Delve
AI-native compliance automation with agent-based evidence collection
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Unified cloud security platform for automated compliance across providers
Prowler automates security audits and continuous compliance for AWS, Azure, GCP, Kubernetes and more, offering hundreds of built‑in checks, customizable frameworks, and a web UI for real‑time monitoring.
Security engineers, DevOps teams, and compliance officers who need to assess cloud environments quickly and continuously. Prowler supports AWS, Azure, Google Cloud, Kubernetes, and additional providers, making it suitable for startups to enterprises.
Prowler ships with hundreds of pre‑built checks mapped to standards such as CIS, NIST, PCI‑DSS, GDPR, and industry‑specific frameworks. Users can run audits via a single CLI command or through the web‑based Prowler App, which visualizes results, tracks remediation, and offers real‑time dashboards. Custom frameworks can be defined, and integrations with CI/CD pipelines enable automated compliance as code.
The platform can be launched with Docker Compose for quick local testing or installed from source using Git, Poetry, and npm. Containers are built for linux/amd64, and environment variables allow role assumption and credential mounting. The API and worker components run on standard Python and Gunicorn stacks, while the UI is served on port 3000. Documentation provides step‑by‑step guides for each method.
When teams consider Prowler, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Periodic compliance audit
Run scheduled Prowler scans to generate reports aligned with PCI-DSS and CIS, enabling auditors to demonstrate continuous compliance.
CI/CD security gate
Integrate Prowler CLI into pipelines so builds fail when new security findings exceed defined thresholds.
Incident response hardening
Leverage Prowler’s remediation guidance to quickly identify misconfigurations after a breach and apply recommended fixes.
Multi-cloud visibility dashboard
Use the Prowler App to aggregate findings from AWS, Azure, and GCP into a single real-time dashboard for executive reporting.
Yes, the CLI works independently; use `prowler <provider>` to execute checks directly from the terminal.
Prowler includes CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI‑DSS, GDPR, HIPAA, SOC2, GXP, AWS FTR, AWS Well‑Architected Security Pillar, ENS, among others.
Yes, you can create custom security frameworks and add your own checks to tailor assessments to specific organizational needs.
AWS, GCP, Azure, Kubernetes, GitHub, and Microsoft 365 are listed as stable; other providers are in beta.
Project at a glance
ActiveLast synced 4 days ago
