playbooks

home / skills / prowler-cloud / prowler / prowler

prowler skill

/skills/prowler

This skill helps you navigate Prowler development quickly by answering project overview, component structure, and common workflows.

npx playbooks add skill prowler-cloud/prowler --skill prowler

Review the files below or copy the command above to add this skill to your agents.

Files (2)
SKILL.md
1.6 KB
---
name: prowler
description: >
  Main entry point for Prowler development - quick reference for all components.
  Trigger: General Prowler development questions, project overview, component navigation (NOT PR CI gates or GitHub Actions workflows).
license: Apache-2.0
metadata:
  author: prowler-cloud
  version: "1.0"
  scope: [root]
  auto_invoke: "General Prowler development questions"
allowed-tools: Read, Edit, Write, Glob, Grep, Bash, WebFetch, WebSearch, Task
---

## Components

| Component | Stack | Location |
|-----------|-------|----------|
| SDK | Python 3.9+, Poetry | `prowler/` |
| API | Django 5.1, DRF, Celery | `api/` |
| UI | Next.js 15, React 19, Tailwind 4 | `ui/` |
| MCP | FastMCP 2.13.1 | `mcp_server/` |

## Quick Commands

```bash
# SDK
poetry install --with dev
poetry run python prowler-cli.py aws --check check_name
poetry run pytest tests/

# API
cd api && poetry run python src/backend/manage.py runserver
cd api && poetry run pytest

# UI
cd ui && pnpm run dev
cd ui && pnpm run healthcheck

# MCP
cd mcp_server && uv run prowler-mcp

# Full Stack
docker-compose up -d
```

## Providers

AWS, Azure, GCP, Kubernetes, GitHub, M365, OCI, AlibabaCloud, MongoDB Atlas, IaC

## Commit Style

`feat:`, `fix:`, `docs:`, `chore:`, `perf:`, `refactor:`, `test:`

## Related Skills

- `prowler-sdk-check` - Create security checks
- `prowler-api` - Django/DRF patterns
- `prowler-ui` - Next.js/React patterns
- `prowler-mcp` - MCP server tools
- `prowler-test` - Testing patterns

## Resources

- **Documentation**: See [references/](references/) for links to local developer guide

Overview

This skill is the primary entry point for Prowler development and provides a concise reference to the project structure, common commands, and component responsibilities. It helps developers find where to implement checks, run the API, develop the UI, or operate the MCP server. The goal is quick orientation so contributors can start work faster and navigate related sub-skills effectively.

How this skill works

The skill describes the main components (SDK, API, UI, MCP), their tech stacks, and file locations so you know where to make changes. It lists quick commands for local development, testing, and full-stack bring-up to reduce setup friction. It also maps supported providers and related developer-focused skills for deeper, task-specific guidance.

When to use it

  • Onboard new contributors to Prowler development.
  • Locate the correct component for a change (checks, API, UI, MCP).
  • Get quick local development and test commands for each component.
  • Prepare to implement or troubleshoot multi-cloud security checks.
  • Find related skills for focused tasks like creating checks or UI patterns.

Best practices

  • Start from the SDK for new security checks and use the provided pytest patterns for tests.
  • Run component-specific dev servers (API: Django manage, UI: pnpm dev, MCP: uv) before full-stack testing.
  • Use the commit-style prefixes (feat:, fix:, docs:, chore:, perf:, refactor:, test:) for consistent history.
  • Leverage the references/ developer guide and related skills for deeper examples and patterns.
  • Keep provider integrations isolated to their components to avoid cross-cutting changes without tests.

Example use cases

  • Add a new AWS IAM security check: edit prowler/ SDK, add tests, run pytest.
  • Spin up the API locally to test a new DRF endpoint: cd api && poetry run python src/backend/manage.py runserver.
  • Develop UI changes with live reload: cd ui && pnpm run dev and verify components against the API.
  • Run the MCP server to test remote orchestration: cd mcp_server && uv run prowler-mcp.
  • Bring up the full stack for integration testing: docker-compose up -d and run end-to-end scenarios.

FAQ

Which directory should I edit to add a new security check?

Add checks in the SDK directory (prowler/). Implement the check, add unit tests, and run pytest tests/ locally.

How do I run the full stack locally?

Use docker-compose up -d to bring all components up. For component-only work, run the provided local start commands in each subdirectory (api, ui, mcp_server).