// the find
prowler-cloud/prowler
Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
Prowler is a multi-cloud security posture management tool that runs automated compliance checks against AWS, Azure, GCP, Kubernetes, and a dozen other providers. You get a CLI for quick scans, a Django/Celery API backend, a Next.js dashboard, and a Neo4j-backed attack path graph. It's aimed at security engineers who need to audit cloud configurations against CIS benchmarks, PCI-DSS, SOC2, and similar frameworks without building the check logic themselves.
600+ AWS checks across 84 services is genuinely impressive coverage — not just the obvious IAM and S3 stuff but services most tools miss. The check architecture is clean: each check is its own Python class with metadata, making it easy to add a new one without touching the core scanner. The Django API with row-level security and multi-tenancy is well thought out — migration 0001 through 0095 tells a story of an API that has been beaten on in production. The GitHub Action integration is first-class: SARIF output means findings show up inline as PR annotations, which is where security feedback actually gets acted on.
The self-hosted app stack is heavy — Postgres, Valkey, Celery workers, a Celery beat scheduler, a Django API, a Next.js frontend, and Neo4j for attack paths. That's five moving pieces before you run a single scan, which is a lot to maintain if you're a team of five. The non-AWS providers (Azure at 167 checks, GCP at 102) have a fraction of the AWS coverage, so if you're primarily Azure or GCP shop you'll find meaningful gaps. The 'AI speed' and Lighthouse AI assistant marketing is doing a lot of work to describe what appears to be an LLM wrapper over findings that varies by which backend you configure — the value isn't clear from the code. Python >=3.10, <3.13 is a narrow window that will bite you if your org has already pinned 3.13 anywhere.