prowler, prowler-{aws,azure,gcp,kubernetes,m365,github}: add pages (#16870)

Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com>
2025-08-04 07:15:32 +02:00 · 2025-06-19 19:37:06 +02:00 · 2025-06-19 19:37:06 +02:00 · bedef71116
commit bedef71116
parent 006a087709
7 changed files with 211 additions and 0 deletions
--- a/pages/common/prowler-aws.md
+++ b/pages/common/prowler-aws.md
@ -0,0 +1,25 @@
+# prowler aws
+
+> Assess AWS security best practices, perform audits, compliance checks, and generate reports.
+> See also: `prowler`, `prowler-azure`, `prowler-gcp`, `prowler-kubernetes`, `prowler-m365`, `prowler-github`.
+> More information: <https://docs.prowler.com/projects/prowler-open-source/en/latest/>.
+
+- Run the default set of checks on the AWS account:
+
+`prowler aws`
+
+- Use a custom AWS profile and filter audited regions:
+
+`prowler aws {{[-p|--profile]}} {{custom-profile}} {{[-f|--filter-region]}} {{us-east-1 eu-south-2 ...}}`
+
+- Run checks for selected AWS services:
+
+`prowler aws {{[-s|--services]}} {{s3 ec2 ...}}`
+
+- Run a specific AWS check:
+
+`prowler aws {{[-c|--checks]}} {{s3_bucket_public_access}}`
+
+- Exclude specific checks or services:
+
+`prowler aws {{[-e|--excluded-checks]}} {{s3_bucket_public_access}} --exclude-services {{s3 ec2 ...}}`
--- a/pages/common/prowler-azure.md
+++ b/pages/common/prowler-azure.md
@ -0,0 +1,37 @@
+# prowler azure
+
+> Assess Azure security best practices, perform audits, compliance checks, and generate reports.
+> See also: `prowler`, `prowler-aws`, `prowler-gcp`, `prowler-kubernetes`, `prowler-m365`, `prowler-github`.
+> More information: <https://docs.prowler.com/projects/prowler-open-source/en/latest/>.
+
+- Run the default set of checks on the current Azure account using Azure CLI authentication:
+
+`prowler azure --az-cli-auth`
+
+- Run checks for specific Azure subscriptions:
+
+`prowler azure --az-cli-auth --subscription-ids {{subscription_id1 subscription_id2 ...}}`
+
+- Authenticate using a service principal via environment variables:
+
+`prowler azure --sp-env-auth`
+
+- Authenticate using browser login and specify a tenant ID:
+
+`prowler azure --browser-auth --tenant-id "{{XXXXXXXX}}"`
+
+- Authenticate using a managed identity (e.g. for Azure VM):
+
+`prowler azure --managed-identity-auth`
+
+- Run checks for selected Azure services:
+
+`prowler azure {{[-s|--services]}} {{defender iam ...}}`
+
+- Run a specific Azure check:
+
+`prowler azure {{[-c|--checks]}} {{storage_blob_public_access_level_is_disabled}}`
+
+- Exclude specific checks or services:
+
+`prowler azure {{[-e|--excluded-checks]}} {{storage_blob_public_access_level_is_disabled}} --exclude-services {{defender iam ...}}`
--- a/pages/common/prowler-gcp.md
+++ b/pages/common/prowler-gcp.md
@ -0,0 +1,29 @@
+# prowler gcp
+
+> Assess Google Cloud Platform (GCP) security best practices, audits, and compliance checks.
+> See also: `prowler`, `prowler-aws`, `prowler-azure`, `prowler-kubernetes`, `prowler-m365`, `prowler-github`.
+> More information: <https://docs.prowler.com/projects/prowler-open-source/en/latest/>.
+
+- Run the default set of checks on all accessible GCP projects using default user credentials:
+
+`prowler gcp`
+
+- Authenticate using a service account credentials file:
+
+`prowler gcp --credentials-file {{path/to/credentials.json}}`
+
+- Scan specific GCP projects by ID:
+
+`prowler gcp --project-ids {{project_id1 project_id2 ...}}`
+
+- Run checks for selected GCP services:
+
+`prowler gcp {{[-s|--services]}} {{iam compute ...}}`
+
+- Run a specific GCP check:
+
+`prowler gcp {{[-c|--checks]}} {{gcp_storage_bucket_logging_enabled}}`
+
+- Exclude specific checks or services:
+
+`prowler gcp {{[-e|--excluded-checks]}} {{gcp_storage_bucket_logging_enabled}} --exclude-services {{iam compute ...}}`
--- a/pages/common/prowler-github.md
+++ b/pages/common/prowler-github.md
@ -0,0 +1,21 @@
+# prowler github
+
+> Assess GitHub account, repository, and organization security best practices.
+> See also: `prowler`, `prowler-aws`, `prowler-azure`, `prowler-gcp`, `prowler-kubernetes`, `prowler-m365`.
+> More information: <https://docs.prowler.com/projects/prowler-open-source/en/latest/>.
+
+- Run all default GitHub security checks:
+
+`prowler github`
+
+- Authenticate using a GitHub Personal Access Token:
+
+`prowler github --personal-access-token {{pat}}`
+
+- Authenticate using a GitHub OAuth App Token:
+
+`prowler github --oauth-app-token {{oauth_token}}`
+
+- Authenticate using a GitHub App ID and private key:
+
+`prowler github --github-app-id {{app_id}} --github-app-key {{app_key}}`
--- a/pages/common/prowler-kubernetes.md
+++ b/pages/common/prowler-kubernetes.md
@ -0,0 +1,33 @@
+# prowler kubernetes
+
+> Assess Kubernetes cluster security best practices and configurations.
+> See also: `prowler`, `prowler-aws`, `prowler-azure`, `prowler-gcp`, `prowler-m365`, `prowler-github`.
+> More information: <https://docs.prowler.com/projects/prowler-open-source/en/latest/>.
+
+- Run the default checks using the default kubeconfig location:
+
+`prowler kubernetes`
+
+- Specify a custom kubeconfig file for scanning:
+
+`prowler kubernetes --kubeconfig-file {{path/to/kubeconfig}}`
+
+- Specify a specific Kubernetes context to scan:
+
+`prowler kubernetes --context {{my-context}}`
+
+- Scan specific namespaces only:
+
+`prowler kubernetes --namespaces {{default}} {{kube-system}}`
+
+- Run checks for selected Kubernetes services:
+
+`prowler kubernetes {{[-s|--services]}} {{ietcd apiserver ...}}`
+
+- Run a specific Kubernetes check:
+
+`prowler kubernetes {{[-c|--checks]}} {{etcd_encryption}}`
+
+- Exclude specific checks or services:
+
+`prowler kubernetes {{[-e|--excluded-checks]}} {{etcd_encryption}} --exclude-services {{ietcd apiserver ...}}`
--- a/pages/common/prowler-m365.md
+++ b/pages/common/prowler-m365.md
@ -0,0 +1,29 @@
+# prowler m365
+
+> Assess Microsoft 365 (M365) security configurations and best practices.
+> See also: `prowler`, `prowler-aws`, `prowler-azure`, `prowler-gcp`, `prowler-kubernetes`, `prowler-github`.
+> More information: <https://docs.prowler.com/projects/prowler-open-source/en/latest/>.
+
+- Run Prowler with combined service principal and user credentials:
+
+`prowler m365 --env-auth`
+
+- Authenticate using a service principal:
+
+`prowler m365 --sp-env-auth`
+
+- Authenticate using the Azure CLI:
+
+`prowler m365 --az-cli-auth`
+
+- Authenticate using a browser and specify the tenant ID:
+
+`prowler m365 --browser-auth --tenant-id "{{XXXXXXXX}}"`
+
+- Run a specific Microsoft 365 check:
+
+`prowler m365 {{[-c|--checks]}} {{etcd_enm365_onedrive_sharing_enabledcryption}}`
+
+- Exclude specific checks:
+
+`prowler m365 {{[-e|--excluded-checks]}} {{m365_onedrive_sharing_enabled}}`
--- a/pages/common/prowler.md
+++ b/pages/common/prowler.md
@ -0,0 +1,37 @@
+# prowler
+
+> Performs security best practices assessments, audits and compliance checks across AWS, Azure, Google Cloud, and Kubernetes.
+> See also: `prowler-aws`, `prowler-azure`, `prowler-gcp`, `prowler-kubernetes`, `prowler-m365`, `prowler-github`.
+> More information: <https://docs.prowler.com/projects/prowler-open-source/en/latest/>.
+
+- Run an AWS, Azure, GCP, Kubernetes - as provider - audit with default checks:
+
+`prowler {{provider}}`
+
+- Show all available checks for a specific provider:
+
+`prowler {{provider}} {{[-l|--list-checks]}}`
+
+- Show all available services for a specific provider:
+
+`prowler {{provider}} --list-services`
+
+- Generate output in multiple formats, including JSON-ASFF for AWS Security Hub:
+
+`prowler {{provider}} --output-modes {{csv,json-asff,html,...}}`
+
+- Execute in verbose mode:
+
+`prowler {{provider}} --verbose`
+
+- Filter findings by status:
+
+`prowler {{provider}} --status {{PASS,FAIL,MANUAL}}`
+
+- Display help:
+
+`prowler --help`
+
+- Display version:
+
+`prowler {{[-v|--version]}}`