Prowler — Cloud Security Assessment for AWS, Azure and GCP
Prowler is an open-source security tool that audits your cloud infrastructure against hundreds of compliance checks for AWS, Azure, GCP, and Kubernetes, generating actionable reports.
%20by%20%E2%80%9ELisa%20Wischofsky%E2%80%9D%2C%20licensed%20under%20%E2%80%9ECC0%201.0%E2%80%9D%20(https%3A%2F%2Fcreativecommons.org%2Fpublicdomain%2Fzero%2F1.0%2F)%3C%2Fdc%3Arights%3E%3C%2Frdf%3ADescription%3E%3C%2Frdf%3ARDF%3E%3C%2Fmetadata%3E%3Cmask%20id%3D%22viewboxMask%22%3E%3Crect%20width%3D%22980%22%20height%3D%22980%22%20rx%3D%22490%22%20ry%3D%22490%22%20x%3D%220%22%20y%3D%220%22%20fill%3D%22%23fff%22%20%2F%3E%3C%2Fmask%3E%3Cg%20mask%3D%22url(%23viewboxMask)%22%3E%3Crect%20fill%3D%22url(%23backgroundLinear)%22%20width%3D%22980%22%20height%3D%22980%22%20x%3D%220%22%20y%3D%220%22%20%2F%3E%3Cdefs%3E%3ClinearGradient%20id%3D%22backgroundLinear%22%20gradientTransform%3D%22rotate(145%200.5%200.5)%22%3E%3Cstop%20stop-color%3D%22%23FFD7BA%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%23FEF3E2%22%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Cg%20transform%3D%22translate(10%20-60)%22%3E%3Cpath%20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20d%3D%22M421%20119c11%206%2021%2013%2028%2023%2010%2011%2017%2023%2019%2038%202%2013%200%2027-5%2039%2016-6%2034-9%2051-10%2035-1%2070%205%20102%2017%2026%2010%2049%2025%2066%2048%2011%2013%2017%2029%2021%2046%201%207%202%2015%201%2022l-1%207c0%203%200%207-2%2010-4%2013-15%2023-27%2027-3%201-7%202-10%200-2-1-2-4-3-6l-1-2-9-23-10-34-3-11-10-1a441%20441%200%200%201-21-1c-3%200-5-2-8-4l-9-7-3-2-5%2012c-3%202-6%202-9%201l-17-4c-27-4-54-5-81-3a633%20633%200%200%200-75%208%20615%20615%200%200%200-19-6l1%209%202%2018c-1%204-1%207-3%2010l-7%2014-14%2028c-7%2017-12%2034-16%2052-1%203-2%205-4%206a74%2074%200%200%201-12%202c5%209%205%2019%205%2029-1%2012-2%2026-9%2037%208%2010%2010%2023%2011%2036%200%2018-1%2035-8%2052-2%204-5%209-9%2011h-5l-2-10-1-5c-2-14-9-28-20-38%207%2025%2018%2049%2032%2072%2010%2018%2021%2034%2033%2051l5%208%204%205%2011%2016%202%204%204%206c0%205-5%2010-9%2012-3%200-7-2-10-4l-7-6a67%2067%200%200%201-7-4l-6-3c-6-2-12-1-18%201-7%202-13%206-18%2010h-2c-6%205-11%2011-15%2019-1%202-3%202-4%200-4-3-3-9-2-14%203-7%208-14%2013-20%207-7%2017-11%2026-14-35-34-59-79-74-125a393%20393%200%200%201-20-138v-5c2-21%205-42%2012-63l6-17%204-8c-12-2-24-9-31-19s-10-22-9-34a148%20148%200%200%201%2055-99c15-21%2035-38%2059-49%2019-9%2041-13%2062-10a73%2073%200%200%201%2061%2064l1%208a215%20215%200%200%200%201%205c1-6%202-13%201-19-2-12-8-22-15-32-10-12-20-22-33-30-5-4-12-6-18-8l-6-2%205-2c14-2%2027%202%2038%209Zm136%20108c31%203%2062%2013%2088%2030a111%20111%200%200%201%2044%2051c-8-10-16-20-26-29a196%20196%200%200%200-58-35c-15-7-32-13-48-17Zm-318%2021c-6%2013-12%2028-12%2042%200%2011%206%2022%2015%2028l13%207%203-6a78%2078%200%200%201-19-40c-2-10-1-21%200-31Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M495%20234c28%201%2056%206%2084%2015a201%20201%200%200%201%20100%2065c19%2025%2031%2055%2035%2086a361%20361%200%200%201%202%20101l-5%2034-4%2020c-1%202-1%202-3%202-2-4-2-8-2-12-1-15%201-29%202-44%201-24%203-48%201-72l-6-45c-7-28-20-54-40-75-18-18-40-33-63-43-22-9-44-15-67-19-18-3-36-4-54-4a277%20277%200%200%200-128%2029c-13%209-25%2020-35%2032a276%20276%200%200%200-55%20139c-1%2024%200%2047%208%2070l7%2015%2012%201%201%203c-3%202-7%202-11%203-10%202-20%206-29%2012-7%205-14%2011-18%2019-5%2010-3%2022-1%2033%205%2019%2017%2037%2033%2049%2011%209%2025%2014%2039%2016%2010%202%2020%200%2030-1%205%204%208%2012%2011%2017l18%2027a136%20136%200%200%200%2066%2050c22%209%2045%2014%2068%2019l41%208%2017%205v4h-12a535%20535%200%200%201-67-8%20255%20255%200%200%201-84-33c-11-7-21-16-29-27a214%20214%200%200%201-16%20123c-15%2027-40%2048-70%2057-3%201-7%202-10%201-2%200-2-1-2-3%201-3%204-5%206-6%2012-8%2026-14%2038-23%2013-11%2024-23%2031-38%206-15%2010-32%2012-49%202-13%203-26%202-40l-4-38-18-36-19%204a88%2088%200%200%201-75-38%2093%2093%200%200%201-20-58c0-9%203-18%208-25s12-13%2019-17c5-4%2012-6%2018-8l-9-24c-5-22-5-45-2-67a292%20292%200%200%201%2063-149c9-10%2018-19%2029-26%207-4%2014-5%2020-9%2043-19%2090-25%20137-22Z%22%20fill%3D%22%23000%22%2F%3E%3Cpath%20d%3D%22M475%20243a276%20276%200%200%201%20121%2023c23%2010%2045%2025%2063%2043%2020%2021%2033%2047%2040%2075l6%2045c2%2024%200%2048-1%2072-1%2015-3%2029-2%2044%200%204%200%208%202%2012l-1%2020c-2%205-2%2010-2%2016-2%2024-2%2049-6%2074-1%2012-3%2025-8%2036-3%209-8%2017-15%2024-12%2013-27%2024-43%2033-19%2011-39%2016-58%2024-5%202-10%204-13%208%208%201%2015%200%2023-2-5%2012-6%2024-6%2036%200%205-1%2011%201%2016%203%205%208%209%2013%2012l35%2013c22%208%2043%2018%2065%2027%202%204%205%207%206%2012%206%2011%207%2023%203%2035-5%2013-15%2024-27%2031-16%2011-36%2019-55%2024a494%20494%200%200%201-235-7c-20-7-40-14-58-24-14-8-29-18-40-31-6-8-11-19-12-29a122%20122%200%200%200%2086-107c4-24%204-49%200-73%208%2011%2018%2020%2029%2027l27%2014a331%20331%200%200%200%20124%2027h12v-4l-17-5-41-8c-23-5-46-10-68-19-13-6-27-13-39-21-10-9-19-18-27-29l-18-27c-3-5-6-13-11-17-10%201-20%203-30%201-14-2-28-7-39-16a94%2094%200%200%201-33-49c-2-11-4-23%201-33%204-8%2011-14%2018-19%209-6%2019-10%2029-12%204-1%208-1%2011-3l-1-3-12-1-7-15c-8-23-9-46-7-70a276%20276%200%200%201%2054-139c10-12%2022-23%2035-32a277%20277%200%200%201%20128-30Z%22%20fill%3D%22%23ffffff%22%2F%3E%3Cpath%20d%3D%22M260%20571c4%200%207%200%2011%202%205%201%2011%204%2014%208%202%203%202%207%200%2010-5%206-12%2010-16%2016%206%204%2014%206%2021%209%204%201%208%203%2011%206l1%203-8-2-24-7c-4-1-8-3-9-7-1-3%201-7%203-10l15-13c-4-7-15-8-19-15ZM703%20577l2%203%202%2016a483%20483%200%200%201-2%2089c-2%2011-5%2023-10%2033a198%20198%200%200%201-106%2071c-1%2014-3%2031-2%2047l5%205c8%206%2018%209%2027%2012a451%20451%200%200%201%2068%2028c7%204%2013%209%2018%2015-5%201-10-1-16-2-22-9-43-19-65-27l-35-13c-5-3-10-7-13-12-2-5-1-11-1-16%200-12%201-24%206-36-8%202-15%203-23%202%203-4%208-6%2013-8%2019-8%2039-13%2058-24%2016-9%2031-20%2043-33%207-7%2012-15%2015-24%205-11%207-24%208-36%204-25%204-50%206-74%200-6%200-11%202-16Z%22%20fill%3D%22%23000%22%2F%3E%3Cpath%20d%3D%22M668%20488c8%200%2016%204%2022%2010%202%203%205%208%204%2012%200%203-4%205-4%208-2%208-9%2014-16%2018-4%202-11%202-14-2-3-3-3-8-4-12%200-8%203-17%206-24-4%200-8%202-11%205-11%206-19%2017-24%2028-2%203-3%208-6%2010-1%201-3%201-4-1v-9c4-13%2012-25%2022-34%209-6%2019-9%2029-9ZM444%20498c20-1%2043%202%2060%2013%209%205%2017%2013%2020%2023%202%204%200%207-2%2011-2%203-7%205-11%207-12%203-24%201-36-1-5-1-11-2-14-6-4-5-3-11-1-17%201-7%203-14%209-20h-23c-17%202-33%209-47%2020-2%202-5%204-8%203-5%200-8-5-7-9s4-6%207-8c16-10%2035-14%2053-16Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M494%20368c5%200%209%203%2011%207%208%208%2015%2018%2020%2028%202%205%204%2010%203%2015-1%202-2%204-4%203l-5-6c-4-8-10-15-16-22%200%204%201%2010-1%2013-1%204-4%206-8%206-5%200-10-4-14-7l-13-5c-2%201-4%203-6%202l-11-2-20-2-18%202c3-4%208-6%2013-8%2010-5%2021-5%2032-4%203%201%206-2%2010-1%2010%200%2017%204%2025%2010l-4-19c-1-4%201-9%206-10ZM637%20383c3%201%205%202%205%205%200%204-3%208-5%2013%204-2%207-5%2011-5%203%201%204%203%206%206%205-2%2012-4%2018-2%203%201%204%203%205%205-3%203-6%205-10%206-5%202-11%204-16%204-3%200-5-2-7-3l-10%206c-3%200-6-1-7-4l-1-8-8%2015-4%206c-2%200-3%200-4-2-2-3%201-8%202-11%203-8%208-16%2014-23%203-3%206-7%2011-8Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M609%20602c1%209-4%2016-9%2023-4%203-9%206-15%206s-13-3-19-5c-4-2-8-3-11-6l5-4c9-1%2017%203%2025%204%204%200%207-3%209-6%205-5%209-10%2015-12Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20d%3D%22M622%20659c1-4-5-4-7-4-15%200-30%203-45%207a441%20441%200%200%200-84%2036c-6%203-11%207-15%2013l-2%204%205-1c5-5%2012-8%2018-12%200%207%200%2014%204%2020%203%206%209%2010%2015%2011%209%201%2019-3%2026-9%2011-8%2018-20%2024-32%203-6%203-11%203-17%2016-6%2033-9%2049-12h1c3%200%206-1%208-4Zm-84%2048c6-8%2011-18%2014-29l-27%2010c0%207-4%2014-7%2021l-1-6v-1l2-12-23%2010v1c2%206%204%2014%209%2018%204%205%2010%205%2016%203%207-3%2013-9%2017-15Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M508%20220a271%20271%200%200%201%2097%2024c14%207%2029%2014%2042%2023%208%205%2016%2011%2022%2018l22%2025c-9%204-18%203-27%202-17-2-34-4-51-3l-8-1-7-5-12-8c0%204-1%207-3%2011-2%202-4%203-7%203-4-1-7-3-11-3a470%20470%200%200%200-155%203h-11l-18-6c1%209%204%2018%203%2026-1%204-1%208-3%2011-7%2014-15%2027-21%2042-7%2017-13%2035-17%2053%200%202-1%204-3%205l-12%202c5%209%206%2020%205%2030-1%2012-3%2026-9%2036%207%209%2010%2021%2010%2033%201%2019%200%2037-7%2055-2%204-5%209-10%2011-1%201-4%201-4-1-2-4-2-9-3-13-2-15-9-29-20-40-8-7-17-14-26-19-6-2-11-4-16-8l-6-8c-12-32-16-67-12-101a285%20285%200%200%201%2037-113c10-16%2022-30%2035-43%2010-9%2020-17%2031-23l14-5%2032-11%2019-2h43c23%200%2044-2%2067%200Z%22%20fill%3D%22%23000000%22%2F%3E%3C%2Fg%3E%3Cg%20transform%3D%22translate(10%20-60)%22%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E){kind=small}
Agent 可直接安装
这个资产可安装;Agent 先选择当前运行时、检查安装计划,再运行匹配命令。
npx -y tokrepo@latest install 201d9fd1-3987-11f1-9bc6-00163e2b0d79 --target codex先 dry-run 确认安装计划,再运行此命令。
What it is
Prowler is an open-source security tool that audits your cloud infrastructure against hundreds of compliance checks for AWS, Azure, GCP, and Kubernetes. It generates actionable reports covering CIS benchmarks, SOC2, HIPAA, GDPR, PCI-DSS, and other compliance frameworks. You run it against your cloud account and get a detailed list of security findings with severity ratings and remediation guidance.
Prowler targets security engineers, cloud architects, and compliance teams who need to validate their cloud posture regularly. It automates the manual work of checking security configurations across hundreds of services.
Why it saves time or tokens
Manually checking cloud security configurations across hundreds of services takes days. Prowler scans everything in minutes and produces a structured report. Running it on a schedule catches misconfigurations as they are introduced. For AI-assisted cloud infrastructure, Prowler validates that generated Terraform or CloudFormation configurations meet security baselines before deployment.
How to use
- Install Prowler:
pip install prowler - Configure cloud credentials (AWS CLI, Azure CLI, or GCP service account)
- Run:
prowler awsorprowler azureorprowler gcp
Example
# Scan AWS account with CIS benchmark
prowler aws --compliance cis_2.0_aws
# Scan specific services
prowler aws --services s3 iam ec2
# Generate HTML report
prowler aws --output-formats html
# Scan with severity filter
prowler aws --severity critical high| Framework | Cloud Provider |
|---|---|
| CIS Benchmarks | AWS, Azure, GCP |
| SOC2 | AWS, Azure |
| HIPAA | AWS |
| PCI-DSS | AWS, Azure |
| GDPR | AWS, Azure, GCP |
| Kubernetes | Any K8s cluster |
Related on TokRepo
- AI tools for security — cloud security and compliance tools on TokRepo
- AI tools for devops — infrastructure management tools
Common pitfalls
- Prowler requires read-only access to cloud APIs; the IAM role needs broad permissions that may require security team approval
- Some checks produce false positives in non-standard architectures; review findings before acting on them
- Running Prowler against a large AWS organization with many accounts takes significant time; scope scans to specific services or accounts
常见问题
Prowler supports CIS benchmarks for AWS, Azure, and GCP, plus SOC2, HIPAA, PCI-DSS, GDPR, NIST 800-53, ISO 27001, and more. You select the framework when running Prowler, and it executes only the relevant checks. Custom frameworks can be defined using Prowler's check metadata.
Yes. Prowler runs as a CLI tool that exits with a non-zero code when critical findings are detected. Add it as a pipeline step to block deployments that fail security checks. The JSON output format integrates with security dashboards and ticketing systems.
AWS Security Hub is a managed service that aggregates findings from AWS-native tools. Prowler is an independent, open-source tool that runs its own checks and works across multiple cloud providers. Prowler often finds issues that Security Hub misses and vice versa. They are complementary.
Yes. Prowler supports AWS, Azure, GCP, and Kubernetes in a single tool. You run separate scans for each provider, but the output format and check categorization are consistent. This gives you a unified view of security posture across clouds.
Run Prowler at least weekly on production accounts. For environments with frequent changes, daily scans catch misconfigurations faster. Many teams integrate Prowler into CI/CD to scan infrastructure changes before deployment, in addition to scheduled full-account scans.
引用来源 (3)
- Prowler GitHub— Prowler is an open-source cloud security tool
- Prowler Docs— Prowler supports CIS benchmarks and compliance frameworks
- CIS— CIS benchmarks for cloud security
讨论
相关资产
Cloud Custodian — Cloud Security & Cost Governance Rules Engine
A YAML-based rules engine for managing cloud resources across AWS, Azure, and GCP. Cloud Custodian enforces security policies, optimizes costs, and ensures compliance through automated actions on non-compliant resources.
ScoutSuite — Multi-Cloud Security Auditing Tool
ScoutSuite is an open-source multi-cloud security auditing tool that collects configuration data from AWS, Azure, GCP, and other providers to identify security risks through automated rule-based analysis.
CloudQuery — Sync Cloud Infrastructure to SQL for Security and Compliance
CloudQuery is an open-source ELT framework that extracts configuration data from cloud APIs, SaaS platforms, and databases into PostgreSQL or data lakes for security, compliance, and asset visibility.
Spinnaker — Multi-Cloud Continuous Delivery at Scale
Spinnaker is an open-source multi-cloud continuous delivery platform originally built at Netflix, orchestrating safe, high-velocity production deploys across AWS, GCP, Azure, and Kubernetes.