Prowler is an open-source cloud security scanner that runs thru hundreds of checks across AWS, Azure, GCP, Kubernetes, and more for FREE! There are a lot of cloud security tools out there today but many are no longer open-source or free. While I think it makes sense that cutting-edge security engineering be given disproportionate value in the market I don’t think access to security compliance should be a luxury good.
Demo Video#
Why I contributed to (and will continue to contribute to) Prowler#
Great long-term community project.
What problems you saw in the multi-cloud security space#
All the security compliance tools are super expensive and there isn’t much competition or options. Need I say more?
My Contributions#
I created the FedRAMP 20x Low and Moderate checks. These aren’t really meant to be a total solution. Although, with a little more work they could be. My intention was that these checks would allow organizations big or small (especially small) to give themselves a sort of gap assessment. From there, they could work on adressing the key security issues they needed or come to the conclusion that, “hey, we’re looking pretty good. let’s see if we can build a continuous compliance layer on top of this.”
