base on Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment. <p align="center"> <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-black.png#gh-light-mode-only" width="50%" height="50%"> <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-white.png#gh-dark-mode-only" width="50%" height="50%"> </p> <p align="center"> <b><i>Prowler</b> is the Open Cloud Security platform trusted by thousands to automate security and compliance in any cloud environment. With hundreds of ready-to-use checks and compliance frameworks, Prowler delivers real-time, customizable monitoring and seamless integrations, making cloud security simple, scalable, and cost-effective for organizations of any size. </p> <p align="center"> <b>Secure ANY cloud at AI Speed at <a href="https://prowler.com">prowler.com</i></b> </p> <p align="center"> <a href="https://goto.prowler.com/slack"><img width="30" height="30" alt="Prowler community on Slack" src="https://github.com/prowler-cloud/prowler/assets/38561120/3c8b4ec5-6849-41a5-b5e1-52bbb94af73a"></a> <br> <a href="https://goto.prowler.com/slack">Join our Prowler community!</a> </p> <hr> <p align="center"> <a href="https://goto.prowler.com/slack"><img alt="Slack Shield" src="https://img.shields.io/badge/slack-prowler-brightgreen.svg?logo=slack"></a> <a href="https://pypi.org/project/prowler/"><img alt="Python Version" src="https://img.shields.io/pypi/v/prowler.svg"></a> <a href="https://pypi.python.org/pypi/prowler/"><img alt="Python Version" src="https://img.shields.io/pypi/pyversions/prowler.svg"></a> <a href="https://pypistats.org/packages/prowler"><img alt="PyPI Downloads" src="https://img.shields.io/pypi/dw/prowler.svg?label=downloads"></a> <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/toniblyx/prowler"></a> <a href="https://gallery.ecr.aws/prowler-cloud/prowler"><img width="120" height=19" alt="AWS ECR Gallery" src="https://user-images.githubusercontent.com/3985464/151531396-b6535a68-c907-44eb-95a1-a09508178616.png"></a> <a href="https://codecov.io/gh/prowler-cloud/prowler"><img src="https://codecov.io/gh/prowler-cloud/prowler/graph/badge.svg?token=OflBGsdpDl"/></a> <a href="https://insights.linuxfoundation.org/project/prowler-cloud-prowler"><img src="https://insights.linuxfoundation.org/api/badge/health-score?project=prowler-cloud-prowler"/></a> </p> <p align="center"> <a href="https://github.com/prowler-cloud/prowler/releases"><img alt="Version" src="https://img.shields.io/github/v/release/prowler-cloud/prowler"></a> <a href="https://github.com/prowler-cloud/prowler/releases"><img alt="Version" src="https://img.shields.io/github/release-date/prowler-cloud/prowler"></a> <a href="https://github.com/prowler-cloud/prowler"><img alt="Contributors" src="https://img.shields.io/github/contributors-anon/prowler-cloud/prowler"></a> <a href="https://github.com/prowler-cloud/prowler/issues"><img alt="Issues" src="https://img.shields.io/github/issues/prowler-cloud/prowler"></a> <a href="https://github.com/prowler-cloud/prowler"><img alt="License" src="https://img.shields.io/github/license/prowler-cloud/prowler"></a> <a href="https://twitter.com/ToniBlyx"><img alt="Twitter" src="https://img.shields.io/twitter/follow/toniblyx?style=social"></a> <a href="https://twitter.com/prowlercloud"><img alt="Twitter" src="https://img.shields.io/twitter/follow/prowlercloud?style=social"></a> </p> <hr> <p align="center"> <img align="center" src="/docs/img/prowler-cloud.gif" width="100%" height="100%"> </p> # Description **Prowler** is the world’s most widely used _open-source cloud security platform_ that automates security and compliance across **any cloud environment**. With hundreds of ready-to-use security checks, remediation guidance, and compliance frameworks, Prowler is built to _“Secure ANY cloud at AI Speed”_. Prowler delivers **AI-driven**, **customizable**, and **easy-to-use** assessments, dashboards, reports, and integrations, making cloud security **simple**, **scalable**, and **cost-effective** for organizations of any size. Prowler includes hundreds of built-in controls to ensure compliance with standards and frameworks, including: - **Prowler ThreatScore:** Weighted risk prioritization scoring that helps you focus on the most critical security findings first - **Industry Standards:** CIS, NIST 800, NIST CSF, CISA, and MITRE ATT&CK - **Regulatory Compliance and Governance:** RBI, FedRAMP, PCI-DSS, and NIS2 - **Frameworks for Sensitive Data and Privacy:** GDPR, HIPAA, and FFIEC - **Frameworks for Organizational Governance and Quality Control:** SOC2, GXP, and ISO 27001 - **Cloud-Specific Frameworks:** AWS Foundational Technical Review (FTR), AWS Well-Architected Framework, and BSI C5 - **National Security Standards:** ENS (Spanish National Security Scheme) and KISA ISMS-P (Korean) - **Custom Security Frameworks:** Tailored to your needs ## Prowler App / Prowler Cloud Prowler App / [Prowler Cloud](https://cloud.prowler.com/) is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.    >For more details, refer to the [Prowler App Documentation](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-app-installation) ## Prowler CLI ```console prowler <provider> ```  ## Prowler Dashboard ```console prowler dashboard ```  ## Attack Paths Attack Paths automatically extends every completed AWS scan with a Neo4j graph that combines Cartography's cloud inventory with Prowler findings. The feature runs in the API worker after each scan and therefore requires: - An accessible Neo4j instance (the Docker Compose files already ships a `neo4j` service). - The following environment variables so Django and Celery can connect: | Variable | Description | Default | | --- | --- | --- | | `NEO4J_HOST` | Hostname used by the API containers. | `neo4j` | | `NEO4J_PORT` | Bolt port exposed by Neo4j. | `7687` | | `NEO4J_USER` / `NEO4J_PASSWORD` | Credentials with rights to create per-tenant databases. | `neo4j` / `neo4j_password` | Every AWS provider scan will enqueue an Attack Paths ingestion job automatically. Other cloud providers will be added in future iterations. # Prowler at a Glance > [!Tip] > For the most accurate and up-to-date information about checks, services, frameworks, and categories, visit [**Prowler Hub**](https://hub.prowler.com). | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) | Support | Interface | |---|---|---|---|---|---|---| | AWS | 572 | 83 | 41 | 17 | Official | UI, API, CLI | | Azure | 165 | 20 | 18 | 13 | Official | UI, API, CLI | | GCP | 100 | 13 | 15 | 11 | Official | UI, API, CLI | | Kubernetes | 83 | 7 | 7 | 9 | Official | UI, API, CLI | | GitHub | 21 | 2 | 1 | 2 | Official | UI, API, CLI | | M365 | 89 | 9 | 4 | 5 | Official | UI, API, CLI | | OCI | 48 | 13 | 3 | 10 | Official | UI, API, CLI | | Alibaba Cloud | 61 | 9 | 3 | 9 | Official | UI, API, CLI | | Cloudflare | 29 | 2 | 0 | 5 | Official | UI, API, CLI | | IaC | [See `trivy` docs.](https://trivy.dev/latest/docs/coverage/iac/) | N/A | N/A | N/A | Official | UI, API, CLI | | MongoDB Atlas | 10 | 3 | 0 | 8 | Official | UI, API, CLI | | LLM | [See `promptfoo` docs.](https://www.promptfoo.dev/docs/red-team/plugins/) | N/A | N/A | N/A | Official | CLI | | Image | N/A | N/A | N/A | N/A | Official | CLI, API | | Google Workspace | 1 | 1 | 0 | 1 | Official | CLI | | OpenStack | 27 | 4 | 0 | 8 | Official | UI, API, CLI | | NHN | 6 | 2 | 1 | 0 | Unofficial | CLI | > [!Note] > The numbers in the table are updated periodically. > [!Note] > Use the following commands to list Prowler's available checks, services, compliance frameworks, and categories: > - `prowler <provider> --list-checks` > - `prowler <provider> --list-services` > - `prowler <provider> --list-compliance` > - `prowler <provider> --list-categories` # 💻 Installation ## Prowler App Prowler App offers flexible installation methods tailored to various environments: > For detailed instructions on using Prowler App, refer to the [Prowler App Usage Guide](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/prowler-app/). ### Docker Compose **Requirements** * `Docker Compose` installed: https://docs.docker.com/compose/install/. **Commands** ``` console VERSION=$(curl -s https://api.github.com/repos/prowler-cloud/prowler/releases/latest | jq -r .tag_name) curl -sLO "https://raw.githubusercontent.com/prowler-cloud/prowler/refs/tags/${VERSION}/docker-compose.yml" # Environment variables can be customized in the .env file. Using default values in production environments is not recommended. curl -sLO "https://raw.githubusercontent.com/prowler-cloud/prowler/refs/tags/${VERSION}/.env" docker compose up -d ``` > [!WARNING] > 🔒 For a secure setup, the API auto-generates a unique key pair, `DJANGO_TOKEN_SIGNING_KEY` and `DJANGO_TOKEN_VERIFYING_KEY`, and stores it in `~/.config/prowler-api` (non-container) or the bound Docker volume in `_data/api` (container). Never commit or reuse static/default keys. To rotate keys, delete the stored key files and restart the API. Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started. ### Common Issues with Docker Pull Installation > [!Note] If you want to use AWS role assumption (e.g., with the "Connect assuming IAM Role" option), you may need to mount your local `.aws` directory into the container as a volume (e.g., `- "${HOME}/.aws:/home/prowler/.aws:ro"`). There are several ways to configure credentials for Docker containers. See the [Troubleshooting](./docs/troubleshooting.mdx) section for more details and examples. You can find more information in the [Troubleshooting](./docs/troubleshooting.mdx) section. ### From GitHub **Requirements** * `git` installed. * `poetry` v2 installed: [poetry installation](https://python-poetry.org/docs/#installation). * `pnpm` installed: [pnpm installation](https://pnpm.io/installation). * `Docker Compose` installed: https://docs.docker.com/compose/install/. **Commands to run the API** ``` console git clone https://github.com/prowler-cloud/prowler cd prowler/api poetry install eval $(poetry env activate) set -a source .env docker compose up postgres valkey -d cd src/backend python manage.py migrate --database admin gunicorn -c config/guniconf.py config.wsgi:application ``` > [!IMPORTANT] > As of Poetry v2.0.0, the `poetry shell` command has been deprecated. Use `poetry env activate` instead for environment activation. > > If your Poetry version is below v2.0.0, continue using `poetry shell` to activate your environment. > For further guidance, refer to the Poetry Environment Activation Guide https://python-poetry.org/docs/managing-environments/#activating-the-environment. > After completing the setup, access the API documentation at http://localhost:8080/api/v1/docs. **Commands to run the API Worker** ``` console git clone https://github.com/prowler-cloud/prowler cd prowler/api poetry install eval $(poetry env activate) set -a source .env cd src/backend python -m celery -A config.celery worker -l info -E ``` **Commands to run the API Scheduler** ``` console git clone https://github.com/prowler-cloud/prowler cd prowler/api poetry install eval $(poetry env activate) set -a source .env cd src/backend python -m celery -A config.celery beat -l info --scheduler django_celery_beat.schedulers:DatabaseScheduler ``` **Commands to run the UI** ``` console git clone https://github.com/prowler-cloud/prowler cd prowler/ui pnpm install pnpm run build pnpm start ``` > Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started. ## Prowler CLI ### Pip package Prowler CLI is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/). Consequently, it can be installed using pip with Python >3.9.1, <3.13: ```console pip install prowler prowler -v ``` >For further guidance, refer to [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-cli-installation) ### Containers **Available Versions of Prowler CLI** The following versions of Prowler CLI are available, depending on your requirements: - `latest`: Synchronizes with the `master` branch. Note that this version is not stable. - `v4-latest`: Synchronizes with the `v4` branch. Note that this version is not stable. - `v3-latest`: Synchronizes with the `v3` branch. Note that this version is not stable. - `<x.y.z>` (release): Stable releases corresponding to specific versions. You can find the complete list of releases [here](https://github.com/prowler-cloud/prowler/releases). - `stable`: Always points to the latest release. - `v4-stable`: Always points to the latest release for v4. - `v3-stable`: Always points to the latest release for v3. The container images are available here: - Prowler CLI: - [DockerHub](https://hub.docker.com/r/prowlercloud/prowler/tags) - [AWS Public ECR](https://gallery.ecr.aws/prowler-cloud/prowler) - Prowler App: - [DockerHub - Prowler UI](https://hub.docker.com/r/prowlercloud/prowler-ui/tags) - [DockerHub - Prowler API](https://hub.docker.com/r/prowlercloud/prowler-api/tags) ### From GitHub Python >3.9.1, <3.13 is required with pip and Poetry: ``` console git clone https://github.com/prowler-cloud/prowler cd prowler eval $(poetry env activate) poetry install python prowler-cli.py -v ``` > [!IMPORTANT] > To clone Prowler on Windows, configure Git to support long file paths by running the following command: `git config core.longpaths true`. > [!IMPORTANT] > As of Poetry v2.0.0, the `poetry shell` command has been deprecated. Use `poetry env activate` instead for environment activation. > > If your Poetry version is below v2.0.0, continue using `poetry shell` to activate your environment. > For further guidance, refer to the Poetry Environment Activation Guide https://python-poetry.org/docs/managing-environments/#activating-the-environment. # ✏️ High level architecture ## Prowler App **Prowler App** is composed of four key components: - **Prowler UI**: A web-based interface, built with Next.js, providing a user-friendly experience for executing Prowler scans and visualizing results. - **Prowler API**: A backend service, developed with Django REST Framework, responsible for running Prowler scans and storing the generated results. - **Prowler SDK**: A Python SDK designed to extend the functionality of the Prowler CLI for advanced capabilities. - **Prowler MCP Server**: A Model Context Protocol server that provides AI tools for Lighthouse, the AI-powered security assistant. This is a critical dependency for Lighthouse functionality.  ## Prowler CLI **Running Prowler** Prowler can be executed across various environments, offering flexibility to meet your needs. It can be run from: - Your own workstation - A Kubernetes Job - Google Compute Engine - Azure Virtual Machines (VMs) - Amazon EC2 instances - AWS Fargate or other container platforms - CloudShell And many more environments.  # 🤖 AI Skills for Development Prowler includes a comprehensive set of **AI Skills** that help AI coding assistants understand Prowler's codebase patterns and conventions. ## What are AI Skills? Skills are structured instructions that give AI assistants the context they need to write code that follows Prowler's standards. They include: - **Coding patterns** for each component (SDK, API, UI, MCP Server) - **Testing conventions** (pytest, Playwright) - **Architecture guidelines** (Clean Architecture, RLS patterns) - **Framework-specific rules** (React 19, Next.js 15, Django DRF, Tailwind 4) ## Available Skills | Category | Skills | |----------|--------| | **Generic** | `typescript`, `react-19`, `nextjs-15`, `tailwind-4`, `playwright`, `pytest`, `django-drf`, `zod-4`, `zustand-5`, `ai-sdk-5` | | **Prowler** | `prowler`, `prowler-api`, `prowler-ui`, `prowler-mcp`, `prowler-sdk-check`, `prowler-test-ui`, `prowler-test-api`, `prowler-test-sdk`, `prowler-compliance`, `prowler-provider`, `prowler-pr`, `prowler-docs` | ## Setup ```bash ./skills/setup.sh ``` This configures skills for AI coding assistants that follow the [agentskills.io](https://agentskills.io) standard: | Tool | Configuration | |------|---------------| | **Claude Code** | `.claude/skills/` (symlink) | | **OpenCode** | `.claude/skills/` (symlink) | | **Codex (OpenAI)** | `.codex/skills/` (symlink) | | **GitHub Copilot** | `.github/skills/` (symlink) | | **Gemini CLI** | `.gemini/skills/` (symlink) | > **Note:** Restart your AI coding assistant after running setup to load the skills. > Gemini CLI requires `experimental.skills` enabled in settings. # 📖 Documentation For installation instructions, usage details, tutorials, and the Developer Guide, visit https://docs.prowler.com/ # 📃 License Prowler is licensed under the Apache License 2.0. A copy of the License is available at <http://www.apache.org/licenses/LICENSE-2.0> ", Assign "at most 3 tags" to the expected json: {"id":"1316","tags":[]} "only from the tags list I provide: [{"id":39,"name":"3d-generation","display_name":"3D generation","slug":"3d-generation"},{"id":3,"name":"ai-agent","display_name":"AI agent","slug":"ai-agent"},{"id":8,"name":"ai-coding","display_name":"AI coding assistant","slug":"ai-coding"},{"id":5,"name":"ai-image","display_name":"AI image generation","slug":"ai-image"},{"id":9,"name":"ai-infrastructure","display_name":"AI infrastructure","slug":"ai-infrastructure"},{"id":10,"name":"ai-memory","display_name":"AI memory","slug":"ai-memory"},{"id":11,"name":"ai-skills","display_name":"AI skills","slug":"ai-skills"},{"id":12,"name":"ai-translation","display_name":"AI translation","slug":"ai-translation"},{"id":6,"name":"ai-video","display_name":"AI video generation","slug":"ai-video"},{"id":4,"name":"ai-voice","display_name":"AI voice","slug":"ai-voice"},{"id":7,"name":"ai-workflow","display_name":"AI workflow","slug":"ai-workflow"},{"id":22,"name":"audio-processing","display_name":"Audio processing","slug":"audio-processing"},{"id":29,"name":"authentication","display_name":"Authentication","slug":"authentication"},{"id":51,"name":"bundler","display_name":"Bundler","slug":"bundler"},{"id":41,"name":"chatbot","display_name":"Chatbot","slug":"chatbot"},{"id":27,"name":"cloud-native","display_name":"Cloud native","slug":"cloud-native"},{"id":1,"name":"computer-vision","display_name":"Computer vision","slug":"computer-vision"},{"id":37,"name":"crypto-trading","display_name":"Crypto trading","slug":"crypto-trading"},{"id":57,"name":"curated-list","display_name":"Curated list","slug":"curated-list"},{"id":54,"name":"data-streaming","display_name":"Data streaming","slug":"data-streaming"},{"id":35,"name":"data-visualization","display_name":"Data visualization","slug":"data-visualization"},{"id":16,"name":"database-backup","display_name":"Database backup","slug":"database-backup"},{"id":49,"name":"design-system","display_name":"Design system","slug":"design-system"},{"id":38,"name":"digital-human","display_name":"Digital human","slug":"digital-human"},{"id":34,"name":"document-processing","display_name":"Document processing","slug":"document-processing"},{"id":44,"name":"ecommerce","display_name":"E-commerce","slug":"ecommerce"},{"id":45,"name":"emulator","display_name":"Emulator","slug":"emulator"},{"id":46,"name":"file-management","display_name":"File management","slug":"file-management"},{"id":32,"name":"fintech","display_name":"Fintech","slug":"fintech"},{"id":31,"name":"game-development","display_name":"Game development","slug":"game-development"},{"id":24,"name":"headless-browser","display_name":"Headless browser","slug":"headless-browser"},{"id":52,"name":"headless-cms","display_name":"Headless CMS","slug":"headless-cms"},{"id":36,"name":"home-automation","display_name":"Home automation","slug":"home-automation"},{"id":20,"name":"image-editing","display_name":"Image editing","slug":"image-editing"},{"id":28,"name":"iot","display_name":"IoT","slug":"iot"},{"id":13,"name":"local-llm","display_name":"Local LLM","slug":"local-llm"},{"id":17,"name":"mcp","display_name":"MCP","slug":"mcp"},{"id":47,"name":"monitoring","display_name":"Monitoring","slug":"monitoring"},{"id":2,"name":"nlp","display_name":"NLP","slug":"nlp"},{"id":26,"name":"observability","display_name":"Observability","slug":"observability"},{"id":40,"name":"pentesting","display_name":"Pentesting","slug":"pentesting"},{"id":48,"name":"programming-examples","display_name":"Programming examples","slug":"programming-examples"},{"id":42,"name":"proxy","display_name":"Proxy","slug":"proxy"},{"id":14,"name":"rag","display_name":"RAG","slug":"rag"},{"id":56,"name":"resume-building","display_name":"Resume building","slug":"resume-building"},{"id":33,"name":"robotics","display_name":"Robotics","slug":"robotics"},{"id":30,"name":"search","display_name":"Search","slug":"search"},{"id":43,"name":"self-hosted","display_name":"Self-hosted","slug":"self-hosted"},{"id":50,"name":"static-analysis","display_name":"Static analysis","slug":"static-analysis"},{"id":18,"name":"synthetic-data","display_name":"Synthetic data","slug":"synthetic-data"},{"id":19,"name":"text-to-speech","display_name":"Text to speech","slug":"text-to-speech"},{"id":53,"name":"ui-components","display_name":"UI components","slug":"ui-components"},{"id":15,"name":"vector-database","display_name":"Vector database","slug":"vector-database"},{"id":21,"name":"video-editing","display_name":"Video editing","slug":"video-editing"},{"id":25,"name":"web-scraping","display_name":"Web scraping","slug":"web-scraping"},{"id":55,"name":"webassembly","display_name":"WebAssembly","slug":"webassembly"},{"id":23,"name":"workflow-automation","display_name":"Workflow automation","slug":"workflow-automation"}]" returns me the "expected json"