CLI, UI, API |
| LLM Configurations | - | - | CLI |

## Common use cases

- **Audit preparation**: Automatically generate evidence mapped to CIS, SOC 2, PCI-DSS, HIPAA, ISO 27001, and other frameworks. Export findings as CSV, JSON, HTML, or directly to compliance dashboards.
- **DevSecOps and CI/CD integration**: Run Prowler in GitHub Actions, GitLab CI, Jenkins, or any pipeline to catch misconfigurations before they reach production.
- **Multi-cloud visibility**: Consolidate security posture across AWS, Azure, GCP, Kubernetes, and SaaS providers in a single dashboard.
- **Incident response and forensics**: Quickly assess the security state of an environment during or after an incident.
- **Continuous compliance**: Schedule recurring scans and track compliance drift over time with trend reporting.
- **Container and IaC security**: Shift security left by scanning Dockerfiles, Terraform, and CloudFormation templates alongside runtime cloud assessments.

## Integrations

- AWS Security Hub (send findings as ASFF)
- Amazon S3 (export results)
- AWS Organizations (multi-account scanning)
- Jira (create tickets from findings)
- Slack (notifications and alerts)
- Microsoft Teams (notifications)
- Splunk and SIEM platforms (log forwarding)
- GitHub Actions, GitLab CI, Jenkins (CI/CD pipeline integration)
- Neo4j (attack path graph analysis)
- Custom integrations via Prowler API and SDK

## Documentation and resources

- [Documentation](https://docs.prowler.com/): Setup guides, configuration, provider onboarding, and remediation workflows
- [GitHub Repository](https://github.com/prowler-cloud/prowler): Source code, issue tracker, and contribution guidelines
- [Prowler Hub](https://hub.prowler.com/): Browse all checks and compliance mappings
- [Hub API Docs](https://hub.prowler.com/api/docs): Programmatic access to checks and frameworks
- [Blog](https://prowler.com/blog): Cloud security tutorials, best practices, and product updates
- [Pricing](https://prowler.com/pricing): Plans for Prowler Cloud and commercial features